LulzSec leaks 62,000 emails and passwords, also targets CIA

LulzSec leaks 62,000 emails and passwords, also targets CIA

Summary: Another day, another LulzSec leak. This time, they've targeted the CIA and leaked a list of 62,000+ email addresses and passwords. Check to see if your name is on the list!

SHARE:
81

The infamous rogue hacker group, Lulz Security, is back again with claims of packet-flooding the CIA's Web site and leaking another lengthy list of email addresses and passwords.

CIA

Following their recent exploits with the U.S. Senate website, LulzSec has now made the CIA their target via a packet-flooding attack. While it's highly unlikely that the CIA's Website has any sensitive data residing on it, the notion of such a high profile target being attacked is bad enough. To be fair, packet-flooding simply means they crashed the CIA's server, but it can be a rather problematic issue to network health if certain precautions aren't taken. The key takeaway here is the target of the attack. Per LulzSec's Twitter feed:

LulzSec Targets CIA

LulzSec Targets CIA

LulzSec says they packet-flooded the CIA

LulzSec says they packet-flooded the CIA

In the second tweet, their proclamation of their most severe exploit at this point is the release of internal information from Bethesda Software. The release included server admin configurations, admin staff and blog user hashes, server logs, and mappings of Arkane, Bethblog, Brink codes, Brink signups, IDSoftware, Rage, and more.

While far more data was released with the Bethesda attack, the reason the CIA attack is considered their biggest is because of who it is, thus the potential repercussions.

Emails and Passwords

The last LulzSec-released list of email addresses and passwords totaled 26,000, and they were all obtained via hacked pornographic sites. This time, they're keeping quiet about the sources of this latest list of culminated addresses. Regardless of the sources, here are 62,000+ email addresses and passwords just released. From their Twitter feed:

LulzSec releases 62,000 emails/passwords

LulzSec releases 62,000 emails/passwords

Many users have taken to Twitter to let LulzSec know either how they have been attacked due to the leaked list, or how they have benefited by exploiting the leaked information. Make no mistake, LulzSec is essentially releasing this information into the hands of people with malicious intentions.

As with before, it is highly advised that you download the list and check for your email address so as to change your password. You can obtain the leaked list here (visit the link to download the file). Use the "find/search" functionality of your browser/text viewer to search for your email address once you download the 2.25 MB text file. Update: The file has been removed. As such, you can go here to a tool created by Gizmodo and type in your email address to see if you're on the list.

While neither of these latest activities were posted to LulzSec's blog as official releases, it's clear that they intend on utilizing any and every avenue they can to show off their exploits.

Lastly, while the image of a small group of individuals comes to mind in regards to the make-up of LulzSec, there is increasing speculation that the group -- along with the equally-notorious rogue hacker group, Anonymous -- is actually comprised of many people; possibly thousands. If true, this makes the efforts of these groups much more difficult to stop. However, as entities like the CIA and the U.S. Senate are targets of these groups, we may all soon find out just what the make of these groups really is.

How do you feel about LulzSec's latest actions? Share your thoughts in the comments below!

-Stephen Chapman SEO Whistleblower

Topics: Security, Collaboration

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

81 comments
Log in or register to join the discussion
  • RE: LulzSec leaks 62,000 emails and passwords, also targets CIA

    In my opinion, if they want to continue doing what they're doing, they need to wait and let the heat die down. If they keep hacking server after server as quickly as they are, sooner or later they're going to get caught.
    Aerowind
    • RE: LulzSec leaks 62,000 emails and passwords, also targets CIA

      @Aerowind

      True that.
      josh92
      • But I do not agree with Stephen's implication that what these groups do is

        @josh92: ... bad. If it was, they would be selling all of these electronic mail addresses and passwords, et cetera, to the interested parties silently -- no one would ever know about it -- until people would found out be victims of misuse of their account information.

