In May 2011, the small group of Anons behind the HBGary Federal hack—including Tflow, Topiary, Sabu, and Kayla—formed the hacker group “Lulz Security”, commonly abbreviated “LulzSec”. The group’s first attack was against Fox.com, leaking several passwords, LinkedIn profiles, and the names of 73,000 X Factor contestants. In May 2011, members of Lulz Security gained international attention for hacking into the American Public Broadcasting Service (PBS) website. They stole user data and posted a fake story on the site that claimed that rappers Tupac Shakur and Biggie Smalls were still alive and living in New Zealand.[156] LulzSec stated that some of its hacks, including its attack on PBS, were motivated by a desire to defend WikiLeaks and its informant Chelsea Manning.[157]

In June 2011, members of the group claimed responsibility for an attack against Sony Pictures that took data that included “names, passwords, e-mail addresses, home addresses and dates of birth for thousands of people.”[158] In early June, LulzSec hacked into and stole user information from the pornography website www.pron.com. They obtained and published around 26,000 e-mail addresses and passwords.[159] On June 14, 2011, LulzSec took down four websites by request of fans as part of their “Titanic Take-down Tuesday”. These websites were Minecraft, League of Legends, The Escapist, and IT security company FinFisher.[160] They also attacked the login servers of the multiplayer online game EVE Online, which also disabled the game’s front-facing website, and the League of Legends login servers. Most of the takedowns were performed with DDoS attacks.[161]

LulzSec also hacked a variety of government-affiliated sites, such as chapter sites of InfraGard, a non-profit organization affiliated with the FBI.[162] The group leaked some of InfraGard member e-mails and a database of local users.[163] On June 13, LulzSec released the e-mails and passwords of a number of users of senate.gov, the website of the U.S. Senate.[164] On June 15, LulzSec launched an attack on cia.gov, the public website of the U.S. Central Intelligence Agency, taking the website offline for several hours with a distributed denial-of-service attack.[165] On December 2, an offshoot of LulzSec calling itself LulzSec Portugal attacked several sites related to the government of Portugal. The websites for the Bank of Portugal, the Assembly of the Republic, and the Ministry of Economy, Innovation and Development all became unavailable for a few hours.[166]

On June 26, 2011, the core LulzSec group announced it had reached the end of its “50 days of lulz” and was ceasing operations.[167] Sabu, however, had already been secretly arrested on June 7 and then released to work as an FBI informant. His cooperation led to the arrests of Ryan Cleary, James Jeffery, and others.[168] Tflow was arrested on July 19, 2011,[169] Topiary was arrested on July 27,[170] and Kayla was arrested on March 6, 2012.[171] Topiary, Kayla, Tflow, and Cleary pleaded guilty in April 2013 and were scheduled to be sentenced in May 2013.[172] In April 2013, Australian police arrested Cody Kretsinger, whom they alleged to be self-described LulzSec leader Aush0k.[173]