LulzSecPeru: how two teenagers had Latin American governments on edge with their revelations

You probably know Anonymous, that group that in 2003 warned: “We are a legion, we do not forgive, we do not forget, wait for us”. Maybe you also know about LulzSec. But perhaps you have not even heard of a tremendously impressive cyberactivist group: LulzSecPeru.

“They were the only hackers effective – in fact they were incredibly effective – that I could find in Latin America,” Frank Jack, a journalist for The Associated Press specializing in cybersecurity, tells the BBC.

He is also the only reporter who communicated directly with the guys who made up LulzSecPeru, in 2014.

“When I asked them why they besieged the Argentine Ministry of Defense, the Colombian military, all those networks in which they perhaps had no political interest, they replied: we did it for him Lulz“.

Three years earlier, Wired magazine had given an explanation of what that word meant in that context:

“The lulz (a distortion of LOL, abbreviation used on-line to refer to laugh out loud or laugh out loud) is the most important and abstract thing to understand about Anonymous, and perhaps about the internet.

“The lulz he laughs instead of yelling. It is a laugh of shame and separation. Is schadenfreude. It is not the anesthetic humor that makes the days go by, it is the humor that enhances the contradictions. The lulz is a laugh with pain. It forces you to consider injustice and hypocrisy, from whatever side you’re on at the time.”

rat and desh

Getty Images
Hackers are people “with solid computer skills capable of entering unauthorized systems to manipulate them, obtain information, etc., or simply for fun” (Maria Moliner’s Dictionary).

“When I interviewed these guys, LulzSecPeru was different from mainstream hacktivist groups like Anonymous or even the original LulzSec.”

Although they were part of a local version of the group of cyber intruders LulzSec, which grouped together the so-called “black hat hackers”, based in the United States and the United Kingdom, Jack clarifies that they “had no affiliation” with them.

“Those original groups had thousands of active members around the world, working on different projects: protests against the Church of Scientology, support for the Arab Spring, and denial-of-service attacks — also called DoS (Denial). of Service), consist of attacks on a computer system or network that cause a service or resource to be inaccessible to legitimate users—against multiple targets.

“Their huge numbers meant they had a lot of experienced people at their disposal. LulzSecPeror was made up oforthe two teenagers“.

They identified themselves as @Cyber-Rat, who was 17 years old at the time, and @Desh501, who claimed to be between 19 and 23 years old and to be a university student. They were self-taught programmers who started at the age of 8 and 6, respectively.

"LulzSecPeru contributing its grain of sand to Anonymous Colombia"

“LulzSecPeru contributing its grain of sand to Anonymous Colombia” in 2012. They also infiltrated government networks in Argentina, Peru, Chile and Venezuela.

According to Rat, his parents had no idea what he was doing.

Dash, for his part, said his parents knew he was involved in information security and suspected he might be a hackerand believed that sooner or later they would probably find out.

“Rat was more vain and was in charge of the intrusive work on social networks, cultivating relationships with other cyberactivists and publicizing the achievements of LulzSecPeru

“Desh was more serious and discreet, and he was the real genius when it came to technology.”

Presentation image of LulzSecPeru on Twitter.

Presentation image of LulzSecPeru on Twitter.

“At that time, and even now, there was entrenched corruption in various South American nations: bribes from construction and energy projects, skimmed from the public treasury, and much related to drug trafficking.”

The kind of hack they did was quintessential cyberactivism, disruptive, irreverent, and with a hint of mischief.

“They started with hundreds of defacements, where they breached the security of a website and replaced the content with the LulzSec logo, this caricature of a guy with a Dali-esque mustache and top hat, with a glass of wine in his mouth. hand.

“That was just a kind of cover letter, but what caught my attention the most was when I know they took thes bills of Twitter of Venezuelan President Nicolás Maduro in 2013“.

A) Yes it was how did they get on stage“.

Photos of the profile of the twitter accounts when they were taken

In the middle of voting day to elect Hugo Chávez’s successor, LulzSecPeru took over the Twitter account of Nicolás Maduro and the United Socialist Party of Venezuela (PSUV), led by him.

Furry Peletic Ethics

While many of his activities were just for the lulzthere was a serious side, the cyberactivist ethic, born from a creed shared by many hackers.

