Despite leaked logs, LulzSec remains elusive

An arrest and leaked internal conversations from the hacking collective only go so far in answering that question

Published June 24, 2011 5:47PM (EDT)

The LulzSec symbol, used on their extensively followed Twitter feed
The LulzSec symbol, used on their extensively followed Twitter feed

Merry pranksters, online insurrectionists, juvenile troublemakers -- the LulzSec hacking collective behind recent attacks on the Senate and CIA websites, the U.K. Census database and (as of Friday) Arizona police computers have proven a difficult group to characterize. Even the arrest of an alleged LulzSec hacker, British 19-year-old Ryan Cleary, this week did little to shed light on the nature or make up of the group.

On Friday, however, the Guardian published logs from one of the collective's private chatrooms, providing "unique, fly-on-the-wall insight into a team of audacious young hackers whose inner workings have until now remained opaque."

Who are they?: The logs suggest LulzSec is a loosely connected group of around six to eight hackers, with numerous more or less involved hacking associates. The logs reveal no real names, but offer insight into some personalities and roles played within the group. Although hacking communities often employ non-hierarchical models in the mold of anarchist collectives, the Guardian suggests LulzSec may have a leader of sorts:

One hacker known as "Sabu," believed to be a 30-year-old security consultant, effectively controls the group of between six and eight people, keeping the others in line and warning them not to discuss what they have done with others.

However, Sabu's leadership role may not indicate control: If the majority of the group are around ten years younger, Sabu may just be passing on guidance about staying secure, which can be read as the "striking authority" seen by the Guardian in the logs.

On Friday, a rival hacktivist known as The Jester sent out a tweet, linking to a webpage allegedly revealing other names Sabu may use. Meanwhile, another rival group -- Team Poison -- has promised to reveal more LulzSec identities (as the International Business Times noted).

Other LulzSec personalities which emerge in the logs include that of Kayla, a hacker who provides the group with remote access to a network of infected computers through which they carry out hacks. A third, Topiary, manages the public image, including their Twitter feed (followed by almost 270,000), the Guardian notes.

The leaked logs also reveal that a number of LulzSec members have found their targets too extreme and have stepped away: Members going by "Recursion" and "Devrandom" have said they were "not up for the heat" following the hacking of two FBI-affiliated sites. With this in mind, it makes little sense to try to characterize the group as either 'just pranksters' or serious activists. At best, the loose collective shares aims to challenge authority, governments and corporations, but the extent of this seems to vary from member to member.

The chatroom logs, reports the Guardian, were leaked by a LulzSec member who goes by "m-nerva," whom the collective has since threatened on Twitter.

Anonymous connection: Commentators have speculated on the connection between LulzSec and hacktivist group Anonymous. As the Guardian reports, "The conversations [in the chatroom logs] confirm that LulzSec has links with – but is distinct from – the notorious hacker group Anonymous" and that "Topiary" appears to have "acted previously as a spokesman for Anonymous, once going head-to-head in a live video with Shirley Phelps-Roper of the controversial Westboro Baptist Church, during which he hacked into the church's website mid-interview."

However, it makes little sense -- considering the non-centralized way the hacktivist community appears to work -- to seek precise answers about how these collectives interact or are constituted, much like it made little sense to ask who exactly belonged to the Earth Liberation Front or the Animal Liberation front in the 1990s, since A.L.F. and E.L.F. were loose, umbrella collectives, in the name of which actions were carried out, often by unconnected parties.

Today's hacktivist groups might be somewhat more contained, but it seems like no precise answer to "who is LulzSec?" is available, even if the authorities are able to pin down numerous involved individuals. Indeed, in the chatroom, the hackers mention that the recently arrested Clearly is "at best, mildly associated" with the collective. As has happened with activist groups targeted in the past, the authorities may have just picked on low-hanging fruit with the British teenager. The core LulzSec hackers remain elusive. 

By Natasha Lennard

Natasha Lennard is an assistant news editor at Salon, covering non-electoral politics, general news and rabble-rousing. Follow her on Twitter @natashalennard, email

MORE FROM Natasha Lennard

Related Topics ------------------------------------------

Hacking Internet Culture Wikileaks