Skip to main content

LulzSec chat logs shed light on Cleary's role

Leaked logs purporting to be from an IRC channel used by LulzSec have been published, revealing a fractured and fractious collection of psuedo-anarchists and shedding a small amount of light on Ryan Cleary's involvement with the group.

While The Guardian has published the logs with only a few minor redactions, it has not so far detailed how they came into its possession. It seems likely, however, that a mole known as 'jux' is responsible, following the posting of internal LulzSec details (opens in new tab) on PasteBin earlier this month.

In the posting, 'jux' claims: "After being invited to the lulzsec private channel after social engineering parr0t, I was able to learn a few interesting things about their group." Later, 'jux' claims that he will be "releasing full logs of their channel when I find out about a few facts."

The timing of the post matches that of the logs - indeed, the other members of LulzSec even discuss the PasteBin posting - suggesting that 'jux' is the source of the logs, retrieved from an IRC server run by the publishers of 2600: The Hacker Quarterly, an underground magazine.

Jux goes on to claim that hacker-turned-threat-analyst Adrian Lamo, the man who gave up WikiLeaker Bradley Manning to authorities, is responsible for the operation of the IRC channels - #LIFG and #lulzsec on - as well as the registration of the domain

Interestingly, 'jux' also makes the claim that a user known as Whirlpool - an alias used in interviews by LulzSec member Topiary - claims to have insider access to The Guardian, going so far as to suggest that Whirlpool may be a Guardian journalist infiltrating the group.

In the leaked logs, the name Ryan is used several times - in possible reference to the recently-arrested Ryan Cleary, supposed 'mastermind' of the group - in less than glowing terms. "Ryan needs a psychologist," Topiary claims in the logs. "I will be his psychologist," he jokes, "in return for bots."

In another message, user joepie91 warns users of to "be aware that Ryan has admin thar [sic] though," suggesting that Ryan had full access to at least one of LulzSec's many websites.

Elsewhere, Ryan is accused of attacking LulzSec precursor AnonOps. "No way I'm trusting Ryan with any domain," explains user tflow, "after what he did to AnonOps." Jopie91 offers clarification, claiming Ryan "jacked AnonOps' domain, DDoSed the network, basically hostile takover followed by trying to f**k it up."

When Ryan appeared on the 2600 chat server and started sending private messages to members of LulzSec, it appears to have caused a certain amount of consternation. "What should I say to Ryan," asks joepie91, to be told "ignore him, he doesn't know it's us" by a user called sabu.

Other messages suggest that Ryan is fond of using his 'botnet' - a collection of infected machines under central control - to commit distributed denial of service attacks against LulzSec members. Described as "triggerhappy," Ryan messages a LulzSec member immune to his attacks to claim that "you know I can't DDoS that IP."

One thing shines out from the message logs: LulzSec is a fractured group, and - for all that he has been branded a 'mastermind' - Ryan Cleary's involvement in it appears to have been peripheral at best, providing muscle in the form of a botnet but not respected by those central to the group.

For all their faults, however, the LulzSec members appear to have excellent taste in reading material: our article on NATO's threats to 'hactivism' group Anonymous appears to have gone down particularly well.

The full chat log can be read over on The Guardian's website (opens in new tab). monitors all leading technology stories and rounds them up to help you save time hunting them down.