Attacks/Breaches
6/6/2011
12:58 PM
50%
50%

LulzSec Hackers Hit Nintendo, FBI Affiliate Websites

Sony's developer network source code was also released by the group, which allegedly attempted to extort a security researcher for botnet information.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
It's been a busy couple of weeks for the hacking group known as LulzSec, aka the Lulz Boat.

On Friday, LulzSec said in a statement that its members had exploited the website of the Atlanta chapter of InfraGard, a private, non-profit organization that exists to serve as a public/private partnership with the FBI. LulzSec also posted 180 member usernames and passwords gleaned from the attack, and said it deleted all information stored on the website. As of press time, the website resolved to a page listing it as being "under construction."

LulzSec is the same outfit that recently defaced the PBS website, posting fake news. More recently, the group hacked into a Sony Pictures Entertainment website, exposing one million passwords.

Meanwhile, on Sunday, the group said on its Twitter feed that it had exploited the Nintendo website, but chose to only steal a configuration file. It also said that Nintendo had already fixed the vulnerability it exploited to gain access to the website.

That same day, Nintendo released a statement saying that the breached website contained no customer data, and that no customer data had been stolen. Nintendo was not available for immediate comment about its response to the attacks.

On Monday, adding to its list of exploits, LulzSec released a compressed, 58-MB file, which it says contains the source code for the Sony Computer Entertainment Developer Network. It also promised to throw "more Sony booty overboard soon!" That apparently referred, at least for starters, to the "internal network maps of Sony BMG," which the group released shortly thereafter.

The group also released numerous work and private emails for a security entrepreneur. It obtained access to his email accounts via its hack of the Atlanta InfraGard chapter's website, in which it stole passwords that it then found were reused across multiple sites. As a result, the group said it was able to access both the business and personal Gmail accounts for Atlanta InfraGard member Karim Hijazi, a security consultant who's CEO and president of botnet monitoring startup firm Unveillance, and formerly the principal of security firm Demiurge Consulting.

Based on Hijazi's emails, LulzSec alleged that "we have uncovered an operation orchestrated by Unveillance and others to control and assess Libyan cyberspace through malicious means: the U.S. government is funding the CSFI to attack Libya's cyber infrastructure."

LulzSec appears to be referring to a report to which Unveillance contributed information, called "Project Cyber Dawn Libya." The report was co-written by 21 people and released by the Cybersecurity Forum Initiative (CSFI), which appears to be an ad hoc group of cyber warfare devotees.

According to CSFI, the report examines Libya's current "cyber warfare capabilities and defenses," and is intended to "help the international community to understand not only Libya's potential to influence the balance in cyberspace, but also the physical repercussions of cyber-attacks originating from, and directed towards Libya."

Via BitTorrent, LulzSec also released a large quantity of Hijazi's emails. (If Hijazi failed to vary his password for different websites, in those emails he did at least appear to make regular use of PGP to encrypt his business communications--and LulzSec doesn't seem to have cracked those messages.) The group also released an IRC chat transcript that it said occurred between various members of its group and Hijazi. In that chat, said LulzSec, Hijazi "offered to pay us to eliminate his competitors through illegal hacking means in return for our silence."

But was one side just playing the other?

Hijazi, on Friday, fired back at the group in a statement, alleging that over a two-week period, LulzSec members tried to extort information and money from him in exchange for not releasing his emails. According to an IRC chat transcript referenced by Hijazi, a member of LulzSec tells him, "Don't think of it as extortion ... consider it a partership (sic)."

"In spite of these threats, I refused to pay off LulzSec or to supply them with access to this sensitive botnet information. Had we agreed to provide this data to them, LulzSec would have been able to grow the size and scope of their DDoS attack and fraud capabilities," said Hijazi.

"Because of this, they followed through in their threats--and attacked me, my business, and my personal reputation. I believe this incident shows the true nature of LulzSec," he said.

In response to Hijazi's statement, meanwhile, LulzSec said that its extortion attempt was a ruse. "To clarify: it was not our goal to extort anything from ... we were merely testing if he would fold or not," it said in a Twitter post on Saturday. According to another statement released by the group, "naturally we were just stringing him along to further expose the corruption of whitehats."

But in its chat transcripts with Hijazi, LulzSec does seem to be seeking data related to botnets, and in particular Mariposa. Asked by Hijazi what their intentions are for the data, one LulzSec member with the handle "Espeon" replied, "We like botnets, we like data ... we like crushing things; we like inside information."

In this new Tech Center report, we profile five database breaches--and extract the lessons to be learned from each. Plus: A rundown of six technologies to reduce your risk. Download it here (registration required).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6090
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix...

CVE-2014-6092
Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

CVE-2015-0113
Published: 2015-04-27
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...

CVE-2015-0174
Published: 2015-04-27
The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVE-2015-0175
Published: 2015-04-27
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.