Articles about Hacking

I awoke this morning to find my wife watching "WarGames", the classic 1980s hacker movie. That got me to thinking about hacker group LulzSec Security, which has been mighty busy this month. Is it a group of stereotypical, mischievous hackers or dangerous cybercriminals? Under the law, the distinction is meaningless. But your answer means something to me and to other Betanews readers.

Please answer the simple poll below and respond in comments. I normally despise anonymous comments but understand if you feel the need to create a new Betanews account to respond. Or you can send email to joe at betanews dot com. Your identity or anonymity is probably safest with me. I don't give up sources.

Continue reading →

Brasil.gov.br and Presidencia.gov.br, two sites belonging to the government of Brazil, were the latest victims of anti-security hacker group LulzSec on Tuesday.

The now-familiar cry of "Tango Down!" came across Twitter from LulzSec and another account named LulzSecBrazil on Tuesday evening, signaling that the hacker group had successfully brought down another website. The group initiated a DDoS attack against the U.K.'s Serious Organized Crime Agency this week, and called for a rally to pillage government data stockpiles for secret information.

Continue reading →

The "lulz" for LulzSec may be about to end as worldwide authorities begin a push to apprehend those responsible. The British Metropolitan Police Service -- better known as Scotland Yard -- said Tuesday that it had arrested a 19-year-old man believed to be one of the lead individuals within the hacking collective.

UK law enforcement was under increasing pressure to find those responsible after LulzSec said that it planned to release the entire database from Britain's 2011 census. That would have meant some 62 million people could have their personal data exposed, the biggest hack yet for the group.

Continue reading →

Anonymous, the hacker collective famous for performing cyber attacks as public retribution, has reportedly teamed up with LulzSec, the hacker group that attacks mostly for entertainment, for a mission going by the title AntiSec (Anti-Security) which seeks to expose any government-classified information that can be stolen.

LulzSec, which has recently stolen headlines for a rash of denial of service attacks issued an AntiSec manifesto today, asking everyone to join the rebellion.

Continue reading →

Sega is the latest video game company to fall prey to hackers, as the Sega Pass network of gaming sites, forums, and customer offers has been taken down and the information connected to 1.3 million accounts stolen.

User names, birthdates, e-mail addresses and passwords were all exposed in the security compromise. Fortunately for users, it did not include any financial information.

Continue reading →

LulzSec is having quite the week of hacktivist actvity. After launching DDoS attacks against gaming sites' log-in pages, setting up a hotline for requesting hacks and hacking both the CIA and US Senate, the group released a long list of passwords and email addresses it had obtained. Is yours among them? Whew, mine isn't. You should check, too, if using public services like AOL, Gmail or Yahoo.

I'm amazed at the ridiculous passwords people use. A quick search of the 62,000 released by LulzSec finds hundreds of instances of  "123456" and "password" as password. There are 28 "11111", more than twice as many "0000" and 20 variations of the "f" word. Then there are the repeaters, like "alex186" for five different email addresses.

Continue reading →

One day after opening a hotline to take requests for its next hacking target, black hat security group LulzSec appears to have taken down the website belonging to the Central Intelligence Agency (CIA.)

The image above is from the group's Twitter feed just about half an hour ago, CIA.gov remains unreachable (Error 7 (net::ERR_TIMED_OUT): The operation timed out.) from our location in Maryland (others claim to see no change to the site.)

Continue reading →

LulzSec has started crowdsourcing its nefarious online activities by opening a request line for future assaults.

Yesterday, the hotline number went out via LulzSec's Twitter account: "Call into 614-LULZSEC and pick a target and we'll obliterate it. Nobody wants to mess with The Lulz Cannon -- take aim for us, twitter. #FIRE." I called the number today. There's something there. I didn't leave a take-down request.

