Undeterred by the recent arrest of key hackers tied to Anonymous and LulzSec, members of a mischief-making ring calling themselves "LulzSec Reborn" took on some high-profile targets this week.
On Sunday they chose the MilitarySingles.com dating site, obtaining login data for 170,000 users, then followed up on Tuesday with the e-mail database of San Jose., Calif.-based IT firm CSS Corp., according to PC Magazine.
Tweeting under the name LulzSec Reborn, the group declared "And so it started" with a link to a file-sharing account with the military group's passwords. ESingles, which owns the site, denied any breach, according to tech news site CRN.
LulzSec launched a reign of cyber-attacks last summer targeting corporations and government offices, before a sweep that saw key members taken into custody and charged.
Earlier this month LulzSec, whose motto was "laughing at your security since 2011," saw five people arrested in the United Kingdom and in Chicago reportedly based on information from an informant, himself a top LulzSec hacker who had been arrested last June. He was identified as Hector Xavier Monsegur, 28, who used the aliases The Real Sabu and Xavier DeLeon, an unemployed father living in a public housing project on New York's Lower East Side.
In his Naked Security blog for the cybersecurity firm Sophos, Graham Cluley cast some doubt on whether the new hackers were actually LulzSec reborn. "Of course, on the Internet, anyone can claim to be whatever they want and so it's not particularly surprising to see that it was a group calling itself LulzSec Reborn that posted a message on PasteBin announcing the hack of MilitarySingles.com," he wrote.
But Alan Paller, director of research at the SANS Institute, a cyber security research and training organization in Bethesda, Md., said LulzSec is by all accounts far bigger than the paltry number of people who have been busted.
"The community from which Anonymous and LulzSec draw members is the Venn intersection between people with pretty good cyber skills and people who have a complaint against some institution," noted Paller. "The number in the first set is measured in millions. The number in the second set is measured in tens of millions, perhaps hundreds of millions. How big do you think the number is in the intersection?"
LulzSec claims to be doing a public service by exposing security flaws in modern systems and how easily they can be exploited.
Paller says there is a potential "wake-up" factor from the attacks at a time when more and more sensitive information is online and everyone from thieves to foreign governments are out to exploit weaknesses.
"The positive impact from an attack is the awakening of the managers; not the exposing of security flaws," he said. "The flaws are widely understood. Their importance is not."