Brian Krebs of Krebs On Security reports that the websites for Eidos Interactive and their Deus Ex franchise have been breached, and that data has been stolen and posted.
Both sites had been replaced with defacement messages stating that they were “Owned by Chippy1337” in ASCII text. Mr. Krebs has acquired IRC logs that show members of the group talking about picking up the zero day exploit and “src”, slang for source code, presumably of Deus Ex. They were also able to acquire 9,000 CVs from the Eidos site, and personal information relating to 80,000 Deus Ex users. They stated that they would release the user data to file sharing networks.
From the looks of the conversation, it would appear that this is an offshoot of the offshoot group that took over certain Anonymous servers as a protest against what is perceived to be the increasing centralization of Anonymous. The three hackers pinpointed in the conversation – “evo”, “nigg” and “e” – made the attack look like it was him, calling it “the ultimate troll”. The admin pinpointed as having hacked AnonOp – going by the handle “Ryan”, possibly named Ryan Cleary and also known as Blackhatcat – is supposedly a 17 year old living in the UK, and was recently “doxed” (had personal data released, including his name and address) in retribution for the original AnonOp hack.
An anonymous observer told Mr. Krebs that this is normal for the group:
“ev0 and nigg got the 0day they used to break in [to Eidos.com] from one guy, then got Blackhatcat to execute it and then screwed everyone, stole the database… This is how those guys roll: One day they work together, the next they war. They drop dox on each other like it’s a game. Just like they did pinning the defacement of Dues Ex on Blackhatcat. Then denied the whole thing. Its psychotic behavior like I have never seen. Its like they hate each other but will work together on certain ops if it suits them, but then might turn on each other in the end…and then laugh it off.”
As of press time, neither Eidos or parent company Square Enix have responded to requests for comment from either Krebs On Security or Gaming Bus.
Analysis: I haven’t hung around hacking circles in a long – I mean, a LONG – time, but I remember the general mindset. Basically, you’re dealing with socially misfit teenagers who do things just because they can. That seems to be the case here; a bunch of guys with too much ability and not enough to do just having fun without any idea – or care – for the damage they do. This is a very general statement, but there are basically two types of people who flock to Anonymous: those that see themselves as righteous crusaders (or, as the second group sees them, “moralfags”), and those that are in it “for the lulz”, basically just to fuck things up, for lack of a better term.
In the eyes of the general public, this is going to hurt Anonymous as a collective, and as a name. I don’t know what the public really expected; the whole nature of Anonymous is to be unpredictable, and the whole reason AnonOp was hacked was because leaders and bureaucracy emerged, two things most people who join Anonymous in the first place loathe. Of course, the people doing either of these things – especially this latest hack – don’t seem to care. It’s all about “the lulz”. What’s funny is that these guys are ultimately just script kiddies with connections, but a lot of places are vulnerable to script kiddies.
Unfortunately, I don’t think this is the end. More user data is going to be exposed by people who don’t share the same ideals as the “moralfags”, I think it’s just a matter of who, where and when.