LulzSec Publishes 62,000 E-mail Addresses, Passwords
In the latest chapter of its hacking onslaught, hacker group LulzSec has posted more than 62,000 e-mail addresses and passwords reaped from cyber attacks over the last few months.
LulzSec asked its supporters to go to the 4Chan forum and ’post stuff about 'Boxxy,'’ promising to reward supporters by publishing over 50,000 e-mail addresses and passwords. The group delivered an even larger bounty than promised.
The e-mail addresses are from a range of service providers, but primarily feature addresses from Hotmail and Yahoo, as well as Gmail. Passwords range from simple dictionary words to complicated strings of letters, numbers and symbols.
"Hope everyone enjoys that list. Good to see some refreshing carnage. We'll be back in a few hours, folks," LulzSec said in its Twitter feed.
It’s unclear how LulzSec acquired the host of e-mail addresses and passwords, but they were likely gained over time from its various hacking rampages.
The public list prompted some users to try out the passwords, which provided access to a multitude of accounts such as Facebook, Twitter, as well a range of e-mail and dating sites.
LulzSec, also known as Lulz Boat, has in recent months gone on a very public hacking spree, breaking into high profile targets that included Sony , InfraGard, an affiliate of the FBI, the the U.S. Senate , and most recently, the CIA’s public facing Web site .
In addition, the hacker group recently targeted the game EVE Online with a simple packet flood that launched a distributed denial of service attack on the site.
The DDoS attack forced EVE Online creators to take the game offline for around five hours Tuesday. CCP Games, the firm behind the popular game, said that it decided to take EVE Online and its own Web site offline as a precautionary measure in order to prevent a more serious attack designed to obtain critical information.
’Our policy in such cases is to mobilize a taskforce of internal and external experts to evaluate the situation. At 17:55 UTC, that group concluded that our best course of action was to go completely offline while an exhaustive scan of our entire infrastructure was executed,’ according to the EVE blog post. ’While some may feel that such a drastic reaction was not warranted, it is always our approach to err on the side of caution in order to ensure the best possible service for our players and the security of their personal, billing and account information.’
Next: Cyber Attacks Prompts Renewed Interest In Security
At least one channel partner has said that the slew of hacks appearing in the news almost daily has caused a noticeably increased interest in security best practices assessments, as well as penetration tests and internal policy reviews.
’A number of these have been back burner projects that have I believe been reprioritized to be more urgent based on recent events,’ said Bill Calderwood, president of security solution provider The Root Group, based in Boulder, Colo. ’These attacks have clearly raised the security awareness among some of our customers.’
Calderwood said that one large customer in particular has made it point to tighten security this week, while other larger enterprise customers began to re-evaluate their security polices and are asking harder question to internal security teams. As such, The Root Group has of late been reviewing previous security audits and scheduling new ones that are more specific and detailed focused.
Calderwood added that he has also lately seen government customers ask for alternative products when a ’known compromise has been accomplished against a specific vendor.’
’I think corporate America is realizing that as the potential monetary or social reward from a hack increase, so does the sophistication of the tools and the motivation of the tool’s users. Identity theft seems to be top of mind as most people know someone who has suffered some level of identity compromise and it becomes part of the conversation at the dinner table,’ he said. However, that said, others have the attitude of ’another day, another breach. What else is new?’’