LulzSec: Difference between revisions
Line 27: | Line 27: | ||
LulzSec hacked into the [[Bethesda Game Studios]] network, they posted information taken from the network onto the Internet, though they refrained from publishing 200,000 compromised accounts.<ref>{{cite web|last=Albanesius|first=Chloe|title=LulzSec Targets Bethesda Softworks, Porn Site|url=http://www.pcmag.com/article2/0,2817,2386861,00.asp|publisher=PC magizine|accessdate=13 June 2011}}</ref> LulzSec posted the following message to [[Twitter]] regarding the attack, "Bethesda, we broke into your site over two months ago. We've had all of your Brink users for weeks, Please fix your junk, thanks!" <ref>{{cite web|last=Ben|first=Kuchera|title=LulzSec hackers demand hats, threaten release of Brink user data|url=http://arstechnica.com/gaming/news/2011/06/hacker-group-lulzsec-demands-hats-threatens-release-of-brink-user-data.ars|publisher=Ars Technica|accessdate=13 June 2011}}</ref> |
LulzSec hacked into the [[Bethesda Game Studios]] network, they posted information taken from the network onto the Internet, though they refrained from publishing 200,000 compromised accounts.<ref>{{cite web|last=Albanesius|first=Chloe|title=LulzSec Targets Bethesda Softworks, Porn Site|url=http://www.pcmag.com/article2/0,2817,2386861,00.asp|publisher=PC magizine|accessdate=13 June 2011}}</ref> LulzSec posted the following message to [[Twitter]] regarding the attack, "Bethesda, we broke into your site over two months ago. We've had all of your Brink users for weeks, Please fix your junk, thanks!" <ref>{{cite web|last=Ben|first=Kuchera|title=LulzSec hackers demand hats, threaten release of Brink user data|url=http://arstechnica.com/gaming/news/2011/06/hacker-group-lulzsec-demands-hats-threatens-release-of-brink-user-data.ars|publisher=Ars Technica|accessdate=13 June 2011}}</ref> |
||
On June 14th, LulzSec took down four websites by request of fans as part of their "Titanic Take-down Tuesday"<ref>http://twitter.com/#!/LulzSec/status/80697805248790529</ref>. These websites were [[Minecraft |
On June 14th, LulzSec took down four websites by request of fans as part of their "Titanic Take-down Tuesday"<ref>http://twitter.com/#!/LulzSec/status/80697805248790529</ref>. These websites were [[Minecraft]], [[The Escapist (magazine)|The Escapist]], and Fin Fisher. They also attacked the login servers of the massively multiplayer online game [[EVE Online]], which also disabled the game's front-facing website. |
||
==Government attacks== |
==Government attacks== |
Revision as of 18:18, 14 June 2011
Lulz Security (or simply LulzSec) is a computer hacker group that claims to be responsible for several high profile attacks, including the compromise of over 1,000,000 user accounts from Sony in 2011 of which only 37,500 were actually affected according to Sony. It has gained attention due to its high profile targets and the lighthearted messages it has posted in the aftermath of its attacks.
Overview
LulzSec draws its name from the neologism "Lulz," (from LOLs) which often signifies laughter at the victim of a prank, and "Sec," short for "Security". The Wall Street Journal has characterized its attacks as closer to internet pranks rather than serious cyber-warfare. It has gained attention in part due to its brazen claims of responsibility and lighthearted taunting of corporations that have been hacked. It frequently refers to Internet memes when defacing websites. The group first emerged in May 2011, and has successfully attacked the websites of several major corporations.[1] It specializes in finding websites with poor security, and then stealing and posting information from them online. It has used well-known straightforward methods, such as SQL injection, to attack its target websites.[2] Several media sources have described their tactics as grey hat hacking.[2][3][4]
The group has used the motto "Laughing at your security since 2011" and its website, created in June 2011, plays the theme from The Love Boat.[1] It announces its exploits via Twitter and its own website, oftentimes accompanied with lighthearted ASCII art of boats. Its website also includes a Bitcoin donation to help fund its activities.[5] Although the number of members and exact motivation of the group are unknown,[2] Ian Paul of PC World has written that, "As its name suggests, LulzSec claims to be interested in mocking and embarrassing companies by exposing security flaws rather than stealing data for criminal purposes."[6] The group has also been critical of white hat hackers, claiming that many of them have been corrupted by their employers.[1]
Some in the security community have lauded them for raising awareness of the widespread lack of effective security against hackers.[7] They have also been credited with inspiring LulzRaft, a group which has been implicated in several high-profile website hacks in Canada.[8]
The group's first recorded attack was against Fox.com's website. It claimed responsibility for leaking information, including passwords, altering several employees' LinkedIn profiles, and leaking a database of X Factor contestants containing contact information of 73,000 contestants.[9][10]
Initial targets
In May 2011, members of Lulz Security hacked into the Public Broadcasting System (PBS) website. They stole user data and posted a fake story on the site which claimed that Tupac Shakur was still alive and living in New Zealand. In the aftermath of the attack, CNN referred to the responsible group as the "Lulz Boat".[11]
