Sony PlayStation Network Hacked Again - Another massive data breach

 

Hacker groups such as Anonymous has attacked many different targets

The hacker group known as Lulz Security has leapt to prominence by carrying out a series of attacks on Sony, Nintendo, and broadcasters Fox and PBS.

What is Lulz Security? Like many hacker groups, LulzSec appears to be a loosely organized collective in which no-one is really in charge.
It claims to specialize in finding poorly protected websites to attack. Information they steal is sometimes posted to the web.
Sony has been prominent among its victims. In early June Lulz Security broke into the servers behind the sonypictures.com, sonybmg.nl and sonybmg.be websites.
The group gained access to around one million user accounts and published details of several thousand online.
Why Lulz? Lulz is a corruption of the famous web abbreviation

The logo of Lulz Security suggests the group does not take what it does too seriously

LOL which stands for "Laugh Out Loud".
Humour forms part of the group's agenda, as outlined on its website.
"Considering fun is now restricted to Friday, where we look forward to the weekend, weekend, we have now taken it upon ourselves to spread fun, fun, fun, throughout the entire calendar year," declares a message on the front page.
The humour references seem to be intended to separate the group from others that hack for money.
But not everything LulzSec does is for the fun of it.
The group also hacked the website of America's Public Broadcasting Service because it made a documentary critical of Wiki-leaks.
Who are they? No-one knows.
The internet and the web make it easy to be superficially anonymous and LulzSec has done a good job of hiding its tracks.
We do not even know if it is a group or just an individual with lots of time on their hands.
How long has LulzSec been active? Since early May.
One of the first documents the group posted was a list of US X Factor contestants complete with names, date of birth, e-mail addresses and phone numbers.
However, it is impossible to know whether members of Lulz Security were active in other groups before they joined this one.
It is possible that LulzSec was formed by people who were disillusioned with other groups and wanted to cause a stir on their own. Members of LulzSec may also still be part of other hacking groups.
Can't they be tracked down? Not really.
Net analysis suggests that the computers handling their website are located in Palo Alto, California. However, it is easy to administer a website from far away, so that is no guide to their location.
Some have tried to look at the group's Twitter stream to see when they post messages and to work out their time zone.
Even that could be misleading because the Tweets could be posted automatically or by a member of the group in that part of the world.
Any reasonably competent hacker group will pipe what they do through a series of machines that sit in different jurisdictions to complicate any attempt to track them down.
LulzSec are likely to find themselves getting more attention from law enforcement following their recent attack on Unveillance, a non-profit organization affiliated to the FBI.
How good are they at what they do? Hard to say.
The tricks they have used to winkle out information from websites are well-known and tools to carry them out are available for free all over the net.
In the case of the recent Sonypictures.com hack, the group used an SQL injection - a relatively straightforward attack on the website's log on system.
Their success may have more to do with the security failings of their targets than it does with their command of computer code.
Are there lots of hacking groups? Hundreds.
They range from disinterested academics and professionals through teenage trouble-makers to out-and-out criminals.
At one end of the scale are "white hat" hackers who find vulnerabilities and inform website owners so they can fix them
"Black hat" hackers represent the other extreme - they are typically criminals or hackers working for criminals looking to access information for profit.
In the middle are "Grey hat" hackers who are generally intent on mischief making. At the moment, LulzSec seems to fall into this category.

Related post:
Hackers Have Stolen Name and Passwords PSN

Another massive data breach at Sony PlayStation Network - Reset Security

Hackers have stolen names and passwords belonging to users of Sony Europe's website and published them to the Internet.

It's the latest in a series of attacks which have hammered the electronics multinational. Security researchers have counted about a dozen breaches since the beginning of this year, including two particularly serious ones which exposed 100 millions users' personal details.

Europe - Another massive data breach at Sony has left hackers exulting, customers steaming and security experts questioning why basic fixes haven't been made to the Sony's cybersecurity program.
Hackers say they managed to steal a massive trove of personal information from Sony Pictures' website using a basic technique which they claim shows how poorly the company guards its users' secrets. Security experts agreed Friday, saying the company's security was bypassed by a well-known attack method by which rogue commands are used to extract sensitive data from poorly constructed websites.
"Any website worth its salt these days should be built to withstand such attacks," said Graham Cluley, of Web security firm Sophos. Coming on the heels of a massive security breach that compromised more than 100 million user accounts associated with Sony's PlayStation and online entertainment networks, Cluley said the latest attack suggested that hackers were lining up to give the company a kicking.
"They are becoming the whipping boy of the computer underground," he said.
In a joint statement from Michael Lynton, Chairman and Chief Executive Officer, and Amy Pascal, Co-Chairman, Sony Pictures Entertainment on Friday night acknowledged the breach and said the company had taken action "to protect against further intrusion."

"We have also retained a respected team of experts to conduct the forensic analysis of the attack," the statement said. It did not go into details about specific actions that will be taken to prevent future security breaches.
It wasn't clear how many people were affected. The hackers, who call themselves Lulz Security — a reference to the Internetspeak for "laugh out loud"— boasted of compromising more than 1 million users' personal information — although it said that a lack of resources meant it could only leak a selection on the Web. Their claim could not be independently verified, but several people whose details were posted online confirmed their identities to The Associated Press.
Lulz Security ridiculed California-based Sony for the ease with which it stole the data, saying that the company stored peoples' passwords in a simple text file — something it called "disgraceful and insecure."
Several emails sent to accounts associated with the hackers as well as messages posted to the microblogging site Twitter were not returned, but in one of its tweets Lulz Security expressed no remorse.

"Hey innocent people whose data we leaked: blame Sony," it said.
Sony's customers — many of whom had given the company their information for sweepstakes draws — appeared to agree.