Continue reading →

In what is an embarrassing oversight for Citigroup, attackers that got away with information on over 200,000 credit card holders only needed to make a change in the string of the URL itself. This means that as long as you had the account number, you would be able to access all personal data associated with that particular account.

Citigroup should consider itself lucky that more customers did not have their accounts compromised. How the hackers got the credit card numbers themselves is not clear yet, but the vulnerability allowed them to jump among accounts automatically by just being logged in and running a script.

Continue reading →

LulzSec continued to push its collective luck over the weekend, breaking into US Senate computers and publishing the directory structure on its website. The move is LulzSec's most brazen yet: breaking into government computers is a serious offense.

The group is responsible for hacks on FBI-related sites and Nintendo, and has also claimed responsibility for attacks on PBS' site where it posted an article claiming late rapper Tupac Shakur was still alive, as well as at least a half-dozen attacks on Sony.

Continue reading →

Fresh off a hack of the Sony Pictures website last week, hacking group LulzSec turned its attention elsewhere. FBI related websites were attacked on Friday night, and it was revealed this weekend that the US web servers of Nintendo had been hit by the group several weeks ago.

In the Nintendo hack, LulzSec took no information. "Re: Nintendo, we just got a config file and made it clear that we didn't mean any harm. Nintendo had already fixed it anyway.

Hijazi claims that LulzSec attempted to extort money from Unveillance in exchange for them not publicly releasing his information, although the hacking group claimed that Hijazi wanted LulzSec to hack his competitors. Hijazi maintains that no sensitive information was disclose about his company's anti-hacking efforts, since the e-mails were of a personal and work nature.

Continue reading →

Earlier this week, Google claimed to have uncovered a password-stealing campaign that originated from Jinan, China, and targeted senior U.S., officials and other prominent individuals. The Chinese government later denied involvement. The attacks' origins aren't being disputed so much as who is responsible.

The most famous cases of alleged "cyberwar" have some common characteristics that are at the heart of the problem. It's never clearly the governments conducting the attacks and it's plausible that outside actors are responsible. This leads to the "attribution" problem of cyberwar, that it's never crystal clear where retaliatory measures should be targeted.

Continue reading →

Perhaps the question should be: "If I hold my breath waiting for Sony to answer and I die, can someone sue?" Because Sony's continued promises when PSN will be back up are like the kid who incessantly promises to clean his room and never does. Subscribers grow impatient, with the vast majority answering our poll are ready to switch to Xbox 360 and Xbox Live.

Late last month, Sony promised partial PSN restoration -- gaming, music and video services -- on May 4, a pledge repeated on May 1. It's now May 8, and PSN is still down. I checked just before posting.

Continue reading →

As Sony is in the final stages of getting the PlayStation Network back online, a new threat may be emerging. People with knowledge of the IRC chat room where hackers have been congregating to discuss the attacks are discussing a new effort, CNET reported late Thursday.

This news comes amid word from Sony that it had entered "the final stages of internal testing of the new system," likely indicating PSN would be back up in a matter of days. The issue also has prompted a letter from Sony chairman and CEO Sir Howard Stringer, who reiterated that the company was working "around the clock" on the issue.

Continue reading →

Hard-core players hate to lose games. But what happens when they're the sport -- the object of play? That increasingly is the state of PlayStation Network subscribers, following a hack that swiped personal data. If that's you, there are ways to protect you now and from future data theft anywhere on the Internet. Fun and games don't have to end when someone breaks in.

It all started so innocently. Two weeks ago, PlayStation Network went down. The next day, Sony promised the outage would last for a "day or two" to the despair of the fun-loving millions who use the service to access multiplayer games, movies, music and other downloadable entertainment. At the time, Sony raised the possibility that a hacker instigated the outage, but it took six days and outside help before it was revealed that PSN had indeed been the victim of a hack -- one that compromised the personal data of as many as 77 million customers. Today, new details emerged that, despite denials, Anonymous may have been responsible for the hack and data theft.

Continue reading →