Lulz Security claimed that some of its hacks, including its attack on PBS, were motivated by a desire to defend WikiLeaks and Bradley Manning.[12] A Fox News report on the group quoted one commentator, Brandon Pike, who claimed that Lulz Security is affiliated with the hacktivist group Anonymous. Lulz Security claimed that Pike had actually hired it to hack PBS. Pike denied the accusation and claims it was leveled against him because he said Lulz Security was a splinter of Anonymous.[13]
In June 2011, members of the group claimed responsibility for an attack against Sony and took data that included "names, passwords, e-mail addresses, home addresses and dates of birth for thousands of people."[14] The group claimed that it used a SQL injection attack,[15] and was motivated by Sony's legal action against George Hotz for jailbreaking into the PlayStation 3. The group claims it will launch an attack that will be the "beginning of the end" for Sony.[16] Some of the compromised user information has since been used in scams.[17] The group claimed to have compromised over 1,000,000 accounts, though Sony claims the real number was around 37,500.[18]
Later Corporate attacks
Lulz Security attempted to hack into Nintendo, but both the group and Nintendo itself report that no particularly valuable information was found by the hackers.[19] LulzSec claims that it did not mean to harm Nintendo, declaring: "We're not targeting Nintendo. We like the N64 too much — we sincerely hope Nintendo plugs the gap."[20]
On June 8th, LulzSec hacked into the website of Black & Berg Cybersecurity Consulting, a small network security company, and changed the image displayed on their front page to one containing the LulzSec logo. They did so after the company had issued a "Cybersecurity For The 21st Century, Hacking Challenge", in which they challenged hackers to hack the site and alter the homepage graphic. The intrusion came after Joe Black, an owner of the company posted the message "Black & Berg Cybersecurity Consulting appreciate all the hard work that you're putting in. Your Hacking = Clients for us. Thx" to the LulzSec Twitter account. Though Black & Berg offered a prize of $10,000 and a position with the company for the successful hack, members of LulzSec declined the offer.[21] Instead, the website contained the reply "DONE, THAT WAS EASY. KEEP THE MONEY, WE DO IT FOR THE LULZ".[22]
On June 11th, reports emerged that LulzSec reportedly hacked into and stole user information from the pornography website www.pron.com. They obtained around 26,000 e-mail addresses and passwords. Among the information stolen are records of six users who subscribed from .gov and .mil e-mail addresses as well as administrator information from 55 other adult-oriented websites. Following the breach, Facebook locked the accounts of all users who had used the published e-mail addresses, and also blocked new Facebook accounts opened using the leaked e-mail addresses. They feared that users of the site would get hacked after LulzSec encouraged people to try and see if these people used identical user name and password combinations on Facebook as well.[23]
LulzSec hacked into the Bethesda Game Studios network, they posted information taken from the network onto the Internet, though they refrained from publishing 200,000 compromised accounts.[24] LulzSec posted the following message to Twitter regarding the attack, "Bethesda, we broke into your site over two months ago. We've had all of your Brink users for weeks, Please fix your junk, thanks!" [25]
On June 14th, LulzSec took down four websites by request of fans as part of their "Titanic Take-down Tuesday"[26]. These websites were Minecraft, The Escapist, and Fin Fisher. They also attacked the login servers of the massively multiplayer online game EVE Online, which also disabled the game's front-facing website.
Government attacks
LulzSec claims to have hacked InfraGard, a company affiliated with the FBI that does work on botnet detection,[1] in June 2011. The group leaked some of Infragard's e-mails and a database of users.[27] The group defaced the website posting the following message, "LET IT FLOW YOU STUPID FBI BATTLESHIPS," accompanied with a video. LulzSec has posted the following message regarding the attack:
"It has come to our unfortunate attention that NATO and our good friend Barrack Osama-Llama 24th-century Obama [sic] have recently upped the stakes with regard to hacking. They now treat hacking as an act of war. So, we just hacked an FBI affiliated website (Infragard, specifically the Atlanta chapter) and leaked its user base. We also took complete control over the site and defaced it [...]."[28]
On June 9th, LulzSec sent an email to the administrators of the British National Health Service, informing them of a security vulnerability discovered in NHS systems. LulzSec stated that they did not intend to exploit this vulnerability, saying in the email that "We mean you no harm and only want to help you fix your tech issues."[29]
On June 13th, LulzSec released the e-mails and passwords of a number of users of senate.gov, the website of the United States Senate.[30] The information released also included the root directory of parts of the website. LulzSec stated, "This is a small, just-for-kicks release of some internal data from Senate.gov - is this an act of war, gentlemen? Problem?" referencing a recent statement by the The Pentagon that some cyberattacks could be considered an act of war. No highly sensitive information appears in the release.[31]
See also
References
- ^ a b c d Morse, Andrew; Sherr, Ian (6 June 2011). "For Some Hackers, The Goal Is Just To Play A Prank". The Wall Street Journal. p. B1. Retrieved 6 June 2011.
