LulzSec attacks US Senate and Bethesda Softworks

Filed Under: Data loss, Featured, Law & order, Privacy, Vulnerability

LulzSec ASCii artApparently committing crimes for the "lulz" is still entertaining for the group known as LulzSec.

They announced their latest conquests around 12:30pm PDT today, senate.gov and Bethesda Softworks.

Nothing terribly secret was lost in the breach of the US Senate's web server. LulzSec posted some basic information on the filesystems, user logins and the Apache web server config files.

The also dumped a directory listing of what appears to be every single file on the server. Under the Computer Fraud and Abuse Act this hack could earn someone 5 to 20 years in prison, if convicted.

At the end of their post LulzSec appears to be taunting the American authorities...

"This is a small, just-for-kicks release of some internal data
from Senate.gov - is this an act of war, gentlemen? Problem?

- Lulz Security"

They also attacked Bethesda Softworks, the makers of Quake, Fallout, Doom, Elder Scrolls and other big name video games.

Fallout logoIt is unclear why LulzSec decided to attempt to embarrass yet another video game company other than to show off.

They made a statement on their website suggesting they needed to prove they were better hackers than the group who recently hacked the website of Bethesda's new game Brink.

It is difficult to explain random acts of sabotage and defacement, so I am not going to attempt to get into the heads of those behind these attacks. About the only take-away is that it's best to secure your web assets against these types of attacks before rather than after.

, , , , ,

You might like

11 Responses to LulzSec attacks US Senate and Bethesda Softworks

  1. Jesus · 1045 days ago

    Lulz indeed.

  2. WippyM · 1045 days ago

    They're certainly making their mark, aren't they?

  3. lulz · 1045 days ago

    Lots of lulz today.

  4. James · 1045 days ago

    You don't need to get into these guys heads Chester. Lulz Security shows all the signs and mental symptoms of classic psychopaths - - a person (s) with an antisocial personality disorder, manifested in aggressive, perverted, criminal, or amoral behavior without empathy or remorse - - so we can assume they will try to harm anyone and everyone for "sport and kicks".

    • Your probably not far wrong. Just read some of their twitter posts. They seem to delight in hacking peoples emails and FB accounts and attempting to ruin their social lives etc. They also promote and support people who use the released content for malicious ends.

      They definitely don't have their morals straight even if their original intentions were sound. Either way when they released emails and passwords I think they went too far.

      Its one thing to hack the US Senate to make a point, posting some configs as proof to highlight the security vulnerability but to drag in the average user is malicious.

  5. Mr. Dreadful · 1045 days ago

    Bethesda didn't make Doom or Quake. That was id.

    • glorious mission · 1045 days ago

      bethesda bought ID recently. thats why the author probably confused himself. but all credits goes do ID.

  6. Seamus O'Reilly · 1045 days ago

    The only lulz that's going to happen is when these toolboxes get arrested.

  7. lulzabby · 1045 days ago

    I LULLED. They're simply helping people assess security problems before an actual malicious group attacks them. And having a few lulz along the way for their troubles. I actually read a great guide to getting rid of them, but it usually takes a crane to get them out.

  8. They even said in last nights release that they like Bethesda and that the hack happened months ago. According to Bethesda's blog they said the forum system was compromised?

    I'm still surprised that none of these guys seem to have been caught. Especially as their releasing the personal information of innocent people.

    Although there are numerous methods for covering their tracks, none of them are perfect and I'd be very surprised if they haven't made a mistake yet. Not to mention that they regularly are on IRC, twitter, etc

    Personally I don't support their actions but I only condemn the release of personal information belonging to innocent bystanders.

  9. Courier · 1006 days ago

    LulzSec are a bunch of script kiddies who think they are cool by stealing an using scripts, I have seen some images of the memebers and they are kids.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.