Sections

Intruder – 2011′s hacking story, from LulzSec to Anon

Wednesday, 15th June 2011 08:15 GMT By Brenna Hillier

LulzSec’s DDOS attacks against Minecraft and EVE last night are the latest instance in a year riddled with “intrusive” problems for games companies. Brenna tells 2011′s hacking story, and explains why there’s no end in sight.

Games have suffered massive fallout thanks to recent hacking activity, finding themselves locked out of online play and scurrying to change passwords and account details after data compromise.

While hackers have always existed on the fringes of the geek-gamer world, noted for targeting lucrative MMOs, the gaming world’s attention was focussed sharply by Anonymous’s decision to target Sony earlier this year.

Operation Sony

Anonymous, a venerable hacktivist group known for its scientology protests and championing of net neutrality, announced its intention to punish Sony for its legal pursuit of a group of PlayStation 3 hackers, the most prominent of whom, George “GeoHot” Hotz, eventually settled out of court.

The settlement did not satisfy Anonymous.

Launching a campaign of DDOS attacks, Anonymous managed to bring down the PlayStation Network. The resulting outcry from disgruntled gamers saw the group rethink its strategy and cease disruptive activity in favour of peaceful real-world protest.

Shortly thereafter, however, PSNgate – a mid-April external intrusion resulting in the compromise of hundreds of thousands of user records, including names, email addresses, passwords, and possibly credit card details – resulted in catastrophe for Sony.

PSN was taken down for over a month and a half as Sony frantically patched holes. The PlayStation Store remained out of action even longer, finally resurfacing in early June.

Anonymous initially and repeatedly denied responsibility for the dramatic attack on the PSN, but Sony claimed to have found an Anonymous-related text file on its servers.

Senior members of the anarchic organisation later admitted a splinter group was probably responsible.

As well as costing Sony an estimated $171 million, the PSN outage is said to have dramatically impacted third-party developers and publishers.

Sony has initiated a Welcome Back package for users, and has said PSN activity has returned to 90 precent of its pre-hack levels.

Alleged members of Anonymous have been arrested this week; three in Spain and 32 in Turkey, although neither set of arrests pertained to gaming-related offences. The group has already started retailiation operations against both countries.

LulzSec

Anonymous isn’t the only hacker group raising ire among gamers, with the suddenly-famous LulzSec sprouting headlines left, right and centre.

LulzSec has been described as an off-shoot of Anonymous, and even a Wikileaks-related wing by conservative press, but the group itself remains quiet on its origins, beyond a historic link to 4Chan’s /b/. Its only manifesto, besides doing it for the lulz, appears to be a declaration of war on Sony.

“This is the beginning of the end for Sony … Our #Sonage (Sony + ownage) is going at maximum speed, there’s a lot to do,” the group declared, before becoming distracted by an attack on PBS.

The group has attacked Sony Pictures and Sony BMG Japan, Belgium and the Netherlands, and has claimed responsibility for multiple attackson gaming companies. Earlier this month, it managed a breach of Nintendo of America’s servers, but said it hadn’t taken anything.

Earlier this week, Lulzsec targeted Bethesda, although it appears to have done it for fun. Having gained entry to Zenimax’s networks through Brink servers, the group suggested its actions might help Skyrim release earlier.

In an unprecedented event called TitanicTakeoverTuesday yesterday, LulzSec fired DDOS atacks at EVE Online, Minecraft and League of Legends’ login servers.

CCP took its entire network down in response, guarding against the possibility of a more serious hack, and while reports suggest service resumed last night, the website is currently behaving patchily, offering the following explanation:

“The EVE Online website is temporarily unavailable. We have a number of Amarrians bringing in a Minmatar labor workers to get it back up.”

The Escapist was also dropped by the group, which claimed to have knocked the site out with just 0.4 percent of its DDOS capabilities.

LulzSec is rumoured to be targeting Blizzard next, although rival group Phsy claims to have already done so.

Lulzsec has opened a phone number for “butthurt gamers” to leave responses to recent activities, and claims to have received thousands of calls and messages.

Not alone

That’s not the end of it. A number of other attacks on gaming companies have been attributed variously to Anonymous, LulzSec and unknown groups in recent months.

On May 13, the Deus Ex website was brought down and defaced by hackers.

