July 2, 2011 11:25 AM EDT | by James Lee Phillips
LulzSec’s final release was a blockbuster even by the prolific hacking group’s standards — but the AT&T materials were not simply hacked, they were leaked, according to multiple sources.
While LulzSec’s modus operandi has been almost exclusively to operate from the outside in — and nearly always using the same SQL injection hack that most servers should have been protected against since, say, 2005 — the cornucopia of AT&T documents (including a trojan that purportedly came directly from the company itself — “This malware came from AT&T and LulzSec never actually looked at it,” tweeted Anonymous) came from an ‘insider’.
Since both Anonymous and LulzSec have demonstrated a strong appreciation for and willingness to support whistle blowing organizations such as WikiLeaks, the release of information from someone from within a company is by no means unusual.
The AT&T part of the final LulzSec release contained tantalizing hints of the company’s expansion into the LTE (long term evolution) realm, including 4G iPhone and iPad releases for early fall 2011. While this material is far from definitive, it dovetails nicely with the September rumored release date of the iPhone 5, although much of the existing iPad 3 information points at next spring.
While the connection is still debated between LulzSec and hacker Ryan Cleary, recently arrested in the UK for Anonymous-related activities, Cleary’s statements to The Tech Herald a few months ago, such as “…an employee of AT&T gave us loads…including a bootable USB” which was apparently confirmed by members of both groups.
“In all, an AT&T insider walked off with nearly 200MB of information contained in more than 300 files,” Tech Herald writes. “The AT&T leak is a clear example of how, even if solid external protections are in place, information can still find a way to leave an organization.”