It seems as if the recent wave of hacking is not going to end anytime soon, with the group behind the latest Sony breach managing to hack Nintendo and an FBI-affiliate website over the weekend.
LulzSec, the group who stole one million Sony Pictures accounts last week, has now admitted to breaching Nintendo’s servers and those of InfraGard, a US private sector affiliate of the FBI. Nintendo confirmed that its US website had been attacked but that no company or customer information have been leaked. In fact what LulzSec took was a server configuration file and in a post on its Twitter feed, the group said it hoped “Nintendo plugs the gap.” In a later tweet, the group said: "Re: Nintendo, we just got a config file and made it clear that we didn't mean any harm. Nintendo had already fixed it anyway." A spokesperson for Nintendo said: "We are always working to make sure our systems are secure." While the breach seems to be relatively minor and won’t affect Nintendo’s operations, it is not ideal as it prepares to unveil it’s next generation console, codenamed Project Café, at this year’s E3 show in Los Angeles.
While Nintendo may have got off relatively lightly, the same cannot be said for the Atlanta chapter of InfraGard. LulzSec managed to steal the passwords of 180 members of the non-profit organisation, including military users and cyber-security companies. InfraGard connects businesses to law enforcement agencies and works closely with the FBI. "Someone did compromise the website," the Associated Press was told by InfraGard Atlanta president, Paul Farley. "We do not at this time know how the attack occurred or the method used to reveal the passwords." While 180 passwords is not a large amount considering the amount of passwords taken in the Sony breach, these users have access to a lot more sensitive information and most re-use their passwords in other locations, a practice frowned upon by the FBI and InfraGard. One of the stolen passwords belonged to Karim Hijazi, who used his Infragard password for his personal Gmail account – and the Gmail account of the company. The company, called Unveillance, is a whitehat (or ethical hacking) company that specializes in data breaches and botnets and according to LulzSec “was compromised because of Karim's incompetence. We stole all of his personal emails and his company emails. We also briefly took over, among other things, their servers and their botnet control panel.”
But the story doesn’t end there for Hijazi. LulzSec claim it contacted him to explain the situation and he offered to pay the group to eliminate his competitors through illegal hacking means in return for their silence. LulzSec say they were just stringing him along to expose him and it has published his contact information and almost 1,000 internal company emails. Some of the emails relate to an illegal attempt to control Libyan cyberspace, according to LulzSec. The reason given by the group for the attack on InfraGard was the recent attempts by NATO and the US government to have cyber-attacks declared as acts of war
With cyber attacks currently getting widespread coverage in print and online media there is no doubt that governments around the world are going to have to do something to counter these threats, but so far they have looked like they are five steps behind the hackers at every turn.