LulzSec Vows To Continue Cyber Attacks On Governments, Hits Sega Pass
The hacker group LulzSec says it will join forces with sister hacker collective Anonymous in a campaign against government networks, while continuing its cyber attacks companies, most recently hitting the video game maker Sega.
LulzSec outlined the campaign with Anonymous, code-named Operation Anti-Security , in a letter posted on pastebin.org. LulzSec said that the groups planned to unite in an effort to execute targeted attacks on governments, while inviting users to join the effort.
’As we're aware, the government and whitehat security terrorists across the world continue to dominate and control our Internet ocean. Sitting pretty on cargo bays full of corrupt booty, they think it's acceptable to condition and enslave all vessels in sight. Our Lulz Lizard battle fleet is now declaring immediate and unremitting war on the freedom-snatching moderators of 2011,’ LulzSec said in its blog post.
LulzSec said that the biggest priority was to ’steal and leak any classified government information, including e-mail spools and documentation,’ with the primary targets being ’banks and other high-ranking establishments.’
LulzSec's declaration follows a little over a week after two international crackdowns resulting in 32 Anonymous hackers arrested in Turkey and three apprehended in Spain.
’Whether you're sailing with us or against us, whether you hold past grudges or a burning desire to sink our lone ship, we invite you to join the rebellion,’ the group said in its post. ’Together we can defend ourselves so that our privacy is not overrun by profiteering gluttons. Your hat can be white, gray or black, your skin and race are not important. If you're aware of the corruption, expose it now, in the name of Anti-Security.’
The effort follows weeks after the Pentagon announced that cyber attacks would be treated as an act of war, which served to evoke a retaliatory strike by LulzSec hackers against the Web site of FBI affiliate InfraGard .
The campaign differs from others in that it actively enlists the help of users around the world, and appears to be an active declaration of war, security experts say.
’Unfortunately, this is guerrilla cyber warfare. They’re showing that they’re very, very effective and politically motivated,’ said Charles Dodd, cyber warfare advisor to the U.S. government. ’While they may not be getting classified information, it shows they’re not worried about getting caught.’
Dodd said that the slew of recent cyber attacks posed a a message to the world showing that the U.S. government fails to back up its statements and is ill-equipped to defend itself against more serious cyber attacks.
’There are many, many other groups out there under the radar who have not wanted to attack certain systems on the premise that there is at least a perceived level of security. Now that all these groups are getting away with it, it’s showing that the U.S. is powerless to take these guys to task,’ Dodd said. ’In normal warfare we have deterrents, and we’re fully equipped offensive and defensive. What do we have in cyber that would be even a close equivalent? Nothing.’
Next: LulzSec Launches Cyber Attack On Sega Pass
Meanwhile, the weekend appeared to be a busy one for LulzSec, which added another notch on its belt with a cyber attack on Seaga's Sega Pass video game service that compromised 1.3 million records from its customer database.
Sega said in a statement that the hack exposed names, birth dates, e-mail addresses and encrypted passwords of Sega Pass online network members, but added that none of the stolen passwords were stored in plain text, and that credit card numbers and other personal payment card data were not affected by the breach.
’Please note that no personal payment information was stored by SEGA as we use external payment providers, meaning your payment details were not at risk from this intrusion,’ the company said in a statement.
Sega said that it was in the process of contacting its members regarding the hack. Meanwhile, Sega reset all customer passwords and took Sega Pass offline since the company detected the hack June 16. Sega advised users not to attempt to log into Sega Pass until the game was restored back online.
The company advised users who relied on the same Sega Pass login credentials for other accounts to change their immediately change their passwords.
Details of the breach, whether the attack was conducted via a SQL injection attack or by some other means, remain unclear.
The Sega attack follows in a long string over the last few months, including assaults on competing video game makers Sony, makers of PlayStation , Nintendo and CCP Games, the creators of the online game EVE Online .
And security experts contend that video games will continue to be a lucrative target, because they house copious financial and personally identifying information of customers while lacking security protections.
’Any company with large amounts of consumer information is a target, as we saw with the Epsilon Breach earlier in the year,’ said Wasim Ahmad, data protection expert and vice president at Voltage Security. ’Games companies have personally identifiable information on gamers -- their email addresses and, as we saw with the PlayStation Network breach, credit card numbers and virtual currency accounts. Anyone interfacing with consumers need to understand they need to build security into their products.’