        But now these groups expose poor security of the sites they attack (and with releasing certain amounts of information they prove the holes exist), so <b>security improves much faster now than it would without these public offensive hacks.</b>
        DDERSSS
      • RE: LulzSec leaks 62,000 emails and passwords, also targets CIA

        @DeRSSS That's like me "improving" my town's security and SWAT team skills by going out each night and shooting a citizen.
        jgm2
      • RE: LulzSec leaks 62,000 emails and passwords, also targets CIA

        @josh92 Would you find it so cool if your password and e-mail address was in the list. If someone uses it to hack your accounts? If you had to go through the hassle of trying to clean up your identity after theft you probably might think of all the implications a little more. This is not done for the "Public Good" just to wave their I'm cool flag and inconvenience people
        corcorac
      • RE: LulzSec leaks 62,000 emails and passwords, also targets CIA

        Ideologs don't need to sell what they steal. They want to hurt and bring down what they attack. Nor does enabling higher security bring any joy. What we need to know is a lot less than what has to be protected for the country. Higher security means a lot less regular access for people and more chance of scandals being hidden. How important is your password. Have you been hacked, your credit card number stolen, how about your identity. Spare us the romantic childish notion of a happy trusting world. You are too naive for your opinion. Read some history books.
        frankerin
    • RE: LulzSec leaks 62,000 emails and passwords, also targets CIA

      @Aerowind

      it looks like its going to be later...I'm pretty sure they're aware of what they're doing...especially when they tweet everything that they do...

      Its not as easily trackable as murdering someone (DNA, finger prints etc), theres a million and one ways to cover your tracks
      5FingerDiscount
    • That is sum risky lulz

      @Aerowind I would also drop all the known twitter accounts and release channels that they have. Go dark for a while and blame ebaumsworld for everything.
      Tommy S.
    • RE: LulzSec leaks 62,000 emails and passwords, also targets CIA

      @Aerowind <br>How about "Thanks for typing your email into gizmondo, we'll add you to the next release!"
      BaconSmoothie4-2
    • RE: LulzSec leaks 62,000 emails and passwords, also targets CIA

      @Aerowind <a href="http://cupu.web.id/pulauweb-web-hosting-murah-indonesia/">Pulauweb Web Hosting Murah Indonesia</a>
      <a href="http://cupu.web.id/blogger-nusantara-blogpreneur-indonesia/">Blogger Nusantara Blogpreneur Indonesia</a>
      upinson
  • Are the bad guys united?

    anonymous and lulz are different groups but I wonder how much time will pass before these hacking groups collide with each onther
    netwarriorwy
    • RE: LulzSec leaks 62,000 emails and passwords, also targets CIA

      @netwarriorwy they are very close friends.....
      jallen.ca
    • Message has been deleted.

      Tommy S.
      • RE: LulzSec leaks 62,000 emails and passwords, also targets CIA

        @Tommy S. - "honest mobsters" - thanks for the humor
        GDF
      • RE: LulzSec leaks 62,000 emails and passwords, also targets CIA

        @Tommy S.

        Thanks for the homophobic nonsense.
        Jackass.
        DeusXMachina
  • Not that hard to track

    lulzsecurity.com is using cloudflare.com as a DNS host - a company running out of San Francisco. It would only take a simple warrant to make records from cloudflare available, and then it's a matter of tracking the account to the billing address of whoever is the webmaster for lulzsec.
    Joe_Raby
    • RE: LulzSec leaks 62,000 emails and passwords, also targets CIA

      @Joe_Raby

      If it were really this simple I'm pretty sure they would have been caught already.
      josh92
      • Just follow the money....

        @josh92

        ....cuz someone has to pay the bills. A search warrant will easily allow access to those records too.
        Joe_Raby
      • RE: LulzSec leaks 62,000 emails and passwords, also targets CIA

        @Joe_Raby what about the patriot act? I dont think they even need a warrant. All they have to do is call them terrorists, and blam!
        nickswift498
      • RE: LulzSec leaks 62,000 emails and passwords, also targets CIA

        @josh92 <br><br>You're right, it's not that easy. I have worked with ISP's to register DNS zone names. Some of them only require a credit card and information to be filled out on a webpage. Getting a valid credit card under a fake name/alias is very easy and the requestor can enter the same phony information on the web page - making it virtually untraceable.
        smtp4me