UPDATED 11:44 EST / JUNE 14 2011

LulzSec Continues Headline Grabbing Hacks with U.S. Senate Website and Bethesda Softworks

lulzsec-senate-gov In what is a flurry of activity certainly leading towards some sort of crash-and-burn, now infamous hacker group LulzSec had a very busy day yesterday. First, they made threats and hints all day about hacking the databases of video game publisher Bethesda Softworks—best known for their development of the highly open-world game Morrowind and its upcoming sequel Skyrim. This comes in the wake of LulzSec exposing passwords from Sony and a porn industry network, picking a fight with the FBI and NATO, and “nicely” hacking Nintendo.

This activity surely cannot be sustained at this level before authorities close in—but their Twitter account is still loud and proud. In fact, most of the media attention has been directed at statements made from that mouthpiece.

Although the group claims that they’d already compromised one of the websites belonging to the video game publisher two months ago, the online statement by Bethesda acknowledges attacks over the weekend.

“Over the past weekend, a hacker group attempted an unlawful intrusion of our websites to gain access to data,” wrote a Bethesda. “We believe we have taken appropriate action to protect our data against these attacks.” It is unknown at this time what the hackers (presumably LulzSec) managed to do and what, if anything, they took at that time. What they released may have been an entirely different thing and their planning seems to have been rolled over in their heads with some juvenile snickering.

“We’re going to release lots of Bethesda/ZeniMax data today – however we might not release their 200,000+ users as we love Call of Cthulhu,” LulzSec posted on their Twitter account before commenting that they already had the data for some time now. “Bethesda, we broke into your site over two months ago. We’ve had all of your Brink users for weeks. Please fix your junk, thanks! ^_^.”

The hacker group did eventually release some exposed passwords and documents on Pastebin, from which they mention they excluded the information from the 200k Brink users:

“We actually like this company and would like for them to speed up the production of Skyrim,” posted the hacker group, “so we’ll give them one less thing to worry about. You’re welcome! ;D.”

lulzsec-failboat-amberAttached also their newest manifesto, they included a “bonus round” which involved sensitive configuration files taken from the U.S. Senate website Senate.gov. The compromised information doesn’t involve anything extremely sensitive to the U.S. government; but it is important information for the website (configuration files that run the servers, at first glance it looks like an Apache conf and a directory map) in order to prove that they successfully breached the site.

“We don’t like the US government very much. Their boats are weak, their lulz are low, and their sites aren’t very secure. In an attempt to help them fix their issues, we’ve decided to donate additional lulz in the form of owning them some more! This is a small, just-for-kicks release of some internal data from Senate.gov – is this an act of war, gentlemen? Problem?”

If this happens to be legit, it looks like LulzSec have waded into territory that extends beyond basic computer frauds and into the much-vaunted territory of hacking government resources—activities that often come with much stiffer penalties. The “is this an act of war, gentlemen,” comment comes from a recent finding by the U.S. Department of Defense that the U.S. will consider any cyberattacks against its infrastructure (Senate.gov probably included) as potentially an act of war. Of course, as LulzSec isn’t acting on the behest of a foreign power—no, it’s not an act of war, just trespassing.

In the wake of this breach, the U.S. Senate has ordered a security review of their websites. Something that is probably long overdue and only highlighted by the apparent ease of the intrusion—of course, nothing that the hacker group could have been holding onto this data for months means the actual intrusion happened long ago.

Spokesmen for the Senate website have said that it was the equivalent of burglarizing the gift shop and bragging about pilfering souvenirs; however, from a security standpoint, the intrusion is indeed quite embarrassing and they intend to look into their overall security.

Undoubtedly the news of this penetration of security will develop further. We’ll stay on top of it.



A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU