Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Hacking Group LulzSec Denies Arrest Report

Sony and InfraGard were targeted by the group, which refutes online reports that a member was arrested by the FBI.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
Are the Feds finally catching up with LulzSec?

The hacking group, also known as the Lulz Boat, claims credit for releasing Sony's developer network source code on Monday, recently exposing one million Sony passwords, hacking PBS with fake news, and also releasing passwords for members of the FBI partner organization InfraGard's Atlanta branch. The latter was in response to government plans to classify some types of cyber attacks as acts of war.

But according to an anonymous post, submitted via a Hushmail account, to the Full Disclosure mailing list on Monday, law enforcement agencies are finally closing in. "One of them is already in FBI custody, and the rest are probably about to follow him." The poster named the arrested hacker as New York resident Robert Cavanaugh, "alias xyz, alias ev0." The post also contained an alleged transcript from an IRC chat channel used by LulzSec, in which one of the participants urges the others to leave the chat channel. "This is serious, military hackers trying to hack us."

In a statement released on Monday, however, LulzSec said that the arrest reports were untrue, or at least not related to the group. "Also, 'ev0', who was allegedly arrested (?) was never a part of LulzSec or in fact the subcrew. We don't even know who he is," it said.

According to LulzSec, its members did post to the chat channel, but they said it wasn't used for core operations. "Those logs are primarily from a channel called #pure-elite ... where we gather potential backup/subcrew research and development battle fleet members, i.e. we were using that channel only to recruit talent for side-operations." It also said that its core team remained "at full strength."

Indeed, on Tuesday, the group's Twitter feed suggested it was business as usual, with a post that read, "6 out of 17, anyone else wanna play?"--in reference to the number of times it had hacked into Sony websites, and a detailed timeline posted at Attrition.org. Furthermore, the group said it had recently received $7,853 in donations, including a single donation of $7,600 on Monday.

But even if law enforcement agencies do identify and arrest LulzSec members, security experts said that targeted organizations, including Sony, might still see no respite. "It seems that now Sony has become a laughing stock amongst the hacking community," said security expert John D'Arcy, assistant professor of IT management at the University of Notre Dame, via email. Indeed, the company's websites continue to be exploited--by LulzSec and other, even more anonymous attackers--via SQL injection attacks and other well-known Web application exploit techniques.

Accordingly, even with law enforcement agencies likely intensifying the hunt for LulzSec members, at least in the short term, Sony must save itself. "There is little that can be done by law enforcement and the FBI to help with the situation. In terms of computer crime, hacking, etc., the bad guys are still well ahead of the good guys," said D'Arcy. "Given the ease with which these hacks can be conducted, and the anonymity that is associated with these attacks, and jurisdiction issues that prevent U.S. law enforcement from going after certain international hacking groups, it is likely that the bad guys will remain in the driver's seat for the foreseeable future."

In this new Tech Center report, we profile five database breaches--and extract the lessons to be learned from each. Plus: A rundown of six technologies to reduce your risk. Download it here (registration required).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PhilipT945
50%
50%
PhilipT945,
User Rank: Apprentice
6/6/2016 | 3:30:33 PM
Re: important
Hello, are you in need of hacking services? Then contact [email protected] or text +19205265316, he is the best hacker. He helped me and my friends with some issues we had. If you need to *hack into email accounts, *all social media accounts, *school database to clear or change grades, *Retrieval of lost file/documents *DUIs *company records and systems, *bank accounts, he is really the best. His services are affordable. Don't waste your time with fake hackers.
PhilipT945
50%
50%
PhilipT945,
User Rank: Apprentice
6/6/2016 | 3:27:22 PM
Re: Hello
Hello, are you in need of hacking services? Then contact [email protected] or text +19205265316, he is the best hacker. He helped me and my friends with some issues we had. If you need to *hack into email accounts, *all social media accounts, *school database to clear or change grades, *Retrieval of lost file/documents *DUIs *company records and systems, *bank accounts, he is really the best. His services are affordable. Don't waste your time with fake hackers.
BaileyM925
0%
100%
BaileyM925,
User Rank: Apprentice
3/7/2016 | 12:48:38 PM
Hello
If you need to hack into any database, delete record, improve credit score, spy on whatsapp, text, phone, emails, as long as it's hack contact [email protected] ia Email :: [email protected] he is great, you won't be disappointed, cheap and fast, he saved my relationship Tell him Bailey
PaulS92001
0%
100%
PaulS92001,
User Rank: Apprentice
12/7/2015 | 8:02:11 AM
Hacking services
IF YOU REQUIRE FAST RELIABLE HACKING SERVICES, CONTACT [email protected] I CAN PERSONALLY VOUCH FOR HIM, I HAVE BEEN SCAMMED COUNTLESS TIMES BUT WHEN I MET HIM ITS BEEN NOTHING BUT POSITIVE RESULTS, MY LIFE IS BACK IN ORDER THANKS TO HIS WORK! HE CAN HACK GRADES, FACEBOOK, EMAILS, BANKS, ANYTHING  PLEASE CONTACT HIM [email protected]

You Need Any Help ?
*University grades changing
*Bank accounts hack
*Twitters hack
*email accounts hack
*Grade Changes hack
*Website crashed hack
*server crashed hack
*Retrieval of lost file/documents
*Erase criminal records hack
*Databases hack
*Sales of Dumps cards of all kinds
*Untraceable Ip
*Individual computers hack
*Websites hack
*Facebook hack
*Control devices remotely hack
*Burner Numbers hack
*Verified Paypal Accounts hack
*Any social media account hack
*Android & iPhone Hack
*Word Press Blogs hack
*Text message interception hack
*email interception hack

CONTACT: [email protected]
cheap and reliable
mark32
100%
0%
mark32,
User Rank: Apprentice
12/11/2013 | 6:48:39 AM
gene hacker
if any body need the below services kindly contact David he is the best and he is real

* Computer hacking
* web hacking
* Email hacking {gmail, yahoo, hotmail, aol, facebook etc.}
* mobile hacking
* network hacking
* score upgrade
* remover of name from driving record.
* online banking hacking
* password hacking
* online bank hacking
* sale credit card
* sales of bank login
* sales and hacking of PayPal
contact him on this email. Dg[email protected]
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/1/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20811
PUBLISHED: 2020-06-03
An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
CVE-2019-20812
PUBLISHED: 2020-06-03
An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067.
CVE-2020-13776
PUBLISHED: 2020-06-03
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
CVE-2019-20810
PUBLISHED: 2020-06-03
go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.
CVE-2020-4026
PUBLISHED: 2020-06-03
The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted...