A rogue hacking organization, LulzSec, has been terrorizing different internet sites as a way of protesting certain corporations and governments that they find to be corrupt, and then adding in their own random hijinks into the mix taking down legitimate sites also which they state that they do it for the Lulz. LulzSec has “hacked” the various sites to different degrees, sometimes with the intent to hurt the company by stealing customer data and forcing them to update and fix their security flaws, other sites they do it to prove that there are security holes with no malicious intentions, and finally some sites are hit with DDoS attacks, (Distributed Denial of Service) which is overloading the server with requests so it becomes unavailable for its intended users.
Some of the high profile attacks the group LulzSec has attacked have been:
- PBS (Stole user data and posted a fake news story)
- Sony (Stole user data of up to 1 million users causing Sony to take down the Playstation network for over a month
- Nintendo (Stole a Config file and apologized to Nintendo, stating they love the N64 too much to hurt them)
- Black & Berg Cybersecurity Consulting (Who had posted a hacking challenge that was completed by LulzSec)
- Pron.com (A pornographic website in which 26,000 of its user’s emails and passwords were posted online with encouragement from LulzSec to try them on Facebook and other sites)
- Bethesda Game Studios (Posted information taken from their site, but did not post the 200,000 account information that they had stolen from the site also)
- Minecraft (DDoS attack from their “Titanic Take-down Tuesday”)
- League of Legends (DDoS attack from their “Titanic Take-down Tuesday”)
- The Escapist (DDoS attack from their “Titanic Take-down Tuesday”)
- FinFisher (An IT security company that was also hit with a DDoS attack from their “Titanic Take-down Tuesday”)
- EVE Online (DDoS attack from their “Titanic Take-down Tuesday”)
- Writerspace.com (62,000 User emails and passwords were posted, later it was revealed it was from Writerspace.com)
- InfraGard (a Company that works the FBI for botnet detection, they hacked and leaked some user accounts from their data base)
- British National Health Service (They emailed the administratiors letting them know they found a security hole, and did not intend on exploiting it)
- Senate.gov (Released emails and passwords of users of senate.gov)
- Cia.gov ( Used a DDoS attack to take down the site after the Pentagon said that cyberattacks could be considered an act of war)
LulzSec has made a name for themselves with their various hacking sprees which have all happened over the course of the last couple months, but what should be noted to users is the fact that these sites aren’t keeping your data safe, and that any hacking organization can steal your info if they want. With every user list and password they release those users run the risk of having their other sites hacked into, as LulzSec encourages everyone to try these emails and passwords on as many sites as possible to try to cause mayhem on the internet.
What you should do
As a user there are a couple of things that you should do to protect yourself.
- Re-evaluate your password, and look into creating stronger passwords
- Check out our quick guide on password creation, or download our free whitepaper for all the tips on creating a strong password
- Not all sites are secure with your information, including small sites (I.E. Writerspace.com). If you use one username and password for everything, they have all your passwords now
- Services like LastPass can help you store and change all your passwords easily
- A site has been set up to check to see if your email has been stolen