Lulzsec sets sights on U.S. Senate and game-maker Bethesda
IDG News Service - The Lulzsec hacking group continues to cause headaches for IT staffers. On Monday it published data it obtained from servers belonging to the U.S. Senate and Bethesda Softworks, a Rockville, Maryland, game maker.
The U.S. Senate hack appears to be the less serious of the two. According to Martina Bradford, a spokeswoman for the Senate's sergeant at arms, the hacking group managed to break into the account of an unnamed senator's office and then execute commands on the Senate's Web server. But because the server was locked down by Senate staff, it doesn't look like Lulzsec was able to do much on the server.
"Because each Senate member and committee maintains its own presence on Senate.gov and may not always incorporate recommended security protocols, Sergeant at Arms staff has configured the server to minimize the damage that can be caused by a vulnerability in any portion of the site," Bradford said via e-mail.
Even Lulzsec didn't seem to see the incident as a big deal, describing it as a "small, just-for-kicks release of some internal data."
The anonymous hacker group popped up last month and has launched successful and high-profile attacks on servers belonging to the U.S. Public Broadcasting Service, Sony and the U.S. Federal Bureau of Investigation's Atlanta InfraGard group.
In the past, Lulzsec has defaced Web servers, but apparently it was unable to do that to Senate.gov. "The intruder did not gain access into the Senate computer network and was only able to read and determine the directory structure of the files placed on senate.gov," Bradford said. IT staff learned about the hack over the weekend and immediately identified and fixed the vulnerability, she said.
It appears that Senate IT staffers "actually did a good job on security," said Chris Wysopal, chief technology officer with Veracode, a company that tests software for security flaws. It's not uncommon for hackers to find an initial vulnerability in Internet-facing servers, but the Lulzsec hackers apparently weren't able to deface the site or get access to sensitive data. "The fact that they had a good configuration meant that [Lulzsec] didn't go any further," he said.
Bethesda Softworks wasn't so lucky.
"After mapping their internal network and thoroughly pillaging all of their servers, we grabbed all their source code and database passwords, which we proceeded to shift silently back to our storage deck," Lulzsec said.
Bethesda is the maker of the Elder Scrolls role-playing video game franchise. Lulzsec has now published much of the data it claims to have downloaded from the game maker. Bethesda could not immediately be reached for comment.
The hackers said that they have usernames and passwords belonging to 200,000 gamers. But they said they're not going to publish that information. "We actually like this company and would like for them to speed up the production of Skyrim, so we'll give them one less thing to worry about. You're welcome!"
Bethesda's The Elder Scrolls V: Skyrim is due out in November.
- Website lets users find if personal data is exposed in large data leaks
- 'Neverquest' trojan threatens online banking users
- Hackers reportedly steal 42M customer records from online dating network Cupid Media
- Hackers use zero-day vulnerability to breach vBulletin support forum
- Facebook forces some users to reset passwords because of Adobe data breach
- New malware variant suggests cybercriminals targeting SAP users
- MongoDB support firm says intruders may have accessed databases
- Buffer encrypts access tokens after spammer hack
- Germany says U.S. may have spied on Merkel's mobile phone
- Mexico condemns alleged NSA hacking of president's email
- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
If you think getting it right from day one is always what matters, you probably haven't been following technology too closely.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Bring Networks and Applications Closer--Cisco ONE
- A series of sweeping trends is placing new requirements on the tried-and-true network model--requiring network infrastructure and applications to communicate. Get the open...
- Lippis Research Reviews the Cisco Catalyst 2960-X
- In this Lippis Report Research Note, Lippis Research reviews the latest edition of the "most popular access switch on the planet" -- the...
- Design Guide--Scaling Up to a Campus-Wide LAN
- Is it time to scale your network environment to a campus wired LAN? Here's the framework you need to set up your LAN...
- Comprehensive Security: Cisco Catalyst 2960 Series
- With a rich and comprehensive set of security features, Cisco Catalyst 2960-X and 2960-XR Series Switches can help you address networking megatrends such...
- Be Energy Efficient--The Cisco Catalyst 2960 Series
- How much energy could be saved if all 230 million Layer 2 and 3 fixed managed switch ports sold in 2012 were as... All Government IT White Papers
- Modernizing SAP environments with minimum risk - a path to Big Data Hear from top IDC analyst, Richard Villars, about the path you can start taking now to enable your organization to get the benefits...
- Vblock™ Specialized System for SAP HANA® Overview video from DJ Long about the new Vblock Specialized System for SAP HANA®.
- The Power of the Citrix Mobility Solution, XenMobile Does everything become a smartphone? Or does the smartphone begin to do everything? How can we afford to support BYOD? Rather, how can...
- BYOD Happens: How to Secure Mobility How to navigate the journey of securing mobility, including the BYOD corruption of IT, the top ten mobility strategies, and the mobility management...
- Fighting Fraud Videos: IBM Intelligent Investigation Manager Short videos about IBM Intelligent Investigation Manager (IIM) for Fraud. IIM optimizes the investigation of fraud for customers across many industries in both...
- All Government IT Webcasts
Does your organization offer extensive benefits, cool perks, competitive salaries, opportunities for training and advancement? Then get it recognized!
Nominate your company or another deserving organization for Computerworld's 2014 Best Places to Work in IT list now through Dec. 20, 2013.