Square Enix later confirmed the attack resulted in 25,000 email addresses being compromised.

At the end of May, the website of venerable British publisher Codemasters was attacked, but a quick detection and response was believed to have nipped the problem in the bud.

It is now thought, though, that the first attack may have been a feint, as on June 10, Codies regretfully announced an intrusion had compromised thousands of user records.

Just one day later, Epic admitted its own network has also suffered an intrusion. Again, user data was compromised, including encrypted passwords.

There’s no reason for hackers to stop trying their luck against gaming companies.

No end in sight

The sudden spate of gaming-related hacking isn’t a coincidence; Sony’s revelation of such serious compromise has shown the world that major gaming networks can be breached, and that they have something worth stealing. Unless both of those factors change – which they won’t – there’s no reason for hackers to stop trying their luck against gaming companies.

Hacking has always been a problem for any network, and the fact of the matter is that no system is completely secure. Even if we could confidently eliminate pervasive human error and the power of sheer numbers, with enough time and patience, clever people can get in and out of any system.

All we can do is mind our personal data carefully, and trust that those who guard it are taking notice.

Latest

54 Comments

  1. Christopher Jack

    I wonder if there is a way for ISPs to track down all of those related to these attacks. It’s kind of ironic how they’re defacing their own cause, they want a more open internet yet they exploit it to wreak havoc among millions of innocents.

    #1 3 years ago
  2. endgame

    “All we can do is mind our personal data carefully” I agree but I don’t think end users are the ones targeted by hackers. I mean what do we have or what have we done that will give the hackers a reason to use that data against us? Nothing.

    #2 3 years ago
  3. Christopher Jack

    @2, They plant discrete viruses on our computers to do their dirty work. They use our computers as a new source of power for their evil intention, whether it be spamming the internet or using our power in attacking larger targets.
    Easiest way to avoid them is to use a Linux OS since 90% of these attacks are aimed at Windows users, the other 10% at MAC users.

    #3 3 years ago
  4. jnms

    It’s pretty obvious that Joe Average is going to lose Internet freedom over this in order “to protect the public”.

    The ironic thing is that hackers don’t need Internet freedom. They will still be able to do their stuff regardless.

    Most governments have long been looking for an excuse to limit Internet access, and this might just be it.

    #4 3 years ago
  5. DrDamn

    @2
    Depends which hackers you are talking about. Lulzsec have made it clear they are doing it for the ‘lulz’ and have published data they have taken on their website, such as email addresses, passwords, date of births etc. Even encouraging people to try the same email and password combinations on facebook to access their accounts. All for the ‘lulz’.

    #5 3 years ago
  6. frostquake

    All they have done has made me HATE them!

    Did they SCARE me away from Sony and my PS3? Nope they inconvenienced me by making me cancel my credit card, and now making me actually go to the stores to buy Points Cards! Which Now I Spend MORE on just to have extra’s when I need them, so if anything Hackers have made me put MORE money into Sony’s Pockets!!

    The only really HUGE thing I would like to see ALL sites do…Ask you if you would like your credit card information stored or destroyed after a purchase. Several sites offer this now, but ALL should be required to offer it by law.

    #6 3 years ago
  7. Blerk

    Wouldn’t it be terrible if all these idiots were…. I dunno…. set on fire, or something?

    #7 3 years ago
  8. manamana

    Thank you Brenna. And we are “only” talking gaming industrie here. When it comes to government or military intrusion or financial server takedowns, the shit is really starting to hit multiple fans. What do these guys think? Showing off vulnerability would add so much more, than just taking down the whole thing.

    #8 3 years ago
  9. NightCrawler1970

    @1, ISP can’t do shit about it, specially when you go on a public wifi internet, who’s gonna check that???

    #9 3 years ago
  10. jnms

    @9 Exactly. That’s the crazy thing, any restrictions put on Internet usage will be totally pointless as the hackers will simply sidestep them.

    #10 3 years ago
  11. Patrick Garratt

    I’ve just been reading about how to perform a DDOS attack. I can’t believe it’s as easy as it seems.

    #11 3 years ago
  12. OwnedWhenStoned

    @ #11

    LOIC is frighteningly easy to use.

    Combine it with TOR and you have a fairly powerful tool for wreaking havoc.