- ^ a b c "Q&A: Lulz Security". BBC. 6 June 2011. Retrieved 6 June 2011.
- ^ Mitchell, Dan (9 June 2011). "Yet another hack, yet another delay in reporting it". CNN Money. Retrieved 11 June 2011.
- ^ Raywood, Dan (10 June 2011). "Security expert publicly backs 'grey hats' such as LulzSec, saying that public disclosure will help businesses". SC Magazine. Retrieved 11 June 2011.
- ^ Olson, Parmy (6 June 2011). "LulzSec Hackers Post Sony Dev. Source Code, Get $7K Donation". Forbes. Retrieved 7 June 2011.
- ^ Paul, Ian. "Lulz Boat Hacks Sony's Harbor: FAQ." PC World. June 3, 2011. Retrieved on June 6, 2011.
- ^ Ragan, Steve (8 June 2011). "One month later – LulzSec continues their personal brand of comedy". The Tech Herald. Retrieved 9 June 2011.
- ^ Beltrame, Julian (8 June 2011). "Hacker without a cause scores with Harper 'breakfast incident' hoax". The Canadian Press. Retrieved 10 June 2011.
- ^ "Who is LulzSec, Hacker of PBS? Are they hacking Sony again?". International Business Times. Retrieved 3 June 2011.
- ^ Poulsen, Kevin. "Sony Hit Yet Again; Consumer Passwords Exposed". Wired. Retrieved 3 June 2011.
- ^ CNN Wire Staff. "Hackers pirate PBS website, post fake story about Tupac still alive". CNN. Retrieved 3 June 2011.
{{cite web}}
:|last=
has generic name (help) - ^ Olson, Parmy. "Interview With PBS Hackers: We Did It For 'Lulz And Justice'". Forbes. Retrieved 3 June 2011.
- ^ Kaplan, Jeremy (2 June 2011). "Group Claims It Was 'Paid to Hack PBS,' Then Leaks a Million Sony User IDs". Fox News. Retrieved 3 June 2011.
- ^ Pepitone, Julianne (2 June 2011). "Group claims fresh hack of 1 million Sony accounts Money". CNN. Retrieved 3 June 2011.
- ^ Ogg, Erica. "Hackers steal more customer info from Sony servers". CNET. Retrieved 3 June 2011.
- ^ Reisinger, Don. "Tupac hackers to Sony: 'Beginning of the end'". CNET. Retrieved 3 June 2011.
- ^ Ars Staff. "Lulz? Sony hackers deny responsibility for misuse of leaked data". Ars Technica. Retrieved 3 June 2011.
- ^ Olivarez-Giles, Nathan (9 June 2011). "Sony Pictures says LulzSec hacked 37,500 user accounts, not 1 million". Los Angeles Times. Los Angeles. Tribune Company. Archived from the original on 12 June 2011. Retrieved 12 June 2011.
- ^ "LulzSec Hacks Nintendo: No User Information Released". PCMag. 5 June 2011. Retrieved 5 June 2011.
- ^ "Nintendo Is Hit by Hackers, but Breach Is Deemed Minor". New York Times. 5 June 2011. Retrieved 5 June 2011.
- ^ "LulzSec wins hacking competition, refuses $10k award". International Business Times. New York City. 8 June 2011. Retrieved 8 June 2011.
- ^ "Black & Berg Cybersecurity Consulting, LLC". Black & Berg Cybersecurity Consulting. Archived from the original on 8 June 2011. Retrieved 8 June 2011.
- ^ Thomas, Keir (11 June 2011). "Porn Site Users Beware: Hacker Group LulzSec May Have Posted Your Email Address". PC World. IDG. Archived from the original on 11 June 2011. Retrieved 11 June 2011.
- ^ Albanesius, Chloe. "LulzSec Targets Bethesda Softworks, Porn Site". PC magizine. Retrieved 13 June 2011.
- ^ Ben, Kuchera. "LulzSec hackers demand hats, threaten release of Brink user data". Ars Technica. Retrieved 13 June 2011.
- ^ http://twitter.com/#!/LulzSec/status/80697805248790529
- ^ "LulzSec claims to have hacked FBI-affiliated website". LA Times. Retrieved 4 June 2011.
- ^ Read, Max. "LulzSec Hackers Go After FBI Affiliates". Gawker. Retrieved 4 June 2011.
- ^ "Hackers warn NHS over security". BBC. Retrieved 9 June 2011.
- ^ Ogg, Erica (13 June 2011). "LulzSec targets videogame maker ZeniMax Media". CNET.com. CBS Interactive. Archived from the original on 13 June 2011. Retrieved 13 June 2011.
- ^ Morse, Andrew (13 June 2011). "LulzSec Hacker Group Claims Attack On US Senate Website". The Wall Street Journal. News Corporation. Archived from the original on 13 June 2011. Retrieved 13 June 2011.