LulzSec
Latest
DOJ accuses WikiLeaks founder Julian Assange of recruiting hackers
The Justice Department has filed updated charges against WikiLeaks founder Julian Assange that accuse him of recruiting hackers from Anonymous and beyond.
The hacker who helped the FBI stop cyberattacks is now a free man
Lead LulzSec hacker Sabu (aka Hector Xavier Monsegur) was no doubt hoping for leniency when he turned informant, and it looks like his gamble has paid off. A federal court has sentenced him to the time he served in 2012, letting him walk away a free man. As prosecutors explain, Monsegur was a very "productive cooperator" -- he provided complete, detailed information that helped the FBI take down LulzSec and stop a string of cyberattacks against both corporate and government targets, including Sony.
Hacker-turned-FBI informant may have orchestrated foreign cyberattacks
The hacker subplot in House of Cards' second season might have felt out of place, but from the sounds of a recent New York Times report, Frank Underwood's methods for putting captured hackers to work might not be too far-fetched. After being busted by the FBI, top LulzSec hacker Sabu may have conscripted at least one former accomplice to carry out a string of cyber-attacks against foreign banks and government websites, according to interviews and documents obtained by the Times. Sabu's seemingly indirect involvement suggests that he may have acted as a federal informant, helping to exploit the likes of the Heartbleed security flaw for state-sponsored cyber-terrorism. For the full report, be sure to head over to the source link. [Image credit: Idhren/Flickr]
Four Lulzsec hackers convicted in Britain
Confirmed Lulzsec members Ryan Cleary, Jake Davis, Mustafa al-Bassam and Ryan Ackroyd have been sentenced for their part in the great hack of 2011, which saw Lulzsec targeting notable companies such as Sony, EA and Nintendo. The four were initially charged nearly a year ago. Davis, as leader, was sentenced with two years jailtime, while Cleary was sentenced to 32 months for producing malicious software, Ackroyd for 30 months for his role as press secretary of the group and Al Bassam, who posted the stolen data online, was given a 20-month suspended sentence. "The harm they caused was foreseeable, extensive and intended," Andrew Hadik, lawyer for the Crown Prosecution Service told BBC. "Indeed, they boasted of how clever they were with a complete disregard for the impact their actions had on real people's lives. This case should serve as a warning to other cybercriminals that they are not invincible." Lulzsec carried out many high-profile hacks in 2011, starting with the Sony Pictures hack that eventually led to a lengthy PSN outage. Lulzsec also attacked Nintendo, EVE Online, Minecraft, The Escapist and Battlefield Heroes before calling it quits.
Prosecutors laugh last, Lulzsec hackers sentenced
The Lulzsec hackers responsible for a string of 2011 cyber attacks that targeted game companies including Sony, Nintendo, Epic, Bethesda, and Mojang have been sentenced to jail time. Gamespot reports that Ryan Cleary, Jake Davis, Mustafa al-Bassam, and Ryan Ackroyd pled guilty last month. The BBC says that the men could also face extradition to the United States due to various indictments. Lulzsec targeted a number of high profile corporations during the summer of 2011. The attacks resulted in Sony Online Entertainment MMOs and Sony's PlayStation Network going offline for several weeks.
Lulzsec pair plead guilty to hacking, two more deny charges
Ryan Cleary and Jake Davis are two individuals who were suspected to be involved with hacking group Lulzsec, an outfit claiming responsibility for several high-profile attacks in the gaming industry in 2011. Lulzsec is perhaps best known for its attack against Sony as retaliation for legal actions against George Hotz, the guy who rooted the PS3.Cleary, who is 19, and Davis, the younger of the two at 18, both admitted membership in Lulzsec today at Southwark Crown Court, pleading guilty to "conspiracy to do an unauthorised act or acts with intent to impair, or with recklessness as to impairing, the operation of a computer or computers," Eurogamer reports.The two both denied making available "unlawfully obtained confidential computer data" on the internet. Two other individuals, 25-year-old Ryan Ackroyd and an unnamed 17-year-old, both denied charges they were involved in Lulzsec hacking.