    #12 3 years ago
  13. Patrick Garratt

    @12 – TOR’s the think that masks your identity, right?

    #13 3 years ago
  14. Gekidami

    ^ Yeah.

    #14 3 years ago
  15. mojo

    TOR is the tool basicaly everyone in the Internet should use.
    if he has something to hide or not, just use it.

    #15 3 years ago
  16. OwnedWhenStoned

    Yup. IP Anonymizer if you like. Makes it harder to trace. I think the source IP that the victim sees is effectively the last relay it has been bounced through.

    I’m actually in two minds about this LulzSec business. If it forces companies to increase the security of the data (which they weren’t going to do on their own)then it’s good for us all.

    #16 3 years ago
  17. Freek

    @16 Yup, LulzSec is just doing it for fun and being verry public about it, be glad it’s them causes trouble and not people working for orginized crime or other shady orginizations.
    And it’s not specificly game related either, they’re taking on pretty much everybody they can get into easely. CBS was probably the funniest one with fake new items popping up.

    #17 3 years ago
  18. Blerk

    DDOS attacks don’t really accomplish anything other than pissing users off, though – you don’t even need any ‘skill’ to do them. They’re not stealing anything or proving anything, they’re just being dicks.

    Look at the Minecraft attack – who could possibly have anything against Minecraft? What was even the point of that attack other than to prove that they’re a bunch of adolescent slack-jawed morons with very small penises?

    #18 3 years ago
  19. OwnedWhenStoned

    @#18

    A DDOS can be used as a feint for a different attack vector. I always think of the LOIC script kiddies as the expendable grunts whilst the officer class go about their work separately..

    #19 3 years ago
  20. jnms

    @18 – So far Lulz have used the following method: Breach > Steal Data > DDOS.

    It’s as OwnedWhenStoned says.

    #20 3 years ago
  21. Blerk

    But they didn’t steal any data from Minecraft, etc. yesterday, did they? Just DDOSed them for a bit until they got bored. Pointless.

    #21 3 years ago
  22. OwnedWhenStoned

    @Blerk

    Possibly Notch was quick enough to take his systems offline before that could happen, Like CCP did. First sniff of DDOS, unplug everything.

    Or possibly they just did it for the (pointless) Lulz.

    #22 3 years ago
  23. jnms

    Or possibly stuff was stolen and they are unaware of that fact.

    Anything is possible at this point.

    #23 3 years ago
  24. Clupula

    I would like to see these people (and I use that term lightly) officially declared as terrorists and treated as such.

    #24 3 years ago
  25. DrDamn

    @16
    But they are just doing this for the ‘lulz’. Any data they manage to extract they publish on their website – email address and password combinations etc. That’s helping how?

    #25 3 years ago
  26. OwnedWhenStoned

    @ 24.

    too many people are being categorised as “terrorists” already.

    Going without Minecraft or PSN is hardly spreading terror throughout the populace. Even though they got my credit card data from PSN, I can’t say I was even in a state of mild peril let alone terror.

    They are certainly annoying, (and some would say slightly amusing), but they are not terrorists.

    A sense of perspective is needed here.

    #26 3 years ago
  27. DSB

    Perspective, sure. But they’re still racking up millions of dollars worth of damages.

    The fact that a fence is old doesn’t mean you get to kick it over, let alone continue into someones business and steal their papers once it’s down.

    #27 3 years ago
  28. OwnedWhenStoned

    @25

    by embarrassing these companies into securing your data correctly.

    Don’t forget: Sony, the company that encrypts and regionalises all it’s software and media, didn’t bother to encrypt our precious info.

    Nor would we have ever known about it.

    I would like to think that attacks like this lead to far stricter data security protocols in the affected companies. I know it has at ours, and we haven’t been hacked (as far as we know!)

    I don’t agree with their methods at all, but it might be the only thing that gives these companies a kick up the arse.

    #28 3 years ago
  29. DSB

    @28 So if someone comes to your house, beats you senseless and tells you about this awesome Taekwondo center downtown, that’s just helping you out?

    There would’ve been no damage done if they had kept their hands to themselves.

    Of course these companies are idiots for not preempting something like that, but it doesn’t somehow make these guys more honorable for taking advantage of it, and delivering everybody’s data to any scumbag who might be inclined to use it.

