The hacker group LulzSec has turned its attention to the US government, following a month-long campaign against various media and video game companies. While previous attacks involved stealing data from poorly-secured servers, including the site of the US Senate, the group has now begun using denial of service attacks (DDoS) to take down websites including cia.gov, which went offline last night but is currently accessible.
These kinds of attacks, which flood websites with traffic and cause them to go offline, were also used by the hacking group Anonymous in defence of WikiLeaks. Some reports suggest LulzSec is using the same DDoS tool as Anonymous, the Low Orbit Ion Cannon (LOIC), which allows anyone to join in an attack by running the software. In another twist, LulzSec has also declared war on 4chan, the anarchic message board with strong ties to Anonymous.
Not content with just carrying out online DDoS attacks, LulzSec are also using the phone networks to cause havoc. The group has set up a phone number and encouraged others to call in with hack requests. They then redirect their phone number elsewhere, causing victims including the FBI to receive hundreds of calls - the group claims between five and 20 people were ringing the line every second.
As a "thank you" to their fans, LulzSec has today released a collection over over 62,000 email and password combinations, though the group hasn't stated which websites these details give access to. LulzSec Twitter followers are now reporting that they have used the leaked details to compromise accounts on Facebook, Gmail and World of Warcraft.
LulzSec's string of successful if simple hacks demonstrate that the websites of many companies and organisations just aren't sufficiently secure. While LulzSec says their actions are just intended to amuse, what happens when a group with less benign motives follows in their footsteps? It's time for IT managers everywhere to take another look at their defences, before they fall foul of the next attack.
Source New Scientist
Notable events, developements and publications in science and technology this week. Updated daily.
No comments:
Post a Comment