A screenshot of LulzSec website homepage
A screenshot of LulzSec website homepage Lulzsecurity.com

Since the arrest and court appearance of alleged LulzSec hacker Ryan Cleary, despite its claims that he is not a member, LulzSec's Operation Anti-Security hacking rampage has slowed down, with the collective taking on a more aggressive, ominous tone, promising to unveil the results of its first assault this Friday.

Operation Anti-Security

Operation Anti-Security is the codename of a new cyber attack campaign hosted by the hacking collectives LulzSec and Anonymous.

The new joint operation was revealed in a statement released over the weekend. The statement outlined the two collectives plan to enact a new focused barrage of attacks against the world's governments and banks:

"We encourage you to spread the word of AntiSec far and wide, for it will be remembered. To increase efforts, we are now teaming up with the Anonymous collective and all affiliated battleships."

As was the case with Anonymous' attacks in Turkey, the new campaign will apparently be a form of protest against certain governments internet censorship and moderation policies:

"As we're aware, the government and whitehat security terrorists across the world continue to dominate and control our Internet ocean. Sitting pretty on cargo bays full of corrupt booty, they think it's acceptable to condition and enslave all vessels in sight.

"Our Lulz Lizard battle fleet is now declaring immediate and unremitting war on the freedom-snatching moderators of 2011."

The first attacks enacted in the name of Operation Anti-Security saw LulzSec target the U.K.'s Serious Organised Crimes Agency and two Brazilian Government owned websites.

The message claiming responsibility for the attack on SOCA was the first to appear on the group's Twitter feed, reading, "Tango down - http://t.co/JhcjgO9 - in the name of #AntiSec".

After targeting the U.K. the hacker collective LulzSec went on to claim responsibility for successful cyber attacks against two of the Brazilian Government's websites.

The first tweet appeared on the separate LulzSecBrazil Twitter page and was subsequently retweeted by the main LulzSec feed. The tweet read, "TANGO DOWN http://t.co/HYGPWfv & http://t.co/ptzPCJw LulzSecBrazil".

The tweet was quickly followed by, "Our Brazilian unit is making progress. Well done @LulzSecBrazil, brothers!"

The attacks both used distributed denial of service techniques. These DDoS attacks see hackers bring websites and systems down by overloading them with requests.

LulzSec commented its use of the technique, "DDoS is of course our least powerful and most abundant ammunition. Government hacking is taking place right now behind the scenes. #AntiSec," tweeted LulzSec.

Cleary arrest

Just as LulzSec was celebrating its first three Operation Anti-Security cyber attacks fruition, the U.K.'s Metropolitan Police reported that it had arrested 19-year-old Ryan Cleary. The media immediately speculated that Cleary was a member of the Lulz chasing hacking group.

Cleary was arrested earlier this month in a joint operation between the U.K.'s Metropolitan and Essex Police force and the U.S.'s FBI.

Police raided 19-year-old Cleary's home in Wickford, Essex arresting him and taking his computers for examination.

"Searches at a residential address in Wickford, Essex, following the arrest last night have led to the examination of a significant amount of material. These forensic examinations remain ongoing", commented a Metropolitan Police representative at the time.

The police revealed that Cleary was being charged and would face trial yesterday evening via Twitter. "Ryan Cleary, 19, has been charged with offences contrary to the Computer Misuse Act. He appears at City of Westminster MC on 23/6", read the Met's tweet.

It was yesterday revealed that police had charged Cleary for alleged involvement in web assaults against the Serious Organised Crime Agency, British Phonographic Industry and the International Federation of the Phonographic Industry.

Since news of Cleary's arrest were first revealed hacker collective LulzSec has constantly maintained that he is in not a member of it.

LulzSec originally issued a series of tweets on the topic on the day of Cleary's arrest:

"Clearly the UK police are so desperate to catch us that they've gone and arrested someone who is, at best, mildly associated with us. Lame."

Followed by, "Oh well - less tweet spam now. Best watch out, they can't get us, so they're going after people they think might know us. Defend yourselves."

Since then the only link LulzSec has admitted Cleary as having is through a "legitimate" chatrooms hosted on one of Cleary's IRC servers.

"Ryan Cleary is not part of LulzSec; we house one of our many legitimate chatrooms on his IRC server, but that's it.

"@superbus We use Ryan's server, we also use Efnet, 2600, Rizon and AnonOps IRC servers. That doesn't mean they're all part of our group."

The group has since posted links to other chatrooms it uses on its Twitter feed, inviting random people to come and chat. Many have taken this to be a form of protest designed to show that simply talking to its members does not constitute a crime or membership of the group.

The two tweets read, "The user "innocentz" in our IRC chat on AnonOps is getting mad. Everyone please give him a hug or something: http://t.co/1XLL1Jj #AntiSec

"Join the IRC chat: http://t.co/1XLL1Jj - if it doesn't work, it's because this tweet just broke it. Blame the REST of the Internet."

In addition to posting links to its chatrooms, since the police revealed that Cleary had been charged and would face trial for his alleged involvement in several cyber attacks and hacks, LulzSec also issued a fresh barrage of tweets maintaining Cleary's is not a member of LulzSec:

"Ryan Cleary charged with botnet-related crimes unrelated to LulzSec: http://t.co/SfKCHiP "November 2010", etc.

"Interesting - they charge him with the SOCA attack, maybe he hit SOCA after we did? It was suspiciously down again after we let it up."

Why LulzSec's silence is troubling

The fact is, that since the new of Cleary's arrest broke, LulzSec has changed its behaviour.

Where before LulzSec's Twitter feed update with an almost frenzied consistency it has now slowed down to a crawl. Additionally, the group's tone has become slightly more serious and far more aggressive.

The group even went so far as to publish the details of two "snitch" hackers asking that the FBI arrest them.

Tweets regarding the media's coverage of Cleary's arrest have also seethed with anger. One particular article from the Sun seemed to really hit home, with LulzSec responding via Twitter:

"The Sun is the shittest UK publication in existence: http://t.co/D0FliTm How many times can you use "geek" and "nerd" in one article?

"If you don't kick, hit or throw some kind of sports-related object at least thirty-five times a week, you are a filthy recluse to The Sun."

Additionally, the group has not revealed any subsequent attacks since those on the Brazilian websites.

The group has instead ominously promised to have the data taken from its "first phase" of Operation Anti-Security hacks released this Friday. Tweeting, "Got some nice things for Friday. Hopefully Payload #1 of many to come!"

LulzSec's slow-down in activity and altered behaviour may present a truly troubling change in the group's M.O. with it becoming more focused in its task.

If true, then tomorrow's unveiling by LulzSec could indeed be its biggest to date.

UPDATE: LulzSec has claimed responsibility for attacks against Arizona law enforcement.

Twitter FBI