My whole life is a hack: how Geohot owned the iPhone, PS3 and inadvertently rallied hacktivists
George Hotz is no stranger 'round these parts. Better known as Geohot, he first achieved internet fame at the age of 17 with his announcement of a hardware unlock method for the original iPhone. From there, he moved on to even greater notoriety with a PlayStation 3 exploit that quickly attracted the ire -- and legal wrath -- of Sony. Now profiled in The New Yorker, we're given a candid and unique insight into the world of George Hotz, whereby his own admission, he wasn't motivated by an ideology so much as boredom and the desire to control a system. The freedom issues, it seems, were merely an afterthought. George Hotz is unique. We're talking about someone who was programming by age five, building video game consoles by the 5th grade and making appearances on NBC's Today at age fourteen. Like many brilliant adolescents, he experimented with drugs and rebelled against authority. Eventually, the powers that be caught up with him, and George Hotz was sued by Sony on January 11th, 2011. The lawsuit drew the attention of malicious hacker groups such as Anonymous and LulzSec, which retaliated against the company in very public ways. However unintentional, Geohot became the poster child for hacktivists and inspired a movement that quickly grew out of control -- if only more of us could be so productive with our boredom. For an insightful read into one of the most influential hackers of our time, be sure to hit the source link below.
How GeoHot went from winning science fairs to instigating the hacker war
Hackers built the Internet. Throughout the 1970s and '80s hackers altered the Internet from a strictly business communications system for the defense department and librarians into a robust online community for anyone with a computer to use as they pleased. The Internet and computer technology is still evolving, perhaps at a a faster, more public rate today, and hackers are still at the forefront of its design. Hackers such as Geohot, the guy who rooted Sony's PS3 early last year.George Hotz posted the PS3 root key online with a statement reading "I don't condone piracy" in January 2011 and it spread online. Geohot became an unsuspecting martyr in the hacker community when Sony sued him and won an injunction barring him from ever tampering with a Sony product again. Thus began the hacker wars, The New Yorker suggests in a biographical run-down of 2011's events.Hotz was brilliant in science and technology fields throughout middle and high school, winning $15,000 at the Intel International Science and Engineering Fair in 2007 and appearing in Forbes and on The Today Show for his technological achievements.He hacked the PS3 master key while he was high on OxyContin and Vicodin. He didn't condone or participate in any of Anonymous' hacks into Sony's servers, and since his online spotlight has faded he's worked for Facebook, quit and run amok in Panama, and met with Sony engineers curious about his methodology. He has reminders to "Call therapist" on his whiteboard. Geohotz is human, The New Yorker makes sure to point out.The full story is available here, or we figure you can just watch this eerily similar dramatic recreation of an antisocial programmer's rise to fame. They're both human, after all.
Top LulzSec members arrested, group leader reportedly acted as informant
The LulzSec hacking group may have officially called it quits last June, but that doesn't mean it was able to escape the eye of law enforcement. As Fox News reports, today saw three group members arrested and two more charged with conspiracy -- a move that one FBI official described as "chopping off the head of LulzSec." What's more, it's reported that group leader "Sabu," now identified as 28-year-old Hector Xavier Monsegur, was acting as an informant for the FBI since he was first caught and secretly arrested in June of last year (around the time the group disbanded). Court documents unsealed today also show that Monsegur has pleaded guilty to carrying out attacks on companies like MasterCard and PayPal, and that he's been charged with 12 criminal counts of conspiracy. The full indictments against the group's members can be found at the Gizmodo link below, and the FBI's press release can be found after the break.
Star Wars Galaxies fan site hacked, 23K passwords stolen
Talk about kicking a game's community when it's down. VentureBeat reports that Star Wars Galaxies.net, a major SWG fan site, was hacked yesterday. Star Wars Galaxies.net is part of a LucasArts fan site network, and apparently was not being actively maintained, as the last update was in June of 2009. Still, over 21,000 email addresses and 23,000 passwords were stolen -- some of which could lead to identity theft, according to authorities. The hack was perpetrated by ObSec, a small group in the vein of LulzSec. The hackers posted the email addresses and passwords online for all to see. Analysis of the passwords found that 71% were relatively weak and easy to crack anyway. Some Star Wars Galaxies players may see this as an unfortunate echo of the much larger Sony hack that happened earlier this year. We at Massively urge any players who have used this fan site to make sure that they change their passwords elsewhere as well.