Their philosophy was that anyone who tried to stifle free speech was the enemy, and therefore their goal as hackers was to expose abuses of power and encourage transparency by governments.

However, let’s be clear, these were two teenagers, not some white doves.

In the early days, before fine-tuning their political ideology, they engaged in unethical activities.

Hand, keys and binary code in the foreground

Getty Images

In 2012 they broke into the network of the company that manages the main domain in Peru and obtained a database of 114,000 entries, with names, phone numbers, emails and passwords of affected sites, including banks, security companies, the search engine Google… all domains ending with “.pe”.

It was the kind of material that criminals dream of having.

And they dumped it online.

“Desh told me that Rat was the one who did it without consulting him and told me: I almost killed him that day“.

Corruption that corrodes

Their most successful hack came in 2014, when they turned their attention to the Peruvian government.

Rene Cornejo

Getty Images
The press dubbed the leak “CornejoLeaks” as René Cornejo was Peru’s prime minister at the time.

“Peruvian government network security was poor. The first big hack of his had been the Ministry of the Interior of Peru in 2011 and the following year they hacked the cyber police of Peruso they were sure that the cyber police knew less about them than they did about the cyber police.

“This time they put their eyes on the network of the Council of Ministers.

“It took a month to break in, and the result was the release of approximately 3,500 government emails dating from February to July 2014.

Although no major cases of corruption came to light – “politicians weren’t that dumb,” says Jack – a lot of everyday, low-level corruption was exposed… the one that corrodes.

“They were damning.”

Whale in Peruvian waters

Getty Images
Whales were one of the concerns.

The public found evidence of lobbyists’ influence, putting enormous pressure on some ministers.

The energy minister, in an irritated exchange of emails, impatiently brushed off the environment minister’s objections to his warm relations with an Australian oil company, which insisted that its technicians, not Peruvian environmental regulators, supervise underwater seismic testing. .

“It was a particularly explosive case because these tests are used to detect oil deposits, but they can hurts whales and other sea creatures“.

In another of the letters, an executive of the lobby of the fishing industry asked the Minister of Finance to extend the anchoveta extraction season, which “is the most valuable fishing industry in Peru, but also one that is endangered by overfishing“, emphasizes Jack. Shortly after, his wish was granted.

The leaks helped precipitate a no-confidence motion, which the government survived thanks to a single vote.

digital hand

Getty Images
Cyberactivism tends to be a youth thing.

“The scandal that these hackers triggered did not bring down the government, but certainly it embarrassed“.

Despite the humiliation and some improvements, try as they might, the Peruvian cyber police never managed to track down the top hat boys.

What became of them?

From their online conversations 8 years ago, Jack says he only heard from one of them one more time. “It was a fleeting contact.”

He never had a way to contact them, they were the ones who communicated with him, and in 2014 they both said they were going to start withdrawing.

“Rat said that he was about to turn 18, and when he became an adult, he didn’t want to risk prosecutionSo he was going to retire.

“Desh had aspirations to open a portal like WikiLeaks for Latin America, but there is no evidence that this happened. He really wanted to work as a security researcher, and maybe he’s doing that, but I don’t know.”

two hackers

Getty Images
The identity outside the virtual world of @Cyber-Rat and @Desh501 remains a mystery.

Cyberactivism is often an activity of young people, partly because they do not face as much risk as adults, but also because they have the time and drive to do something with the tools they use.

What’s more, may fade off when it arrivedto the moment and return to his other life.

“I think LulzSecPeru had its impact and for them that was enough. But I wouldn’t be surprised if others like them emerged at a time of political tension,” concludes Jack.

By 2015, cyberactivist groups were a shadow of their former selves, but as prototypes—with their tactics like hacking and leaking information for others to exploit—they lived on.

In 2020 and 2021 around the world, cyberactivism was resurrected, with leaks targeting police, takedowns of far-right websites, hacks constantly undermining Lukashenko’s surveillance state in Belarus, and more.

This is cyberactivism: intense and intermittent.

We do not know where or when it will emerge, but what is striking is how a few hackers can shake those in positions of power who I know they believe irreproachable.

* this article is an adaptation of the episode “For the Lulz” of the BBC series “The Hackers” presented by digital anthropologist Gabriella Coleman.

Remember that you can receive notifications from BBC World. Download the new version of our app and activate it so you don’t miss out on our best content.