    It’s not a valiant service, it’s just a heinous act that forces everybody’s hand.

    School shootings have lead to better violence preemption at schools worldwide, should we be thanking the original culprits for that?

    #29 3 years ago
  30. jnms

    @28

    Or the governments can create new laws which restrict Internet access. That way the companies can keep their rediculous outdated security protocols, and at the same time the ‘hackers’ get punished.

    The sad thing is – it seems most of the population would embrace such a move.

    #30 3 years ago
  31. DSB

    @30 I don’t know if you guys have a newsletter or something, but could you tell the tinfoil hat club that that’s not possible outside of maybe North Korea or Iran?

    And it doesn’t work there, either.

    #31 3 years ago
  32. jnms

    Also I really like the continued use the the white porcelain mask being promoted everywhere.

    #32 3 years ago
  33. jnms

    @31 Impossible to impliment Internet restrictions?

    I guess back in 2000 people also said it was impossible to have nude x-ray security measures in the airport, and have kids more or less strip-searched.

    Or to have people arrested for taking photos of landmarks in the public.

    Or to have 13 year old children interviewed by Homeland Security for the posts they make on the Internet.

    #33 3 years ago
  34. frostquake

    xB Browsing on Firefox has been very popular by Torpark with hundreds of thousands of downloads from CNET though it may slow you down a bit, but it is basically idiot proof and for those who don’t want to config anything!
    Here is the Link:
    http://download.cnet.com/xB-Browser/3000-2144_4-10586817.html?tag=contentMain;contentBody;2d

    But if you want Tor here are some links:

    https://www.torproject.org/

    http://download.cnet.com/Tor/3000-2092_4-10391040.html?tag=contentMain;contentBody;1d

    #34 3 years ago
  35. DSB

    @33 Wow… Dude…. It’s all so clear now. X-rays and stripsearches, and internet oppression.

    IT’S ALL CONNECTED!

    And you know who’s running the whole thing? Undead CIA Operative Osama Bin Laden.

    #35 3 years ago
  36. OwnedWhenStoned

    @29

    “So if someone comes to your house, beats you senseless and tells you about this awesome Taekwondo center downtown, that’s just helping you out?”

    Er, what?

    did you notice the part where I mentioned that I don’t agree with their methods?

    I’m just an optimist: I hope something good comes out of this mess.

    #36 3 years ago
  37. jnms

    Who said it’s connected? Not me.

    You expressed Internet Restrictions are “Impossible”. I stated that 10 years ago the currect security mad laws would have been considered “Impossible”. Simple as that.

    And for the record I’m not interested in tinfoil asshatery or conspiracy loons. As far as I am concerned they are as bad as the hackers.

    #37 3 years ago
  38. DSB

    @36 I’d like to think that’s true, but the notion that demonstrative crimes like that are “good for us all” is hard to swallow.

    It’s just antisocial behaviour that forces the rest of the world to conform to the fact that there are a few idiots out there, looking to fuck things up for everyone else. There’s nothing good about it.

    “This sure is a huge gasleak, I better set it on fire” isn’t an acceptable standard of behaviour for a properly functioning person.

    Obviously it all leads to better preemption, but the best preemption would really be those retards finding a girlfriend or somehow getting help, instead of wreaking havoc on people who are just trying to go about their business.

    #38 3 years ago
  39. OwnedWhenStoned

    DSB:

    Agreed, there is nothing good about it. But you might as well try and make something good come out of it.

    These companies will always be lax in their information security until they are forced (either by market forces or legislation) to do it properly. It’s cheaper to do it badly, and they all love cheaper.

    #39 3 years ago
  40. Freek

    That is not how the world works. There are always bad people out there, and in this case, it’s just people vandalizing and pulling pranks on big corporatations.

    If that’s what gets people to finaly realize to implement good security, that’s a bonus.

    Because those same exact security holes can be used by real criminals looking to steal real money and real personal details or genuinly sabotage important infrastructure.
    It’s not about preventing the work of a few idiots with too much time on thier hands, it’s about providing security against real criminals.

    #40 3 years ago
  41. OlderGamer

    Its a sad world we live in.

