Lulz Security, awash in their newfound fame after recent attacks against Sony and the Public Broadcasting Service, have had a busy weekend, once again hurting Sony, pointing out flaws in Nintendo’s own security, and even getting into a scuffle with the Federal Bureau of Investigations.
Nintendo was the first company to be hit, as the group posted the Apache config file for nintendo.com “just for lulz”. The server did not contain any other information on it, and both LulzSec and Nintendo have confirmed that no accounts were compromised. LulzSec would say via their Twitter account that they were not targeting Nintendo, and that they sincerely hoped they plugged the gap, later proclaiming that Nintendo and Sega had a special place in their hearts. Nintendo has told Gamestop that the hole has been closed, a statement that LulzSec verified.
The Nintendo breach was a “warmup” for a non-gaming related issue that would pop up later that day: a hack of the Atlanta chapter of Infragard, a non-profit that works as a liason between private businesses and the FBI. Among the accounts compromised on the site were a man, Karim Hijazi, who’s entire business Unveillance (a company specializing in intelligence on data leaks) as well as his personal GMail account were compromised due to his using the same password on all accounts, which is a violation of FBI protocol on password use. The LulzSec press release accuses Mr. Hijazi of offering to pay them in exchange for their eliminating his enemies in the security field in exchange for their silence on his data being compromised. They also mentioned that Unveillance was being funded by the United States to attack Libya’s infrastructure illegally. The hack is assumed to be in response to statements by the North Atlantic Treaty Organization (NATO) and U.S. President Barack Obama saying that cyber attacks against America would be treated as an act of war (Note: these statements were in response to a recent attack on Google by hackers based out of China). Gaming Bus has not as of yet verified the contents of the download, which LulzSec provided in a .torrent file that links to 711MB of data. Since the attack against Infragard, the person maintaining the LulzSec Twitter account has donated $80 to the Red Cross for medical care for Libyans.
Finally, LulzSec continued their assault on Sony, releasing the source code for the PlayStation Network developer console. They also included the internal network map for Sony BMG. The two breaches constitute what they claim are their fifth and sixth successful attacks against Sony. The code itself is an SVN repository. Sony has not commented on the latest breaches.
Lulz Security came to prominence after attacking PBS following the broadcast of a special on Wikileaks and Army Pvt. Bradley Manning that was perceived as being negatively slanted against them.
Analysis: I’ll comment on the two relevant breaches; the issue with the FBI and Lulz’s attacks on NATO’s comments are a bit above my theoretical paygrade.
LulzSec has shown their hands a bit. It’s not just about the “lulz” to them at this point. Whether intentionally or not, the group has shown that they’re more and more becoming “hacktivists” with a set goal in mind. It’s not entirely clear just what that goal is – other than “screw Sony” and “screw white hat hackers”, that is – but the results are undeniable. Plus, their donation to the Red Cross in regards to Libya shows that they are now loosely entered into the political ring.
Furthermore, they’re not going away. They’ve proven this much, and they’re pretty open about their intentions. They’ve announced Sony hacks as they’ve been hacking, which is interesting, because they told Sony that they were making off with data literally days before they revealed the Sony Pictures hack. They’re right on one thing: Sony is negligent, bordering on criminally so.