Sophos Cloud Optix
Apparently committing crimes for the “lulz” is still entertaining for the group known as LulzSec.
They announced their latest conquests around 12:30pm PDT today, senate.gov and Bethesda Softworks.
Nothing terribly secret was lost in the breach of the US Senate’s web server. LulzSec posted some basic information on the filesystems, user logins and the Apache web server config files.
The also dumped a directory listing of what appears to be every single file on the server. Under the Computer Fraud and Abuse Act this hack could earn someone 5 to 20 years in prison, if convicted.
At the end of their post LulzSec appears to be taunting the American authorities…
"This is a small, just-for-kicks release of some internal data
from Senate.gov - is this an act of war, gentlemen? Problem?- Lulz Security"
They also attacked Bethesda Softworks, the makers of Quake, Fallout, Doom, Elder Scrolls and other big name video games.
It is unclear why LulzSec decided to attempt to embarrass yet another video game company other than to show off.
They made a statement on their website suggesting they needed to prove they were better hackers than the group who recently hacked the website of Bethesda’s new game Brink.
It is difficult to explain random acts of sabotage and defacement, so I am not going to attempt to get into the heads of those behind these attacks. About the only take-away is that it’s best to secure your web assets against these types of attacks before rather than after.
Lulz indeed.
They're certainly making their mark, aren't they?
Lots of lulz today.
You don't need to get into these guys heads Chester. Lulz Security shows all the signs and mental symptoms of classic psychopaths – – a person (s) with an antisocial personality disorder, manifested in aggressive, perverted, criminal, or amoral behavior without empathy or remorse – – so we can assume they will try to harm anyone and everyone for "sport and kicks".
Your probably not far wrong. Just read some of their twitter posts. They seem to delight in hacking peoples emails and FB accounts and attempting to ruin their social lives etc. They also promote and support people who use the released content for malicious ends.
They definitely don't have their morals straight even if their original intentions were sound. Either way when they released emails and passwords I think they went too far.
Its one thing to hack the US Senate to make a point, posting some configs as proof to highlight the security vulnerability but to drag in the average user is malicious.
Bethesda didn't make Doom or Quake. That was id.
bethesda bought ID recently. thats why the author probably confused himself. but all credits goes do ID.
The only lulz that's going to happen is when these toolboxes get arrested.
I LULLED. They're simply helping people assess security problems before an actual malicious group attacks them. And having a few lulz along the way for their troubles. I actually read a great guide to getting rid of them, but it usually takes a crane to get them out.
They even said in last nights release that they like Bethesda and that the hack happened months ago. According to Bethesda's blog they said the forum system was compromised?
I'm still surprised that none of these guys seem to have been caught. Especially as their releasing the personal information of innocent people.
Although there are numerous methods for covering their tracks, none of them are perfect and I'd be very surprised if they haven't made a mistake yet. Not to mention that they regularly are on IRC, twitter, etc
Personally I don't support their actions but I only condemn the release of personal information belonging to innocent bystanders.
LulzSec are a bunch of script kiddies who think they are cool by stealing an using scripts, I have seen some images of the memebers and they are kids.