IT Security & Network Security News & Reviews: Tracking LulzSec's Career of Hacking Mayhem

 
 
By Fahmida Y. Rashid  |  Posted 2011-06-30
 
 
 

Fox.com

The first of its attacks, LulzSec leaked a database of "X-Factor" contestants, attacked the Fox.com Website and obtained several other databases on May 6. The group also defaced 14 LinkedIn accounts belonging to Fox employees.

Fox.com

Pointless ATM Information

A total of 3,133 individual bank account details were harvested from ATMs in England and posted on Twitter and Pastebin. Private details included machine ID, address, latitude and longitude as well as the company owner and transaction amount.

Pointless ATM Information

PBS.org, Frontline

LulzSec broke into the PBS.org Website to post a phony story claiming the dead rapper Tupac Shakur is actually alive in New Zealand. Passwords were stolen and various pages defaced.The attack was in retaliation for the "WikiSecrets" documentary, which LulzSec claimed painted Julian Assange, the founder of WikiLeaks, in an unfavorable light.

PBS.org, Frontline

Sony Pictures Entertainment, Sony Music

The group broke into Sony Pictures Entertainment and stole data from 1 million accounts to prove Sony had not beefed up its security despite promises to do so in the wake of the PlayStation Network breach. Many criticized LulzSec for exposing user data, subjecting the victims to potential identity theft. The group also used SQL injection to compromise Sony Music in Japan, Netherlands and Belgium.

Sony Pictures Entertainment, Sony Music

Nintendo

Despite LulzSec being fans of the gaming company, Nintendo didn't escape the mayhem, as LulzSec breached one of its servers and posted a server configuration file. Nintendo said no information was compromised.

Nintendo

FBI InfraGard Atlanta, Univeillance, FBI InfraGard Connecticut

This time, a public-private partnership between security firms and the FBI was compromised, as several hundred passwords were stolen. One of the InfraGard passwords happened to be the same for the email account belonging to the CEO of Unveillance, an Internet surveillance company.

FBI InfraGard Atlanta, Univeillance, FBI InfraGard Connecticut

Black & Berg Cybersecurity Consulting

The security consulting company challenged anyone to try to deface its Website by replacing an image on its homepage for a $10,000 prize. LulzSec did, calling it "easy" and declined the prize.

Black & Berg Cybersecurity Consulting

National Health Service

The group compromised NHS "months ago" but decided to email NHS directly to let it know which admin passwords had been exposed instead of leaking them.

National Health Service

United States Senate

The attack on the United States Senate didn't cause much damage, as the group accessed a public-facing server and didn't breach any files. It's still embarrassing for the government.

United States Senate

Bethesda Softworks

Like Nintendo, the group claimed to be a fan of Bethesda Softworks, the videogame company behind "Brink" and "Fallout: New Vegas." It still stole information belonging to more than 200,000 users registered with the site.

Bethesda Softworks

614-LulzSec for Hire

Anyone could call into the phone number 614 LULZSEC to request a target to be DDOSed, including Escapist Magazine, Eve Online, Fin Fisher, Minecraft, League of Legends and Heroes of Newerth. Magnets.com was also hit. The group claimed to have missed more than 5,000 calls and received over 2,500 voicemails. It also redirected phone numbers to World of Warcraft customer support, FBI offices in Detroit and even to a hosting company.

614-LulzSec for Hire

Central Intelligence Agency

The CIA's public Website suffered some technical issues, which the group claimed responsibility.

Central Intelligence Agency

Serious Organized Crime Agency

Britain's FBI equivalent was knocked offline by a series of DDOS attacks. Authorities arrested and charged 19-year old Ryan Clearly with taking part in the attack.

Serious Organized Crime Agency

AntiSec: Arizona Department of Public Safety

As part of Operation AntiSec, LulzSec went after government organizations and targeted the Arizona Department of Public Safety to protest the state's controversial anti-illegal immigration law. The leaked documents included hundreds of classified documents with personal emails, names and phone numbers of state personnel, including the police department.

AntiSec: Arizona Department of Public Safety

Rocket Fuel