By Jim Finkle and Marius Bosch
BOSTON/JOHANNESBURG (Reuters) - The LulzSec group of rogue hackers are threatening to steal classified information from governments, banks and other high-ranking establishments, in what would be an escalation of their cyber attacks.
So far LulzSec's publicized assaults on Sony Corp, the CIA, News Corp's Fox TV and other targets have mostly resulted in temporary disruptions of some websites and the release of user credentials.
But now, LulzSec says it is teaming up with the Anonymous hacker activist group to cause more serious trouble.
"Government hacking is taking place right now, behind the scenes," LulzSec said on Monday in a message posted on Twitter, the microblogging site where the group has cultivated more than 210,000 followers.
LulzSec had said last Friday that it hacks to have fun and to warn people that personal information is not safe in the hands of Internet companies. But two days later, Lulz said its top priority was to leak "classified government information, including email spools and documentation."
Cyber police have had trouble capturing the members of LulzSec, whose hacks started to hit headlines last month. For example, it published the email addresses and passwords of thousands of alleged subscribers to porn sites, it temporarily took down the public website of the CIA, and it published data from internal servers of the U.S. Senate.
Security experts who have researched LulzSec's origins say it emerged from Anonymous, which became famous for attacking the companies and institutions that oppose WikiLeaks and its founder, Julian Assange. Anonymous also attacked Sony and governments around the globe that it considered oppressive.
LulzSec's members are believed to be scattered around the world, collaborating via secret Internet chat rooms. Suspected leaders include hackers with the handles Kayla, Sabu and Topiary, security experts say.
Bruce Schneier, a security technologist who studies cyber attacks, said he believes LulzSec members are not hardened criminals but are "a bunch of guys who met in a chat room, plus everyone else who thinks it would be cool to take on that name."
"They're not going to do any damage. They're just out having fun...they'll probably never be tracked down," he said.
The group's name is a combination of lulz, which is slang for laughs, and sec, which stands for security.
"You find it funny to watch havoc unfold, and we find it funny to cause it," LulzSec said in a statement posted on its website, http://www.lulzsecurity.com, last Friday to mark its 1,000th Tweet. "We release personal data so that equally evil people can entertain us with what they do with it."
JUST FOR LAUGHS?
LulzSec's new campaign to steal sensitive government data may signal that it is getting more ambitious.
But so far, LulzSec has not implied that it was looking to profit financially from hacks, nor has it acted as guns for hire that are willing to break into any network for a price.
In fact LulzSec turned down a potential reward from a security firm, Berg & Berg, that had offered $10,000 to anyone who could change a picture on its website. LulzSec did it, and left a message to say the task was easy. "Keep your money, we do it for the lulz."
The group's unpredictable nature can make for interesting drama. It openly discusses who it should attack, welcomes debates with its Twitter followers, and set up phone hotlines in Europe and the U.S. for people to call in with suggestions.
Last week, LulzSec bragged that it had shut down the websites of some video game companies, broken into the servers of others, and had stolen the personal data of about 200,000 players of the online video game Brink.
But when the group learned that other hackers had stolen data from Japanese video game developer Sega Corp, it offered to punish them in a message that suggested LulzSec leaders might be among the loyal fans of Sega's Dreamcast console, which was discontinued a decade ago.
"Sega - contact us," LulzSec said in its Tweet. "We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down.
FROM GERMANY TO THE BAHAMAS
LulzSec has published reams of stolen data on its website, which is registered in the Bahamas, according to public records.
For a while, it conducted planning sessions using a secret chatroom known as a "Pirate Pad" that ran on a hacked server belonging to the German Pirate Party, according to a security investigator.
(Pirate pad refers to collaboration tools that are freely available from a German website, Piratenpad.de. It is designed to foster collaboration between workers in different locations. Users of the service can maintain anonymity if they choose.)
Authorities found that secret chatroom and shut it down last month by confiscating the server, said the investigator who did not want to be identified as he was still trying to infiltrate the group by posing as a hacker.
Meanwhile, opponents of LulzSec released information last weekend that was allegedly taken from the group's computer system -- an embarrassing development given that LulzSec has said organizations with weak security deserve to be hacked.
A hacker group called Team Web Ninjas started a blog to expose LulzSec. It released what it said were logs of conversations from a private LulzSec chatroom and provided names of alleged leaders.
LulzSec's Tweets are sometimes funny, often sarcastic and occasionally laced with punchy profanity. It recently claimed that some followers were able to use account data that it released on the Web to break into a Facebook account. The site has not commented on the matter.
"Watching somebody's Facebook picture turn into a penis and seeing their sister's shocked response is priceless," LulzSec said in one Friday Tweet. "This is the Internet, where we screw each other over for a jolt of satisfaction ... There are peons and lulz lizards; trolls and victims."
(Reporting by Jim Finkle and Marius Bosch, editing by Tiffany Wu, Dave Zimmerman)