Lulzsec sets sights on U.S. Senate and game-maker Bethesda
IDG News Service - The Lulzsec hacking group continues to cause headaches for IT staffers. On Monday it published data it obtained from servers belonging to the U.S. Senate and Bethesda Softworks, a Rockville, Maryland, game maker.
The U.S. Senate hack appears to be the less serious of the two. According to Martina Bradford, a spokeswoman for the Senate's sergeant at arms, the hacking group managed to break into the account of an unnamed senator's office and then execute commands on the Senate's Web server. But because the server was locked down by Senate staff, it doesn't look like Lulzsec was able to do much on the server.
"Because each Senate member and committee maintains its own presence on Senate.gov and may not always incorporate recommended security protocols, Sergeant at Arms staff has configured the server to minimize the damage that can be caused by a vulnerability in any portion of the site," Bradford said via e-mail.
Even Lulzsec didn't seem to see the incident as a big deal, describing it as a "small, just-for-kicks release of some internal data."
The anonymous hacker group popped up last month and has launched successful and high-profile attacks on servers belonging to the U.S. Public Broadcasting Service, Sony and the U.S. Federal Bureau of Investigation's Atlanta InfraGard group.
In the past, Lulzsec has defaced Web servers, but apparently it was unable to do that to Senate.gov. "The intruder did not gain access into the Senate computer network and was only able to read and determine the directory structure of the files placed on senate.gov," Bradford said. IT staff learned about the hack over the weekend and immediately identified and fixed the vulnerability, she said.
It appears that Senate IT staffers "actually did a good job on security," said Chris Wysopal, chief technology officer with Veracode, a company that tests software for security flaws. It's not uncommon for hackers to find an initial vulnerability in Internet-facing servers, but the Lulzsec hackers apparently weren't able to deface the site or get access to sensitive data. "The fact that they had a good configuration meant that [Lulzsec] didn't go any further," he said.
Bethesda Softworks wasn't so lucky.
"After mapping their internal network and thoroughly pillaging all of their servers, we grabbed all their source code and database passwords, which we proceeded to shift silently back to our storage deck," Lulzsec said.
Bethesda is the maker of the Elder Scrolls role-playing video game franchise. Lulzsec has now published much of the data it claims to have downloaded from the game maker. Bethesda could not immediately be reached for comment.
The hackers said that they have usernames and passwords belonging to 200,000 gamers. But they said they're not going to publish that information. "We actually like this company and would like for them to speed up the production of Skyrim, so we'll give them one less thing to worry about. You're welcome!"
Bethesda's The Elder Scrolls V: Skyrim is due out in November.
- Hackers steal user data from the European Central Bank website, demand money
- Arrests made after international cyber-ring targets StubHub
- SQL injection flaw opens door for Wall Street Journal database hack
- Goodwill Industries probes possible payment card breach
- Aloha point-of-sale terminal, sold on eBay, yields security surprises
- The biggest data breaches of 2014 (so far)
- Blue Shield discloses 18,000 doctors' Social Security numbers
- PF Chang's says breach was 'highly sophisticated criminal operation'
- Breaches exposed 1 in 7 US debit cards in 2013
- New malware program targets banking data
This pilot fish is a contractor at a military base, working on some very cool fire-control systems for tanks. But when he spots something obviously wrong during a live-fire test, he can't get the firing-range commander's attention.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Reduce federal infrastructure risk with compliance management and situational awareness
- IBM continuous monitoring and management solutions deliver real-time situational awareness to help federal agencies understand vulnerabilities, and protect the infrastructure.
- Building a New Era in Enterprise IT
- As the digital revolution spawned by the explosive growth of disruptive technologies such as mobile, cloud, social, and analytic tools continues to fundamentally...
- The Business Value of Continuous Delivery
- Download this whitepaper to learn more about the business value of Continuous Delivery and see why it could be a game changer for...
- Coding with JRebel: Java Forever Changed
- With JRebel, developers get to see their code changes immediately, fine-tune their code with incremental changes, debug, explore and deploy their code with...
- Mobile First: Securing Information Sprawl
- Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps... All Government IT White Papers
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer...
- Charting Your Analytical Future - "Making predictive analytics part of your business processes" Webinar This session will show how predictive analytics can be used throughout the organization by anyone looking for answers and how organizations can make...
- All Government IT Webcasts