Hacker groups tried to take down WoW ... and failed
Given the recent hacking of major companies, could WoW be hacked? In an article posted today at Digital Spy, Lead Game Designer Tom Chilton replies that attempts have been made recently, but Blizzard came through unharmed. While the question and answer doesn't specifically say LulzSec or Anonymous, I think it's safe to assume LulzSec is the group in question, given the recent high-profile attacks on U.S. government sites and other MMOs, like EVE Online. Most of LulzSec's work has been focused on DDoS attacks and breaking into servers to create "lulz." During their most recent spree, rumors abounded that WoW was a target; however, nothing came of it. It would now appear nothing came of it thanks to Blizzard's security measures. Tom Chilton Several major gaming studios have fallen victim to hackers of late. What measure are Blizzard taking to ensure that WoW is not hit? We have always tried to be as diligent as we possibly can when it comes to security. Certainly when hacking was going on with other companies recently there were numerous attempts against ourselves also. Fortunately, our security was good enough, so we didn't lose data or anything like that. We always put a high priority on security, but that's not to say you can ever be impregnable. We're not resting on our laurels saying 'they can't get us'. It's always a possibility, and we take it very serious, but so far, so good. source
Before disbanding, LulzSec releases Battlefield Heroes data
The sextet of hackers known as "Lulz Security" may be done with their 50-day reign of semi-terror, but that doesn't mean the ramifications of their actions are over. In a final file released alongside yesterday's statement, the group released info from approximately 550,000 Battlefield Heroes beta user accounts (according to Rock, Paper, Shotgun) as well as the info from roughly 50,000 "random gaming forum" users. EA tells Eurogamer that the info was from "an early beta version" of the game, and "no emails, account history, credit card numbers or payment methods" were obtained. Apparently the breach took down BF Heroes servers over the weekend, though EA also explained that it has recovered the free-to-play FPS to operational status. And though it's possible that some of the group's handiwork has yet to be discovered, we're hopeful that this is the last story of a breach we'll be writing after the hacking group's disbandment.
Fifty days of 'lulz' over: LulzSec disbands
The secretive hacking group known as LulzSec has announced that it is formally disbanding with the completion of its planned 50 days of mayhem. Among its many targets that it has hacked, including government sites, LulzSec struck at The Escapist, Bethesda Game Studios, League of Legends, and EVE Online. LulzSec sent out a final statement, which said the group was a band of six hackers who had planned 50 days of attacks from the beginning. Now that the time is up, the group plans to fade into the shadows. The group hopes that others will continue with these illegal activities: "Behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us." While a suspected member of LulzSec was arrested a few days ago, the organization denied that he was part of the collective.
LulzSec doffs its gray hat, your games are safe (for now)
Lulzsec, the anonymous anti-security task force responsible for hacking Sony Pictures, Nintendo, EVE Online, Minecraft, and The Escapist, announced today that its 50-day tour of internet pillaging has come to an end. In a press release posted on The Pirate Bay, the team of six hackers used confusing metaphors about Hitler and cats (seriously) to justify their attacks, citing the "chaotic thrill of entertainment and anarchy" as their main motivation. While the group claims that they had always planned to call it quits after 50 days, we think this retreat has more to do with the British arrest of 19-year-old Ryan Cleary. Lulzsec's six hackers hope that their "movement" can continue without them, writing, "Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve." We don't know about you guys, but we can't remember ever feeling oppressed by Super Mario Bros. Peep the full press release after the jump.
Suspected LulzSec member arrested
Shhh. You hear that? It sounds like laughter. Lulzing, in fact. Could it be Ryan Cleary's future cellmate? Who's Ryan Cleary, you say? According to a news blurb at PC Gamer, he's the 19-year old chap recently taken into custody by the FBI and Scotland Yard and accused of spear-heading the LulzSec-sponsored DDoS attacks against EVE Online, Nintendo, the United States Senate, and the Central Intelligence Agency, to name a few. Cleary is rumored to be a former member of Anonymous, and a Scotland Yard spokesperson says that the arrest was the result of an extensive and ongoing probe into the rash of cyber-crimes perpetuated over the last several months. "The arrest follows an investigation into network intrusions and distributed denial of service attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group," PC Gamer reports. Remaining LulzSec luminaries are seemingly unconcerned, if a message posted to the group's Twitter account earlier today is any indication. "Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here," the message said.
