An illustration of the "Lulz Boat," posted to the LulzSec hacker group's website
(WEB HOST INDUSTRY REVIEW) — Hacker group LulzSec (www.lulzsecurity.com) has sunk its ship 50 days after setting sail on the “LulzBoat,” hacking a list of organizations along the way that includes PBS, Fox and the CIA, and leaving service providers working to patch holes in their customer’s operations.
While LulzSec hasn’t identified precisely why they are retiring, many online reports have theorized that the arrest of an alleged Sony hacker last week may have something to do with it.
The high-volume, but short-lived, string of attacks cast a shadow of doubt over IT security that now may have users thinking twice before using the same login information in multiple locations, and organizations wondering where the holes might be in their own security.
Even LulzSec tweeted, “reusing passwords is kind of like owning multiple houses and using the same key for each one. Don’t expect people not to steal your shit.”
The hacks may cause people to question the safety of their personal information in the hands of corporations and even governments. “Your tax money is being used to pay for things to not be secured so that people like us can take what you expect to be kept inaccessible,” LulzSec tweeted.
As the hacking activity slows down, and the media storm blows over, the WHIR takes a look back at the hacks that made LulzSec the hottest topic in security this month.
May 7, 2011: LulzSec starts by leaking names, phone, numbers, emails and other private information of contestants on the Fox game show X-Factor.
May 10, 2011: The group follows up on its first attack by stealing Fox employee usernames and passwords and taking over various Twitter accounts owned by the network.
May 15, 2011: LulzSec leaks the details of 3000 ATM transactions for “someone to find a use for it all.”
May 23, 2011: In response to a PBS documentary on Wikileaks that LulzSec found unfavorable, the hackers post fake news stories claiming dead rappers Tupac Shakur and Notorious B.I.G. are alive in New Zealand. LulzSec releases information from PBS.org databases.
June 2, 2011: After almost recovering from a devastating hack on its PlayStation Network, Sony is targeted yet again. LulzSec leaks information from several databases of its Sony Pictures arm. Apparently, the hack was managed with a single SQL injection. At this point, LulzSec has about 7,200 Twitter followers.
June 3, 2011: Sony was not the only video game maker under attack. LulzSec accesses a server configuration file from one of Nintendo’s US-based servers. In addition, the group leaks approximately 180 passwords and usernames from cybersecurity firm InfraGard and the US Army.
June 6, 2011: LulzSec leaks more Sony information including Sony developer source code and internal network maps of Sony BMG.
June 10, 2011: Porn website Pron.com has 26,000 log-in passwords stolen by LulzSec. Some of the information allegedly belongs to government officials.
June 13, 2011: LulzSec targets another game maker, Bethesda, by stealing 200,000 gamers’ usernames and passwords. This time the group doesn’t leak the information online. LulzSec also hacks a US Senate server though it isn’t able to access the computer network.
June 15, 2011: LulzSec launches a request hotline via Twitter for people to call in and request the group’s next target. “These are kind of lame targets, but we’re just doing them from requests,” LulzSec tweets. “Someone, somewhere, is getting their lulz fulfilled today!” At the end of day one post, LulzSec says it has 5,000 missed calls and 2,500 voicemails. The group takes responsibility for an outage on the CIA website.
June 16, 2011: LulzSec leaks 62,000 email and password combinations to remind fans that “Lulz Security always delivers.”
June 17, 2011: LulzSec hits 1,000 tweets.
June 20, 2011: Reports say the outage on the UK Serious Organised Crime Agency website was the result of a DDoS attack from LulzSec.
June 23, 2011: LulzSec takes aim at Arizona in response to its anti-immigration law, SB1070. The group leaks personal information belonging to the state’s law enforcement authorities.
June 26, 2011: LulzSec announces its retirement and posts data from various companies including AT&T, AOL and NATO. LulzSec has 283,418 followers on Twitter.
About Nicole Henderson
Nicole Henderson writes full-time for the Web Host Industry Review where she covers daily news and features online, as well as in print. She has a bachelor of journalism from Ryerson University in Toronto, and has been writing for the WHIR since September 2010. You can find her on Twitter @NicoleHenderson.
No related posts.
