Leaked LulzSec Chat Logs Put Personalities to Hacking Group

There's a parent figure, a clever spokesman, and plenty of internal strife

This article is from the archive of our partner .

The hacking group Lulz Security scored one of its bigger coups yesterday when it released 446.6 MB of Arizona law enforcement bulletins, passwords, training manuals, and other private information in a data dump it called "Chinga la Migra." According to its prolific Twitter feed, it's preparing another dump for Monday. But as the group works feverishly to find and release internal data from the governments, corporations, and other online entities it targets, others are scouring for private information from the group itself. Today, The Guardian published internal chat logs that show a small group of hackers egging each other on and gleefully tracking their own coverage in the news media.

LulzSec is not, despite its braggadocio, a large – or even coherent – organisation. The logs reveal how one hacker known as "Sabu", believed to be a 30-year-old security consultant, effectively controls the group of between six and eight people, keeping the others in line and warning them not to discuss what they have done with others; another, "Kayla", provides a large botnet – networks of infected computers controlled remotely – to bring down targeted websites with distributed denial of service (DDoS) attacks; while a third, "Topiary", manages the public image, including the LulzSec Twitter feed.

The logs were apparently leaked by m_nerva, who The Guardian describes as "a former affiliate" of the group. On Tuesday, LulzSec threatened m_nerva in a tweet that read, "Remember this tweet, m_nerva, for I know you'll read it: your cold jail cell will be haunted with our endless laughter. Game over, child."

While the logs don't appear to divulge too many damaging, internal secrets, they do reveal personalities at work within the outwardly jokey group. The Guardian has some good synthesis of a couple of the main characters. There's the leader, Sabu, who it describes as a "parental" figure.

Despite directing the LulzSec operation, Sabu does not appear to engage in the group's public activity, and warns others to be careful who and how they talk outside their private chatroom. "The people on [popular hacker site] 2600 are not your friends," Sabu warns them on 2 June. "95% are there to social engineer [trick] you, to analyse how you talk. I am just reminding you. Don't go off and befriend any of them."

But the difficulty of keeping their exploits and identities secret proves difficult: Kayla is accused of giving some stolen Amazon voucher codes to someone outside the group, which could lead back to one of their hacks. "If he's talking publicly, Kayla will talk to him," Sabu comments, bluntly.

But while LulzSec has a jovial exterior, and proclaims that its purpose to hack "for the lulz" (internet slang for laughs and giggles), Sabu is unremittingly serious. Domineering and at times almost parental, he frequently reminds the other hackers of the dangers of being tracked by the authorities, who the logs reveal are often hot on their heels.


During one exchange, a hacker named Neuron starts an IAmA (Q and A) session for LulzSec on the website Reddit for "funzies" and to engage with the public. This immediately raises the ire of Sabu, who puts an angry and abrupt halt to it.

"You guys started an IAmA on reddit?" Sabu asks in disbelief. "I will go to your homes and kill you. If you really started an IAmA bro, you really don't understand what we are about here. I thought all this stuff was common knowledge ... no more public apperances [sic] without us organizing it."

He adds: "If you are not familiar with these hostile environments, don't partake in it."

We also meet Topiary, effectively the group's spokesman, who has also spoken publicly about Anonymous.

Topiary, who manages the public image of LulzSec – which centres around its popular Twitter feed, with almost 260,000 followers – also acted previously as a spokesman for Anonymous, once going head-to-head in a live video with Shirly Phelps-Roper of the controversial Westboro Baptist Church, during which he hacked into the church's website mid-interview.

His creative use of language and sharp sense of humour earns praise from his fellow hackers in the chat logs, who tell him he should "write a fucking book". On one occasion, after a successful DDoS attack brings down a targeted web server, Topiary responds in characteristic fashion to the hacker responsible, Storm: "You're like our resident sniper sitting in the crow's nest with a goddamn deck-shattering electricity blast," he writes. "Enemy ships being riddled with holes."

As the group continues its AntiSec campaign, which apparently unnerves some of its members such leaked logs may prove to be a problem for its security. The group's small size will surely help it keep members in line with secrecy, but just one pair of loose lips can sink a ship. Even a lulz ship.

This article is from the archive of our partner The Wire.