The hacker group, LulzSec, who have been making the rounds like media hungry children has found a port at a sex industry website, and after a short round of cannon shelling from the Lulz Boat, they invaded and pillaged passwords and e-mail addresses. An article in Naked Security (an aptly named subdivision of Sophos) outlines what we know about the current exploits of this hacker group and what they did to the Internet community at large in this round,
The hackers compromised the database of the hardcore website (called “Pron”), exposing not only the email addresses and passwords of over 25,000 members but also the credentials of 55 administrators of other adult websites.
Furthermore, LulzSec drew particular attention to various government and military email addresses (.mil and .gov) that appeared to have accounts with the porn website.
That must be an embarrassing one to explain to the boss…
To add insult to injury, the LulzSec group called on its many recent Twitter followers to exploit the situation, by logging into Facebook with the email/password combinations and tell the victim’s Facebook friends and family about their porn habit.
Like proverbial cyberspace Viking-ninja-pirates, LulzSec has become the rampaging Vandal hordes of the Internet seas, byways, and fjords making them public enemy number one of any highly visible website who haven’t locked down their security. They started out small, copycatting the apparent sophisticated hack against Sony that took down the PlayStation Network in April, moved onto hit Nintendo (albeit gently), and ran roughshod over other video-game industry websites as they went.
We’ve even seen them accept a declaration of war from the FBI and NATO, who classed them as “dangerous to member states.”
We’ve not seen the last of these cybermayhem troublemakers.
All of their attacks so far appear to be aimed at lightly defended targets and each of them limn a modus operandi of exposing the poor security surrounding these sites. In fact, the Nintendo hack went gently because they then informed the operators how to fix the problem—the other hacks were not so polite and involved the exposure of sensitive data as a sort of solid swat (and, of course, embarrassing media exposure.) This most recent hack follows the same critical psychology: but not only does the site with the security breach suffer media embarrassment, LulzSec is seeking to embarrass pornography customers as well.
Although, they’re not seeking to embarrass them just because they subscribe to a porn service—LulzSec probably picked that because it’s a taboo subject in Western culture—what the hacker group finds most embarrassing is the potential case that these subscribers used the same username/password pairs for other services such as their e-mail, Facebook, and other social media accounts. If so, they’ve opened themselves up to compromise.
A factor which fits perfectly into the psychological jigsaw of LulzSec’s raison d’être.
We don’t need a group like LulzSec getting huge media exposure to understand that we need to take responsibility for our own security in the cloud. Learn to use encryption to protect your everyday personal information when it’s not entirely under your own control. Take advantage of multiple passwords and different authentication information for separate spheres of personal and social use of the Internet.
It’s a wicked and wild world out there even without the cyber Vikings like LulzSec sacking and pillaging Internet villages.