Lulz Security, a griefer group largely credited (blamed?) for its unwavering Sony attacks, was back at it again this week. Following its hacks of the U.S. Senate website, the group has claimed responsibility for two high-profile incidents: the packet-flooding (and crash) of the CIA’s website and an exploit that leaked a monster list of private e-mail addresses and passwords into the wild.
LulzSec announced both hacks via its Twitter account. Criminally, the CIA attack is big — huge, in fact — at least on a national security level. But it’s the group’s second exploit that could be even more upsetting for the public: Confidential data was plucked from Bethesda Software, including server admin configurations, admin staff and blog user hashes, server logs, and mappings of Arkane, Bethblog, Brink codes, Brink signups, IDSoftware, Rage, and others.
End result? The group compromised more than 62,000 email addresses and passwords.
The last time the group performed a digital “smash and grab” of e-mail addresses and passwords, they took 26,000 of them from porn sites. This time, LulzSec isn’t saying if it pinpointed certain sources or how the data was collected from the public. But it did post the entire list via a Mediafire download link that was widely covered this week — which is sad, because the link got yanked, leaving people without a way to check if they were victimized.
LulzSec wound up posting the list in its entirety on its own website, so if you’re worried about your info, you can find it here and conduct a simple page search to alleviate your concerns. No doubt malicious people will be hitting this hard, so if you’re on the list, it should go without saying that you’ll want to change your password. You may even want to ditch this account, if you can, and choose a new e-mail address.
In the end, the more innocuous hack of the two — crashing the CIA’s site — could be the very thing that brings the fury down on them. (The intelligence agency doesn’t take kindly to people messing with them.) Some people would be thrilled to see the group get taken down, while others support them like fans devotedly following their favorite action heros.
Where do you stand? Are the LulzSec hackers — and for that matter, Anonymous and its own multi-country cells of cyber attackers — the white-hat digital activists that their supporters make them out to be, or do you consider these groups to be online terrorists leaving behind an unconscionable trail of innocent victims?
UPDATE: Questions have been surfacing about whether LulzSec is attacking Anonymous. These stem from claims that the former made about infecting /b/ (short for http://boards.4chan.org/b/. It’s a subsection of 4chan, which is used by some Anonymous hackers). On Wednesday, 4Chan.org was down for a little while, leading people to think that LulzSec was going after Anonymous, but the group has come out to deny this. For more info, hit up this link.