EA was the latest victim of LulzSec. In the group's farewell hack it aired 550,000 users' information via torrent.  (Source: EA)

The group also grabbed 200,000 accounts from a popular hacker forum.
Group says they will continue operations under the name "AntiSec", but are retiring their moniker

LulzSec is gone -- for now.  The group on Sunday morning at 12:01 a.m. announced its surprise departure via a press release.  But they aren't really going anywhere, and they didn't "leave" their moniker without a parting shot -- they posted the results of their latest hacking campaigns to The Pirate Bay in a modest archive.

I. Bye Bye Birdie

LulzSec has been at it for 50 days now, hacking the planet.  They've hacked [1][2][3] Sony Corp. (TYO:6758).  They've DDoSed the CIA.  They've hacked the U.S. Senate and the Arizona state police.

But after all their fun, they say their bidding adieu to the LulzSec moniker -- for now.  On the anniversary of George Orwell's birthday, they write:
Friends around the globe,
We are Lulz Security, and this is our final release, as today marks something meaningful to us. 50 days ago, we set sail with our humble ship on an uneasy and brutal ocean: the Internet. The hate machine, the love machine, the machine powered by many machines. We are all part of it, helping it grow, and helping it grow on us.

For the past 50 days we've been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others - vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It's what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself.

While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently. Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you. Even Hitler and Osama Bin Laden had these unique variations and style, and isn't that interesting to know? The mediocre painter turned supervillain liked cats more than we did.

Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. The support we've gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don't stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.

So with those last thoughts, it's time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind - we hope - inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.

Thank you for sailing with us. The breeze is fresh and the sun is setting, so now we head for the horizon.

Let it flow...
Lulz Security - our crew of six wishes you a happy 2011, and a shout-out to all of our battlefleet members and supporters across the globe

The speech brings to mind the famous comedian Johhny Carson's farewell words in 1992 on his late night show:
I can only tell you that it has been an honor and a privilege to come into your homes all these years and entertain you. And I hope when I find something that I want to do and I think you would like and come back that you'll be as gracious in inviting me into your home as you have been. I bid you a very heartfelt good night.
Of course Johnny Carson went about spreading "lulz" in quite a different fashion.  And he hacked far less people.

II.  750,000 More People Exposed

The parting shot was no "Pentagon Papers", but it did have a bit of something for everyone.

Leading the way are internal mappings of AT&T Inc. (T) and AOL Inc.'s (AOL)  servers.  The group also posted a file entitled "Office networks of corporations.txt".  The hack brings to mind Adrian Lamo's watchdog side, from the 1990s.

But where Mr. Lamo never exposed a significant class of users, LulzSec takes joy in engaging in that activity as well.  Their biggest post was leaked info of 550k users of Electronic Arts, Inc.'s (ERTS) cartoony FPS game Battlefield Heroes.  At press time we have not yet obtained the full archive, so we're unable to ascertain what details were leaked.

EA appears to confirm the breach, writing:

Battlefield Heroes is Offline

We are currently investigating an apparent security breach related to our free-to-play Battlefield Heroes franchise. We are working to identify which accounts were affected and will take all precautions to ensure those players are notified as quickly as possible. We apologize for any inconvenience and hope to have the game back online shortly.

It also posted account information on 50k "random" game forum users.

The hackers also turned on their fellow novice brethren, publishing records on the users  of (they appear to have obtained this data via the tried and true method of SQL injection -- somewhat embarrassing for a self-proclaimed "hacking" site).  In total 200k accounts were reportedly compromised on the site (that's a lot of hackers!).

The forum writes:

All ub3r and l33t must do a password reset to their email. Use contact form if you do not get your password email reset or do not have access to the email on file.

Then there's 12k North Atlantic Treaty Organization e-book center usernames and passwords (somebody will have fun reading).  NATO more or less already confirmed this breach to be authentic, posting on Friday:
Probable data breach from a NATO-related website

Police dealing with digital crimes have notified NATO of a probable data breach from a NATO-related website operated by an external company. NATO’s e-Bookshop is a separate service for the public for the release of NATO information and does not contain any classified data. Access to the site has been blocked and subscribers have been notified.
The group also posted an image file entitled " owned.png", which we'll debrief you on shortly.

And then there's 29 emails and passwords [PasteBin] at P.I. Limited of Dublin.  It's always embarrassing when security professionals wind up in these releases.

Rounding off the release, there's a post detailing an apparent vulnerability [PasteBin] of an FBI web property involving the open source content management system Plone.  And there's a cool 2,454 IP addresses [PasteBin] that are listed apparently using "root" or "admin" as their password for the corresponding administrator/superuser account name.  Ouch. 

III. Why the Sudden Exit?

The sudden departure made us initially wonder if the awaited police axe finally fell upon the audacious crew.  However as of early this morning, one of the group's ringleaders, "Sabu", was still happily posting.

He writes:
Nobody is leaving. we're working on the #antisec movement.

If you read the statement your questions will be answered. There's only been one arrest; Ryan, and he isn't part of lulzsec.

No one is disappearing. find us all @ #antisec
According to the group, they're not ceasing their activities -- they're just dropping the "lulz" and getting serious about their campaign of "cyberwar" against the world's ruling powers.  And those powers still appears as helpless as ever to capture brains behind the group.

That said, there's one major outstanding question -- what happened to Topiary.  The hacker, allegedly a core member of Anonymous, fell silent last week.  His last Twitter post was dated June 17.  So it's possible there could be something more to this story -- though for now it's just an interesting observation.

Meanwhile, another 812,000+ users will wake up Sunday morning and groan.  They've yet again been the victim of poor IT management and the ever bolder presence of Anonymous and its affiliates -- LulzSec and AntiSec.

"If a man really wants to make a million dollars, the best way would be to start his own religion." -- Scientology founder L. Ron. Hubbard

Most Popular Articles

Copyright 2018 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki