Australia charges man claiming to be LulzSec leader
Australia has charged a 24-year-old man who allegedly defaced a government website earlier this month and claims to be the leader of LulzSec, a rogue inactive hacking group.
The man, from Point Clare about 50 miles north of Sydney, was charged with two counts of unauthorized modification of data and one count of unauthorized access. He could face up to 12 years in prison if convicted, according to the Australian Federal Police (AFP). Read more...
LulzSec leader turns informant, helps FBI bring down group
In a move straight out of a suspense novel, the leader of infamous hacking troupe LulzSec teamed up with federal agents to bring down top members of organization in an early morning sting that spanned two continents. A total of five high-ranking LulzSec members — two from Ireland, two from Great Britain, and one American — are now in custody thanks to help from Hector "Sabu" Monsegur, the alleged leader of the digital gang. Read more...
VPN Providers Mull ‘Fraudster’ Database In Wake of Lulzec Fiasco
Last month it became clear that an alleged Lulzsec member who had carried out attacks on various organizations including Sony and the UK’s Serious Organised Crime Agency, had used an ‘anonymous’ VPN service supplied by HideMyAss. According to documents obtained by TorrentFreak, VPN providers worried by the bad publicity are now considering data sharing to combat ‘fraudsters’.
September 2011 will be a month that VPN provider HideMyAss will want to forget. Dozens of news outlets retold the story that an alleged Lulzsec member, allegedly partly responsible for attacks on Sony, the UK’s Serious Organised Crime Agency, AT&T, Viacom, Disney, EMI, NBC Universal, AOL and NATO, not to mention the newspapers The Sun & The Times, had used their services to remain anonymous. Read more...
Alleged LulzSec Sony hacker arrested
The U.S. Federal Bureau of Investigation has arrested a Phoenix student, claiming that he is one of the LulzSec hackers responsible for a database attack on Sony Pictures computers that claimed more than 1 million victims.
Cody Kretsinger, 23, was arrested Thursday morning on hacking and conspiracy charges. Prosecutors say he was "Recursion," an LulzSec hacker who used a database attack technique called SQL injection to break into Sony Pictures systems. Kretsinger allegedly provided data that was used in a mammoth June 2, 2011, data dump by LulzSec that included coupon codes along with email addresses and passwords belonging to Sony customers.
At the time that LulzSec posted its data, Sony was already recovering from a devastating break-in to its PlayStation Network. That intrusion knocked the service offline for more than two months and cost the company an estimated ¥14 billion ($183 million) to clean up. Read more...
Anonymous suspect ‘Topiary’ charged over DDoS attacks
The 18-year-old teenager identified by police as the spokesman for the hacking groups Anonymous and Lulz Security was charged on Sunday with five offenses and expected to appear Monday in a London court.
Jake Davis, 18, was arrested in the Shetland Islands on Wednesday. He is alleged by police to be "Topiary," a spokesman who did interviews with media and ran a prolific Twitter account documenting frequent denial-of-service attacks and data theft escapades of Anonymous and LulzSec.
Davis was charged with conspiring with others to conduct DDoS attacks against the website of the Serious Organised Crime Agency, a British law enforcement institution similar to the U.S. Federal Bureau of Investigation. Read more...
10 best practices to prevent data and privacy breaches
The antics of groups like Anonymous and LulzSec over the past few months have made data breaches seem inevitable. If information security vendors like HBGary and RSA Security aren't safe, what hope does an average SMB have? It is true that there is no silver bullet, and no impervious network security, but there are a variety of things IT admins can do to prevent network breaches and protect data and privacy better.
The Web safety and online identity protection experts at SafetyWeb.com and myID.com helped put together a list of 10 different data and privacy breach scenarios, along with suggestions and best practices to avoid them.
1. Data breach resulting from poor networking choices. Names like Cisco and Sun are synonymous with enterprise-level networking technologies used in large IT departments around the world. Small or medium businesses, however, generally lack the budget necessary for equipment like that. If an SMB has a network infrastructures at all, it may be built around networking hardware designed for consumer use. Some may forego the use of routers at all, plugging directly into the Internet. Business owners can improve network security and block most threats by using a quality router, like a Netgear or Buffalo brand router and making sure to change the router password from the default. Read more...
Anonymous, LulzSec vow to hack on
In a defiant statement addressed largely at FBI director Steve Chabinsky, members of the Anonymous and LulzSec hacktivist groups vowed to continue with their hacking campaigns and dared law enforcement to try and stop them.
The statement comes just two days after the FBI arrested 14 alleged members of Anonymous in connection with a series of distributed denial of service (DDoS) attacks against PayPal last year.
The immediate provocation appears to have been some comments made by Chabinsky in a NPR report following the recent arrests.
In it, Chabinsky is quoted as saying that chaos on the Internet is unacceptable. "[Even if] hackers can be believed to have social causes, it's entirely unacceptable to break into websites and commit unlawful acts." Read more...
Pentagon loses 24,000 classified files in massive hacking breach
The Pentagon has been taking cybersecurity a good deal more seriously lately — but a new breach could mean it's too little, too late. The news that 24,000 sensitive files had been leaked was ironically — or perhaps appropriately — revealed during a cyber strategy speech in which the military unveiled more about its aggressive new strategy for dealing with threats that aren't quite as cut and dry as those on the battlefield.
According to Deputy Defense Secretary William J. Lynn III, the documents were lifted from a defense contractor during a single hack perpetrated by "foreign intruders" in March of this year. Read more...
With FBI raid, law enforcement circles LulzSec
Time may be running out for the members of LulzSec as police continue to step up their inquiries into the hacking group.
On Monday, the U.S. Federal Bureau of investigation executed a search warrant at a Hamilton, Ohio, residence -- a raid that local media has linked to the ongoing investigation of LulzSec. The raid comes two days after LulzSec ended a 50-day hacking rampage by posting internal documents belonging to AT&T and data stolen from gaming forums and a NATO website. Read more...
LulzSec’s parting Trojan is a false positive
The LulzSec hacking group sailed off into the sunset Saturday, leaving behind a treasure trove of stolen data along with what some antivirus programs identified as a nasty surprise for anyone who downloaded the Torrent file: a Trojan horse program.
But not so fast. On Monday several antivirus vendors took a close look at the file in question and decided that the program wasn't actually harmful. Consider it an inadvertent parting prank on the security industry the hacking grew took such delight in tormenting. More Lulz for the Lulz Boat.
Early in the day, 26 of the 42 security companies whose scanning products can be tested on the VirusTotal Web site reported that a file within LulzSec's "AT&T internal data" folder was malware, designed to give hackers remote access to the victim's computer. Read more...
LulzSec calls it quits after 50 days of ‘mayhem’
The computer hacking group LulzSec said Saturday it had ended its campaign of cyberassaults on government and corporate websites and that it was time for it to "sail into the distance."
Its announcement came three days after LulzSec released its latest trove of internal documents, stolen from the Arizona Department of Public Safety computer network, and four days after U.K. police said they had made the first arrest of a man allegedly affiliated with the group.
"Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind - we hope - inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love," the group said in a post on the Pastebin website. Read more...
Despite arrest, Lulzsec sails on
The hacking group known as LulzSec pledged to continue their online rampage Tuesday, a day after U.K. police arrested a man allegedly affiliated with the group.
Scotland Yard declined to name the 19-year-old man, but LulzSec and local media identified him as Ryan Cleary. According to LulzSec, he operated an Internet Relay Chat (IRC) server used by the group and was not a leader.
"Ryan Cleary is not part of LulzSec; we house one of our many legitimate chatrooms on his IRC server, but that's it," the group said Tuesday in a Twitter message. "Clearly the UK police are so desperate to catch us that they've gone and arrested someone who is, at best, mildly associated with us. Lame." Read more...
Lulzsec sets sights on U.S. Senate and game-maker Bethesda
The Lulzsec hacking group continues to cause headaches for IT staffers. On Monday it published data it obtained from servers belonging to the U.S. Senate and Bethesda Softworks, a Rockville, Maryland, game maker.
The U.S. Senate hack appears to be the less serious of the two. According to Martina Bradford, a spokeswoman for the Senate's sergeant at arms, the hacking group managed to break into the account of an unnamed senator's office and then execute commands on the Senate's Web server. But because the server was locked down by Senate staff, it doesn't look like Lulzsec was able to do much on the server. Read more...
Tupac hackers to Sony: ‘Beginning of the end’
A group that made headlines for hacking the PBS Web site earlier this week is apparently turning its attention to Sony.
The group known as LulzSec has been promising Sony attacks since this past weekend when it posted to its Twitter account that it is engaged in an operation it calls "Sownage," shorthand for Sony Ownage. The group stated at the time that it was working on hatching a plan that would be the "beginning of the end" for Sony. It has yet to reveal what it has planned. But yesterday the group said that the attack was already under way, seemingly without Sony's knowledge. Read more...