    #41 3 years ago
  42. LOLshock94

    “the group suggested its actions might help Skyrim release earlier.”
    nonononnono how sad are these people i mean i believe hacking is good but hacking for letting a game come out early is just ridiculous honestly whats the point and what are they proving

    #42 3 years ago
  43. Hunam

    Who would want a game to come out early and be even more riddled with bugs than a Bethesda game would usually be?

    #43 3 years ago
  44. DSB

    To an extent I agree, and I’m sure we all appreciate people being caught with their pants down in those sick corners of our minds, but this isn’t going to end.

    “Make it idiot-proof, and they’ll just make a better idiot”

    Obviously that’s out of context in this case, but the rule applies.

    What I’d like to see is more independent verification of vulnerable networks, as a lot of banks and money transfer services use. Let an independent company, or government agency look at those networks and tell people how it looks.

    We’re at a huge disadvantage making accounts with businesses that offer absolutely no information on what they’re doing to protect our information.

    We have people trying to monitor the food we eat, the medicine we use, the cars we drive, the planes we fly, but our identities and our money apparently doesn’t matter.

    #44 3 years ago
  45. JackTheLittle

    as i said before
    they are just tryin to show that these things are natural.
    while one of the biggest companies attacked by hackers right under their nose and they did not anything but laughing happily and babbling about how bad it was all the time.

    #45 3 years ago
  46. Freek

    @44 It does and those people are around and doing thier job. Except that nobody listened to them.

    #46 3 years ago
  47. TheWulf

    @35

    You stole my joke. >_> It was well used though, so all’s well. :P

    #47 3 years ago
  48. sg1974

    But no!! No no no no no!!!!

    It’s only Sony who treat theyre customers with contempt! The rest of the internet is 100% secure and hasd NEVER been hacked to steal private information!! Sony LET these hacks happen because theyt dont care!! EVERYBODY knows that

    why do you keep letting this happen sony? You should be prosecuted for not having the same level of security as every other company in the entire world all of whom are perfectly secure and never have private information available freely.

    Etc etc…..

    In other news, Amazon hacked, Play hacked, Visa hacked, those RSA keys hacked (60 million need replacing to protect peoples bank accounts and comapny data), half the gaming community hacked….

    #48 3 years ago
  49. Lord Gremlin

    Execute a dozen of hackers and see what happens. Suddenly they’ll all become subtle.

    #49 3 years ago
  50. Noodlemanny

    @49 errrr no. That would be a really really stupidly bad idea, that would just really piss ‘them’ off. Some people will always think their undetectable or invincible, like the very companies their hacking. They’ll think that they wont get caught and what an outrage the executions were. And with the latter I’d have to agree, yeah their fucking pussy picks who think their really swish but I wouldn’t say murdering them is any kind of answer. It will just make matters worse.

    This whole thing makes me wonder how long its gonna take for these so called ‘hackers’ to realise they arn’t doing anyone any favours and people are just absolutely fucking loathing their guts because of it (to put it lightly). Then again maybe that will never happen and we’ll get stuck in the cesspool they created.

    #50 3 years ago
  51. Bzzd

    It’s refreshing to see someone report on Anonymous and LulzSec using facts. Thank you for not calling Anonymous a “shadowy hacker group” or something in that vein. The Anonymous we observe in the mainstream media is a pitiful representation of what the collective actually is.

    As for LulzSec, if indeed the rash of conspiracies about the group being a government set-up are false, they’re only some youngsters (as in, UK secondary school age ;)) wanting to get their fifteen minutes of fame. They want people to think they’re invincible, but SQL injections and DDoS attacks are hardly even make them “hackers”. Theres a reason they keep pestering gaming publishers, they’ve found a target they can pick on, so they aren’t deviating from that.

    Nice work Brenna, I enjoyed the read.

    #51 3 years ago
  52. neon6

    They’re going to be real butthurt when the law catches up with them.

    #52 3 years ago
  53. Len

    http://www.bbc.co.uk/news/technology-13787229

    Took down the CIA site as well now apparently. Not a clever move surely?

    #53 3 years ago
  54. Exzeerex

    LulzSec uploaded over 62000 account emails and password to MediaFire. Contains Facebook, WoW, Gmail, etc.

    http://twitter.com/LulzSec

    Trolololololol

    #54 3 years ago

Comments are now closed on this article.