We had the comment "Hey Ken? Colburn! We're watching you ;) -LulzSec" placed on our YouTube channel after we posted one of the interviews we did this morning with a local FOX news affiliate about the DPS LulzSec breach.
The username appeared to be 'lulzsec' but we later realized that the first and third characters were actually upper case i's instead of l's, which lead us to be suspicious (we asked about this during the interview, below).
Note: We can't guarantee that the individual that answered our questions is actually a member of this high profile group, but the writing style and position was consistent with what we have seen posted on the lulzsecurity website, Pastebin and other resources on the Internet
Update: The interviewee posted to Pastebin -
Update 2: @LulzSec has posted on Twitter - saying the interview is NOT them...
Update 3: Our interviewee continues to insist that they are a splinter faction of LulzSec, but we agree with most of you that have pointed out that until the YouTube channel is a link on the LulzSecurity website, we should assume it's bogus.
Here is the transcript (you decide for yourself):
Data Doctors interview of LulzSec via YouTube messaging 6/24/11
IuIzsec Hello Yes, you may interview us via messaging here.
DataDoctors First question: How do we know that this is really a LulzSec account and not a wanna be fan?
IuIzsec We do not represent the twitter voice of LulzSec. We are the original founders. The one that owns the twitter account is much more malicious than what we do. If you want to ask him as well, you may, just know that answers will be different each time. Many users own the twitter part. The same goes for this youtube channel.
DataDoctors The average user fears what you are doing and what they believe your intent is...should they?
IuIzsec They should not fear our intent and political agenda. We are not going to cause any physical harm to anyone. If you fear for lose of your data read on security tips. Make sure to use proficient antivirus/firewall for protection. Change password often. Do not use the same password over. Use a combination of key symbols, numbers, and letters greater than 8 characters(the longer, the better). For recovery questions; make them similar to passwords. Where only YOU know the answers (a common mistake is making them questions that can be easily guessed).
DataDoctors So can you elaborate on your intent and political agenda? What to you hope to accomplish?
IuIzsec Our political agenda is to unveil the hidden truths in government. We also want this to be entertaining to the general public, so we add some satirical humor to spice things up.
Our core intent is to hit home with everyone who believes in freedom as much as we do. And so far it has. Many more members work for us now all nonprofit. What we hope to accomplish is simple... We have been working with WikiLeaks since 2007 closely. Their philosophy about information freedom is liken to us. We have no fear of taking malicious methods to have information released to the public.
DataDoctors So that I understand your earlier comment about the Twitter account, is that person part of your organization? When you say more malicious, was the DPS breach/doc leaks a solitary effort or was everyone involved?
IuIzsec Yes, loosely connected, hacking mainly with DDoS. DPS was not only us, but Anonymous helped as well.
DataDoctors You've publicly stated that you plan on releasing more sensitive information on the DPS; is there anything they can do to get you to stop?
IuIzsec There is nothing they can do to stop us. The only people that can make change are the citizen voters.
DataDoctors I have been doing my best to explain to the media what has transpired based on what I've seen and I'm sure you guys are chuckling, but would you say what has currently been published is typical of what is to come or benign compared to what is yet to be leaked?
IuIzsec Your statements are true, but our methods are more intricate. If it makes people feel safe that we're called amateurs by Fox News, so be it.
DataDoctors Have I put myself in a position to be a target as a result of my discussions about and with you?
IuIzsec You are not a target and have nothing to fear. No one is seeking any info on you from Anonymous or Lulz Security.
DataDoctors If not, in the spirit of Lulz, can I give you a list of my competitors websites? ;D
IuIzsec You sure can. We can't promise anything though ;)
DataDoctors Sony claims that only 37,500 accounts were accessed during their breach; are they lying?
IuIzsec They are lying. We have compromised over 1,000,000. Lies make companies look better and allow other corrupt activities to occur.
DataDoctors Team Poison has publically referred to your org as 'script kiddies' and vowed to expose you; your response?
IuIzsec It's a simple attack to call someone a skiddie in the hacker world. We're not offended and gladly invite you to "expose us". By the way, when you boys get accepted into college, give us a ping ;)
DataDoctors From the layperson's perspective, DPS is simply enforcing the law that is on the books, so why aren't you going after the people that created the law instead of the people that are required to enforce it?
IuIzsec It's a way to get more attention. We have gone after the US Senate, but the data we took had no value to them.
DataDoctors Do you feel bad about the potential harm that might come to an officer or his family as a result of the personal information you guys published to the world?
IuIzsec We believe that anyone who has will power can discover what they want. We believe no harm will come to any officers with the data we have released. Only a lesson to be learned in basic computer security.
DataDoctors Would you ever consider doing some form of audio interview?
PS: Some people conspire we are an organization working for the government to create more laws. We think that's laughable, but on a serious note, we ultimately think it will raise awareness to politicians and the voters. Be it negative or positive, we're raising awareness.
DataDoctors OK, one final question:
This morning, I was making the assumption based on what I had to work with that this event occurred because of a random collection of compromised data that turned out to be from a DPS agent.
Did you guys, in fact, target the DPS or did you decide to target them because you serendipitously compromised a DPS system?
My reasoning is that the SB1070 issue has been around for a while and the timing for making this an issue seems to be more related to the acquisition of data that could be exploited as opposed to this being high on the groups agenda...
Am I way off? If so, with all the injustices in this country, why is this one in particular important now?
IuIzsec We targeted the DPS.
One isn't particularly important than the other. They were just an easy target and we also disagreed with SB1070.
Please deliver the message to the masses with precision and honesty.