Lulzsec sets sights on U.S. Senate and game-maker Bethesda
IDG News Service - The Lulzsec hacking group continues to cause headaches for IT staffers. On Monday it published data it obtained from servers belonging to the U.S. Senate and Bethesda Softworks, a Rockville, Maryland, game maker.
The U.S. Senate hack appears to be the less serious of the two. According to Martina Bradford, a spokeswoman for the Senate's sergeant at arms, the hacking group managed to break into the account of an unnamed senator's office and then execute commands on the Senate's Web server. But because the server was locked down by Senate staff, it doesn't look like Lulzsec was able to do much on the server.
"Because each Senate member and committee maintains its own presence on Senate.gov and may not always incorporate recommended security protocols, Sergeant at Arms staff has configured the server to minimize the damage that can be caused by a vulnerability in any portion of the site," Bradford said via e-mail.
Even Lulzsec didn't seem to see the incident as a big deal, describing it as a "small, just-for-kicks release of some internal data."
The anonymous hacker group popped up last month and has launched successful and high-profile attacks on servers belonging to the U.S. Public Broadcasting Service, Sony and the U.S. Federal Bureau of Investigation's Atlanta InfraGard group.
In the past, Lulzsec has defaced Web servers, but apparently it was unable to do that to Senate.gov. "The intruder did not gain access into the Senate computer network and was only able to read and determine the directory structure of the files placed on senate.gov," Bradford said. IT staff learned about the hack over the weekend and immediately identified and fixed the vulnerability, she said.
It appears that Senate IT staffers "actually did a good job on security," said Chris Wysopal, chief technology officer with Veracode, a company that tests software for security flaws. It's not uncommon for hackers to find an initial vulnerability in Internet-facing servers, but the Lulzsec hackers apparently weren't able to deface the site or get access to sensitive data. "The fact that they had a good configuration meant that [Lulzsec] didn't go any further," he said.
Bethesda Softworks wasn't so lucky.
"After mapping their internal network and thoroughly pillaging all of their servers, we grabbed all their source code and database passwords, which we proceeded to shift silently back to our storage deck," Lulzsec said.
Bethesda is the maker of the Elder Scrolls role-playing video game franchise. Lulzsec has now published much of the data it claims to have downloaded from the game maker. Bethesda could not immediately be reached for comment.
The hackers said that they have usernames and passwords belonging to 200,000 gamers. But they said they're not going to publish that information. "We actually like this company and would like for them to speed up the production of Skyrim, so we'll give them one less thing to worry about. You're welcome!"
Bethesda's The Elder Scrolls V: Skyrim is due out in November.
- Yahoo Japan says 22 million user IDs may have been stolen
- Payment card processors hacked in $45 million fraud
- The Onion explains how its Twitter account was hacked
- Name.com forces customers to reset passwords following security breach
- Systems manager arrested for hacking former employer's network
- Dutch bill would give police hacking powers
- After hack, LivingSocial tells 50M users to reset passwords
- Amazon looks to move security appliances to the cloud
- Gh0stRAT malware attacks continue, researcher says
- AP Twitter hack looks like a security tipping point
- Google I/O 2013's Coolest Products and Services
- 10 Star Trek Technologies That are Almost Here
- 19 Generations of Computer Programmers
- 25 Must-Have Technologies for SMBs
- A walking tour: 33 questions to ask about your company's security
- 15 social media scams
- The 7 elements of a successful security awareness program
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Federal IT Innovation Caught in a Catch-22
- Fed resources shoring up old infrastructure, holding back new technologies.
- Case Study: Hospital Turns to Email Archiving Solution to Ensure Regulatory Compliances
- Read this case study to learn how a cloud-based email archiving solution enabled the hospital to meet government mandates and helps avoid thousands...
- Case Study: In-the-Cloud Email Service Replaces Three Point Products
- Read this case study for more information on a comprehensive in-the-cloud email service to help replace three point products.
- Case Study: Simplifying the Transition to Exchange 2010 with Email Management Solutions
- Read this case study to learn how a cloud-based email management solution greatly simplified the company's transition to Exchange 2010.
- What does it take to deliver Security, Privacy and Trust at Mimecast?
- This whitepaper explains the process and controls that Mimecast put in place to deliver a secure, private and trusted SaaS platform for your... All Government IT White Papers
- 3 Reasons Why Sepaton is the World's Fastest Backup Solution
- Leading analyst, Storage Switzerland learns how Sepaton backs up and deduplicates massive data volumes while maintaining the industry's fastest performance - all in...
- Enterprise File Sharing: All You Need to Know
- Security. Scalability. Control. These are just some of the many benefits of enterprise cloud file-sharing that you'll discover in this KnowledgeVault, packed with...
- Bridging HTTP and FTP with FileXpress Internet Server
- What if you could take an FTP server on your internal network, and allow external users (partners or customers) to securely access it...
- MFT and FileXpress - An Overview
- Business users and applications exchange files on a regular basis. File transfer is a core part of the flow of business activity.
- Content Analytics: Big Data Conquered, Customer Service Elevated
- For organizations looking to start a content analytics program or improve their existing capabilities, Aberdeen Group and IBM will lay out several recommendations... All Government IT Webcasts