Sega Pass hack exposed 1.3 million accounts, LulzSec denies responsibility
The Sega Pass hack has been upgraded from "temporary loss of some service to which we weren't really paying attention," all the way to "reasonably serious business." In a statement to Reuters, Sega revealed the scope of the data breach: over 1.3 million user accounts, including dates of birth and passwords. The publisher made it clear when it initially announced the breach that payment information wasn't at risk. "We are deeply sorry for causing trouble to our customers," Sega spokesperson Yoko Nagasawa said in today's statement. "We want to work on strengthening security." This time, hacker collective LulzSec isn't claiming responsibility, instead sending out a tweet offering to help Sega find the actual culprit. "We love the Dreamcast," they said. "These people are going down."
Report: LulzSec hacking group releases thousands of account logins, includes Xbox Live and Facebook [update]
Adding to the list of game-related companies it has attacked, LulzSec yesterday claimed to have stolen and leaked the login and password information for approximately 62,000 "internet accounts," reports the CBC. The stolen info is said to comprise logins/passwords from Facebook, Twitter, "dating sites," PayPal and, notoriously, Xbox Live. It is also claimed that the majority of accounts are from the United states, though several other countries are named in the report. The account database info is still currently available through the LulzSec website (though we'd suggest not visiting) -- various folks on Twitter responding to the group claim to have done a variety of things with the information, from having a large pack of condoms delivered to an elderly woman, to one person saying they bilked a PayPal account for £250 ($404). Earlier this week, the group attacked and successfully took down a handful of game industry websites, including EVE Online, Minecraft and The Escapist. All three sites quickly recovered and have been online since. Microsoft has yet to respond to request for comment on yesterday evening's alleged breach. Update: Microsoft has released a statement, which states that Xbox Live was not compromised to the best of Microsoft's knowledge, and the logins/passwords were released at random, with people encouraged to try said information on services like Xbox Live (among others). "This group appears to have posted a list of thousands of potential email addresses and passwords, and encouraged users to try them across various online sites like Xbox Live in the event one of the users happens to use the same password and email address combination. At this time we do not have any evidence Xbox Live has been compromised. However we take the security of our service seriously and work on an ongoing basis to improve it against evolving threats."
LulzSec attacks Escapist Magazine, EVE Online, and Minecraft
Hacker group LulzSec, the same group that's attacked Sony and Nintendo in the past, has tweeted that it's committed three distributed denial of service attacks against gaming companies today, bringing down EVE Online's Tranquility server, Minecraft's multiplayer services, and the Escapist Magazine's website. EVE Online's CCP has confirmed both the outage and the attack, the Escapist is unreachable at the moment, and Minecraft creator Notch says that things were down, but supposedly service has been restored. LulzSec hasn't shared a reason for the attacks just yet, but we can only guess it's, as they say, "for teh lulz." Update: The group has gone after Riot Games' League of Legends servers as well. Attempting to log in to the game gives a "server busy" message, though there's no official word from the company yet. Update: Statement from CCP after the break. EVE Online still seems to be down.
Sony Pictures breach affects 37,500 users, far less than Lulz Security claimed
Well, Lulz Sec may have overstated its level of success by declaring it had stolen 1,000,000 passwords from Sony Pictures -- turns out the number is closer to 37,500. Now granted, any breach of user data is unacceptable, but when a hacker collective's haul is less than four percent of what it claimed, everyone can breathe a little easier. The troublemakers may have made off with email addresses, phone numbers, and passwords, but Sony says no credit card or social security numbers were compromised. The company issued a statement, which you'll find after the break, and is working with the FBI to track down those responsible. Hopefully this finally closes the door on Sony's security woes, and we can go back to bringing you stories about Angry Birds ports and Kinect hacks.
NIntendo servers attacked, no customer info stolen
Nintendo admitted Sunday that its US-based servers were attacked several weeks ago by hackers, but that no customer data was taken. "The server contained no consumer information. The protection of our customer information is our utmost priority," Nintendo of America told Reuters. Lulzsec, the same group that took responsibility for the recent Sony Pictures incursion, said it had hacked Nintendo but took one file and "didn't mean any harm."
