Hackers Steal Login Info, Deface LinkedIn Accounts

By Fahmida Y. Rashid  |  Posted 2011-05-14

Four hackers gained access to a database of e-mail accounts and Twitter accounts of two affiliates just for fun, or "lulz."

Calling itself Lulz Security, the group appeared to have stolen login credentials for e-mail and LinkedIn accounts belonging to employees, and a database file containing names, phone numbers and e-mail addresses of people interested in appearing on talent show The X-Factor. The group also hijacked Twitter accounts belonging to two Fox affiliates, WFQX in Michigan and KADN in Louisiana.

The security team at Fox Broadcasting first discovered the April 19 data breach about a week after the incident, where the group accessed and obtained usernames and passwords information for over 300 employees. Even though all the information was stolen about the same time, the group is leaking the stolen data in bursts.

It appears that LulzSec planted a hidden PHP script on to gain unauthorized access to a live production database, according to Paul Mutton, a security researcher at Netcraft. The attackers also publicized locations and partial content of several configuration files on the server.

The group's motivation for targeting Fox is not very clear. There appears to be no specific incident or policy that made Lulz Security go after Just a simple "We don't like you very much," according to a letter posted on text-sharing site PasteBin.

Lulz Security took the stolen information about potential contestants for Simon Cowell's The X Factor and posted the file on Pirate Bay in early May. Fox contacted all the individuals to instruct them to ignore all e-mails and phone calls requesting personal information. A post on Twitter promised more leaks from, "probably more user login info."

Lulz Security manually tested all 364 employee accounts to see how many were using the same password on LinkedIn. The group found 16 and defaced the accounts which have all been taken down.

"Don't use the same password twice. Your laziness will not end well," the group posted on LulzSec.

Lulz Security openly discussed its activities on its own Twitter feed. The hackers also took pains to differentiate themselves from hacktivist collective Anonymous, but invited the group to join in on the fun. "Take from them everything," the group encouraged any interested would-be hackers, noting "Remember to proxy up, or tunnel like a pro!"

Despite all the information and warnings about reusing passwords and picking secure passwords, it's clear many people at weren't listening. Fred Touchette, senior security analyst at AppRiver found that many of the affected users used "password" as the password. While some mixed letters and numbers or added a number after a word in all lower-case, no one had a "single complex password comprised of letters, numbers, symbols, punctuation, upper and lower case," Touchette said.

Don't reuse passwords across Web sites, and pick strong ones. You never know where hackers are going to hit next.

"Considering fun is now restricted to Friday, where we look forward to the weekend, weekend, we have now taken it upon ourselves to spread fun, fun, fun, throughout the entire calender year," Lulz Security wrote.

Rocket Fuel