Print 53 comment(s) - last by just4U.. on Jul 2 at 12:57 AM

EA was the latest victim of LulzSec. In the group's farewell hack it aired 550,000 users' information via torrent.  (Source: EA)

The group also grabbed 200,000 accounts from a popular hacker forum.
Group says they will continue operations under the name "AntiSec", but are retiring their moniker

LulzSec is gone -- for now.  The group on Sunday morning at 12:01 a.m. announced its surprise departure via a press release.  But they aren't really going anywhere, and they didn't "leave" their moniker without a parting shot -- they posted the results of their latest hacking campaigns to The Pirate Bay in a modest archive.

I. Bye Bye Birdie

LulzSec has been at it for 50 days now, hacking the planet.  They've hacked [1][2][3] Sony Corp. (TYO:6758).  They've DDoSed the CIA.  They've hacked the U.S. Senate and the Arizona state police.

But after all their fun, they say their bidding adieu to the LulzSec moniker -- for now.  On the anniversary of George Orwell's birthday, they write:
Friends around the globe,
We are Lulz Security, and this is our final release, as today marks something meaningful to us. 50 days ago, we set sail with our humble ship on an uneasy and brutal ocean: the Internet. The hate machine, the love machine, the machine powered by many machines. We are all part of it, helping it grow, and helping it grow on us.

For the past 50 days we've been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others - vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It's what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself.

While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently. Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you. Even Hitler and Osama Bin Laden had these unique variations and style, and isn't that interesting to know? The mediocre painter turned supervillain liked cats more than we did.

Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. The support we've gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don't stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.

So with those last thoughts, it's time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind - we hope - inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.

Thank you for sailing with us. The breeze is fresh and the sun is setting, so now we head for the horizon.

Let it flow...
Lulz Security - our crew of six wishes you a happy 2011, and a shout-out to all of our battlefleet members and supporters across the globe

The speech brings to mind the famous comedian Johhny Carson's farewell words in 1992 on his late night show:
I can only tell you that it has been an honor and a privilege to come into your homes all these years and entertain you. And I hope when I find something that I want to do and I think you would like and come back that you'll be as gracious in inviting me into your home as you have been. I bid you a very heartfelt good night.
Of course Johnny Carson went about spreading "lulz" in quite a different fashion.  And he hacked far less people.

II.  750,000 More People Exposed

The parting shot was no "Pentagon Papers", but it did have a bit of something for everyone.

Leading the way are internal mappings of AT&T Inc. (T) and AOL Inc.'s (AOL)  servers.  The group also posted a file entitled "Office networks of corporations.txt".  The hack brings to mind Adrian Lamo's watchdog side, from the 1990s.

But where Mr. Lamo never exposed a significant class of users, LulzSec takes joy in engaging in that activity as well.  Their biggest post was leaked info of 550k users of Electronic Arts, Inc.'s (ERTS) cartoony FPS game Battlefield Heroes.  At press time we have not yet obtained the full archive, so we're unable to ascertain what details were leaked.

EA appears to confirm the breach, writing:

Battlefield Heroes is Offline

We are currently investigating an apparent security breach related to our free-to-play Battlefield Heroes franchise. We are working to identify which accounts were affected and will take all precautions to ensure those players are notified as quickly as possible. We apologize for any inconvenience and hope to have the game back online shortly.

It also posted account information on 50k "random" game forum users.

The hackers also turned on their fellow novice brethren, publishing records on the users  of (they appear to have obtained this data via the tried and true method of SQL injection -- somewhat embarrassing for a self-proclaimed "hacking" site).  In total 200k accounts were reportedly compromised on the site (that's a lot of hackers!).

The forum writes:

All ub3r and l33t must do a password reset to their email. Use contact form if you do not get your password email reset or do not have access to the email on file.

Then there's 12k North Atlantic Treaty Organization e-book center usernames and passwords (somebody will have fun reading).  NATO more or less already confirmed this breach to be authentic, posting on Friday:
Probable data breach from a NATO-related website

Police dealing with digital crimes have notified NATO of a probable data breach from a NATO-related website operated by an external company. NATO’s e-Bookshop is a separate service for the public for the release of NATO information and does not contain any classified data. Access to the site has been blocked and subscribers have been notified.
The group also posted an image file entitled " owned.png", which we'll debrief you on shortly.

And then there's 29 emails and passwords [PasteBin] at P.I. Limited of Dublin.  It's always embarrassing when security professionals wind up in these releases.

Rounding off the release, there's a post detailing an apparent vulnerability [PasteBin] of an FBI web property involving the open source content management system Plone.  And there's a cool 2,454 IP addresses [PasteBin] that are listed apparently using "root" or "admin" as their password for the corresponding administrator/superuser account name.  Ouch. 

III. Why the Sudden Exit?

The sudden departure made us initially wonder if the awaited police axe finally fell upon the audacious crew.  However as of early this morning, one of the group's ringleaders, "Sabu", was still happily posting.

He writes:
Nobody is leaving. we're working on the #antisec movement.

If you read the statement your questions will be answered. There's only been one arrest; Ryan, and he isn't part of lulzsec.

No one is disappearing. find us all @ #antisec
According to the group, they're not ceasing their activities -- they're just dropping the "lulz" and getting serious about their campaign of "cyberwar" against the world's ruling powers.  And those powers still appears as helpless as ever to capture brains behind the group.

That said, there's one major outstanding question -- what happened to Topiary.  The hacker, allegedly a core member of Anonymous, fell silent last week.  His last Twitter post was dated June 17.  So it's possible there could be something more to this story -- though for now it's just an interesting observation.

Meanwhile, another 812,000+ users will wake up Sunday morning and groan.  They've yet again been the victim of poor IT management and the ever bolder presence of Anonymous and its affiliates -- LulzSec and AntiSec.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Hide behind laws?
By infidel01 on 6/26/2011 1:10:20 PM , Rating: 0
Everyone here keeps looking for someone to blame. Or something new to hide behind. here is the truth, these types of intrusion (webserver based)can never be avoided 100% all you can do is mitigate the damage. The people who will get hurt by these attacks are the ones who are not educated enough about the Internet to use it or the ones who ignore that education. How many times have you been told not to use the same password for every website? and do you?

Corporations are people, Hackers are people and the victims are people. People are making these choices and people are making the mistakes that let them.

The solutions to these problems? Moral and technical Education. We need you to start using your computer with some intelligence and smarts. Stop downloading every new application you find and stop responding to every e-mail you get. Stop raging on people when the disagree or do something stupid in a game your playing. Stop running your mouth to random people or people you are asking for stuff from.

What we need is not everyone to have a Unique-ID, that will kill it. More laws? like we can enforce the ones we have now? and set up by people who are still from the age of the typewriter? Really should they make the laws?

People need to stand up for them selves and take responsibility for their action and lack of it. They need to start keeping there own ass save and stop crying when someone slaps it for hanging out.

Oh I need to add, a lot of these hacks can be done with little to know knowledge of hacking (See Hackforums) and a lot of these tools are free any easy to find. That does not mean every hack is a script kiddy stolen hack nor does it mean that lulzsec are script kiddy's. They are hacking websites not using known sploits. Stop trying to draw blood with no evidence and start trying to fix the issue. That being, stupid people using a system years beyond their grasp.

"And boy have we patented it!" -- Steve Jobs, Macworld 2007

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki