In a posting, he notes that LulzSec seems to be a spin-off of a group of hackers from the Anonymous group, adding that, after hacking HBgary and Gawker under the Anonymous group umbrella, "they then decided to create their own gig."
"Why? Probably to be independent", he says in his latest security blog.
Rachwald goes on to say that the supporting evidence for is that the same nicknames are used on both Anonymous hacking related discussions (in early 2011) and LulzSec (in mid-2011).
LulzSec leaders, he notes, communicate mainly via private IRC channels – and publish via Twitter and Pastebin – using web application vulnerabilities such as the one used in an SQL injection attack against PBS and one of the Sony hacks.
"They also use automated tools to harvest databases [such as] Havij, as we can see from the leaked PBS hack screenshots", he says.
The main members of LulzSec, adds Rachwald, include:
- Sabu – the HBgary hacker and who seems to be the leader
- Nakomis – a coder, rumored to be one of PHPBB coders.
- Topiary – finance, handles donations and payment for services such as botnets
- Tflow – hacker (rumored)
- Kayla – hacker who owns a big botnet
- Joepie91 – website admin
Interestingly, Rachwald concludes his blog by saying that, "from the discussions [he has seen] it seems they would be exposed and probably arrested very soon", as many "real world" details on their identities are revealed.