IT Security & Network Security News & Reviews: Tracking LulzSec's Career of Hacking Mayhem
The first of its attacks, LulzSec leaked a database of "X-Factor" contestants, attacked the Fox.com Website and obtained several other databases on May 6. The group also defaced 14 LinkedIn accounts belonging to Fox employees.
Pointless ATM Information
A total of 3,133 individual bank account details were harvested from ATMs in England and posted on Twitter and Pastebin. Private details included machine ID, address, latitude and longitude as well as the company owner and transaction amount.
LulzSec broke into the PBS.org Website to post a phony story claiming the dead rapper Tupac Shakur is actually alive in New Zealand. Passwords were stolen and various pages defaced.The attack was in retaliation for the "WikiSecrets" documentary, which LulzSec claimed painted Julian Assange, the founder of WikiLeaks, in an unfavorable light.
Sony Pictures Entertainment, Sony Music
The group broke into Sony Pictures Entertainment and stole data from 1 million accounts to prove Sony had not beefed up its security despite promises to do so in the wake of the PlayStation Network breach. Many criticized LulzSec for exposing user data, subjecting the victims to potential identity theft. The group also used SQL injection to compromise Sony Music in Japan, Netherlands and Belgium.
Despite LulzSec being fans of the gaming company, Nintendo didn't escape the mayhem, as LulzSec breached one of its servers and posted a server configuration file. Nintendo said no information was compromised.
FBI InfraGard Atlanta, Univeillance, FBI InfraGard Connecticut
This time, a public-private partnership between security firms and the FBI was compromised, as several hundred passwords were stolen. One of the InfraGard passwords happened to be the same for the email account belonging to the CEO of Unveillance, an Internet surveillance company.
Black & Berg Cybersecurity Consulting
The security consulting company challenged anyone to try to deface its Website by replacing an image on its homepage for a $10,000 prize. LulzSec did, calling it "easy" and declined the prize.
National Health Service
The group compromised NHS "months ago" but decided to email NHS directly to let it know which admin passwords had been exposed instead of leaking them.
United States Senate
The attack on the United States Senate didn't cause much damage, as the group accessed a public-facing server and didn't breach any files. It's still embarrassing for the government.
Like Nintendo, the group claimed to be a fan of Bethesda Softworks, the videogame company behind "Brink" and "Fallout: New Vegas." It still stole information belonging to more than 200,000 users registered with the site.
614-LulzSec for Hire
Anyone could call into the phone number 614 LULZSEC to request a target to be DDOSed, including Escapist Magazine, Eve Online, Fin Fisher, Minecraft, League of Legends and Heroes of Newerth. Magnets.com was also hit. The group claimed to have missed more than 5,000 calls and received over 2,500 voicemails. It also redirected phone numbers to World of Warcraft customer support, FBI offices in Detroit and even to a hosting company.
Central Intelligence Agency
The CIA's public Website suffered some technical issues, which the group claimed responsibility.
Serious Organized Crime Agency
Britain's FBI equivalent was knocked offline by a series of DDOS attacks. Authorities arrested and charged 19-year old Ryan Clearly with taking part in the attack.
AntiSec: Arizona Department of Public Safety
As part of Operation AntiSec, LulzSec went after government organizations and targeted the Arizona Department of Public Safety to protest the state's controversial anti-illegal immigration law. The leaked documents included hundreds of classified documents with personal emails, names and phone numbers of state personnel, including the police department.