LulzSec released one final package of hacked data before quitting, including internal documents from AOL and AT&T. The data showed LulzSec may have also hacked the U.S. Navy, the NATO online bookshop and the FBI’s Web site.
The last attack was just the icing on the cake for LulzSec, whose 50-day hacking spree included attacks on the CIA, the U.S. Senate and PBS. A timeline of LulzSec’s hacks is below:
Early May: LulzSec arrives on Twitter and claims its first series of attacks, leaking what it says is a database of contestants on the show “X Factor.”
May 30: LulzSec breaks into the Web site of PBS and posts a fake story saying rappers Tupac Shakur and Biggie Smalls are alive (both are dead). The hack is seen as a response to a PBS documentary critical of WikiLeaks founder Julian Assange.
June 2: The hackers attack Sony Pictures Entertainment, posting the usernames, passwords, e-mail addresses and phone numbers of tens of thousands of people. Sony enlists help from the FBI.
June 3: Unperturbed by the FBI’s involvement, LulzSec steals 180 passwords from the Atlanta chapter of an FBI partner organization called InfraGard. LulzSec says the attack is in response to reports that the Pentagon may classify some cyberattacks as tools of war. The hackers also say they have used one of the passwords to steal nearly 1,000 e-mails from Unveillance LLC, an Internet surveillance company in Delaware, including an e-mailed report about how Libya's oil industry could be compromised by computer viruses.
June 7: LulzSec says it has hit Sony again, this time on the company’s developer network and music entertainment division.
June 10: LulzSec leaks what it says is a database of e-mail addresses and passwords of pornography Web site users, including some belonging to U.S. Army members.
June 13: LulzSec says its has stolen information from 200,000 video game users, but doesn’t release much of it because it says it likes the company. The hackers also attack the U.S. Senate Web site by accessing a public-facing server.
June 16: The CIA’s public Web site faces problems, and LulzSec claims responsibility. The hackers also release a “grab bag” of e-mail addresses and passwords.
June 17: LulzSec insists they are not attacking Anonymous, another hacker group.
June 20: InfraGard is attacked again, with several hundred accounts compromised at a Connecticut branch of the company. The U.K.’s Serious Organized Crime Agency Web site is also brought down and the group claims responsibility. Game company Sega is hit with a cyber attack that breaches 1.3 million users’ personal information.
June 21: A 19-year-old British man is arrested and later charged with attacking the Serious Organized Crime Agency. LulzSec says his involvement with the group was only tangential.
June 24: LulzSec claims credit for an attack on the Arizona Department of Public Safety, posting internal documents, manuals, e-mail correspondence, names, phone numbers, addresses and passwords taken from the department. The group said it released the documents because it opposes Arizona’s immigration enforcement law.
June 25: LulzSec announces it is quitting its attacks and releases one final package of hacked data, including internal documents from AOL and AT&T.