Intruder – 2011’s hacking story, from LulzSec to Anon

Wednesday, 15 June 2011 08:15 GMT By Brenna Hillier

LulzSec’s DDOS attacks against Minecraft and EVE last night are the latest instance in a year riddled with “intrusive” problems for games companies. Brenna tells 2011’s hacking story, and explains why there’s no end in sight.

Games have suffered massive fallout thanks to recent hacking activity, finding themselves locked out of online play and scurrying to change passwords and account details after data compromise.

While hackers have always existed on the fringes of the geek-gamer world, noted for targeting lucrative MMOs, the gaming world’s attention was focussed sharply by Anonymous’s decision to target Sony earlier this year.

Operation Sony

Anonymous, a venerable hacktivist group known for its scientology protests and championing of net neutrality, announced its intention to punish Sony for its legal pursuit of a group of PlayStation 3 hackers, the most prominent of whom, George “GeoHot” Hotz, eventually settled out of court.

The settlement did not satisfy Anonymous.

Launching a campaign of DDOS attacks, Anonymous managed to bring down the PlayStation Network. The resulting outcry from disgruntled gamers saw the group rethink its strategy and cease disruptive activity in favour of peaceful real-world protest.

Shortly thereafter, however, PSNgate – a mid-April external intrusion resulting in the compromise of hundreds of thousands of user records, including names, email addresses, passwords, and possibly credit card details – resulted in catastrophe for Sony.

PSN was taken down for over a month and a half as Sony frantically patched holes. The PlayStation Store remained out of action even longer, finally resurfacing in early June.

Anonymous initially and repeatedly denied responsibility for the dramatic attack on the PSN, but Sony claimed to have found an Anonymous-related text file on its servers.

Senior members of the anarchic organisation later admitted a splinter group was probably responsible.

As well as costing Sony an estimated $171 million, the PSN outage is said to have dramatically impacted third-party developers and publishers.

Sony has initiated a Welcome Back package for users, and has said PSN activity has returned to 90 precent of its pre-hack levels.

Alleged members of Anonymous have been arrested this week; three in Spain and 32 in Turkey, although neither set of arrests pertained to gaming-related offences. The group has already started retailiation operations against both countries.


Anonymous isn’t the only hacker group raising ire among gamers, with the suddenly-famous LulzSec sprouting headlines left, right and centre.

LulzSec has been described as an off-shoot of Anonymous, and even a Wikileaks-related wing by conservative press, but the group itself remains quiet on its origins, beyond a historic link to 4Chan’s /b/. Its only manifesto, besides doing it for the lulz, appears to be a declaration of war on Sony.

“This is the beginning of the end for Sony … Our #Sonage (Sony + ownage) is going at maximum speed, there’s a lot to do,” the group declared, before becoming distracted by an attack on PBS.

The group has attacked Sony Pictures and Sony BMG Japan, Belgium and the Netherlands, and has claimed responsibility for multiple attackson gaming companies. Earlier this month, it managed a breach of Nintendo of America’s servers, but said it hadn’t taken anything.

Earlier this week, Lulzsec targeted Bethesda, although it appears to have done it for fun. Having gained entry to Zenimax’s networks through Brink servers, the group suggested its actions might help Skyrim release earlier.

In an unprecedented event called TitanicTakeoverTuesday yesterday, LulzSec fired DDOS atacks at EVE Online, Minecraft and League of Legends’ login servers.

CCP took its entire network down in response, guarding against the possibility of a more serious hack, and while reports suggest service resumed last night, the website is currently behaving patchily, offering the following explanation:

“The EVE Online website is temporarily unavailable. We have a number of Amarrians bringing in a Minmatar labor workers to get it back up.”

The Escapist was also dropped by the group, which claimed to have knocked the site out with just 0.4 percent of its DDOS capabilities.

LulzSec is rumoured to be targeting Blizzard next, although rival group Phsy claims to have already done so.

Lulzsec has opened a phone number for “butthurt gamers” to leave responses to recent activities, and claims to have received thousands of calls and messages.

Not alone

That’s not the end of it. A number of other attacks on gaming companies have been attributed variously to Anonymous, LulzSec and unknown groups in recent months.

On May 13, the Deus Ex website was brought down and defaced by hackers.

Square Enix later confirmed the attack resulted in 25,000 email addresses being compromised.

At the end of May, the website of venerable British publisher Codemasters was attacked, but a quick detection and response was believed to have nipped the problem in the bud.

It is now thought, though, that the first attack may have been a feint, as on June 10, Codies regretfully announced an intrusion had compromised thousands of user records.

Just one day later, Epic admitted its own network has also suffered an intrusion. Again, user data was compromised, including encrypted passwords.

There’s no reason for hackers to stop trying their luck against gaming companies.

No end in sight

The sudden spate of gaming-related hacking isn’t a coincidence; Sony’s revelation of such serious compromise has shown the world that major gaming networks can be breached, and that they have something worth stealing. Unless both of those factors change – which they won’t – there’s no reason for hackers to stop trying their luck against gaming companies.

Hacking has always been a problem for any network, and the fact of the matter is that no system is completely secure. Even if we could confidently eliminate pervasive human error and the power of sheer numbers, with enough time and patience, clever people can get in and out of any system.

All we can do is mind our personal data carefully, and trust that those who guard it are taking notice.