Just days after the public release of 26,000 email addresses and passwords, Lulz Security has raised the bar considerably by releasing internal data obtained from a U.S. Senate Web server. To quote their release notes:
We don't like the US government very much. Their boats are weak, their lulz are low, and their sites aren't very secure. In an attempt to help them fix their issues, we've decided to donate additional lulz in the form of owning them some more!
This is a small, just-for-kicks release of some internal data from Senate.gov - is this an act of war, gentlemen? Problem?
An act of war? They should hope not with a target like this.
What follows the release notes is a considerable amount of data pertaining to the internal server structure of Senate.gov, the official website of the United States Senate. Also included amongst the pile of data is the email address of a server administrator, Chris Vontz. Talk about putting out fires; Vontz is sure to have a long night in response to the attack.
While the full data set released by Lulz Security isn't particularly interesting to the average individual, the target of this attack, is. It puts an even larger target on the rogue group, and if they thought they were being pursued before, suffice it to say, the ante has been upped considerably. Not only would the U.S. Government likely prefer to keep private data (or what should be private data, at least) private, but the embarrassment of such an attack most likely has some people in high places beginning to marinate in a stew of vengeance.
The question now is how long it will take to catch the individuals involved with Lulz Security. It's not going to take much for them to potentially slip up now that they're targeting property of the U.S. Government. The worst of all fears here is if Lulz Security happens to pull off an exploit of epic proportions; something to the effect of Social Security numbers, names, addresses, phone numbers, etc. While it's highly unlikely they would ever obtain information like that from a U.S. Government site exploit, other targets of theirs may prove significantly easier to infiltrate and obtain any combination of the aforementioned sensitive data.
All-in-all, PBS, Sony, Nintendo, Fox, Bethesda Software (also targeted alongside the release of the U.S. Senate information) and now, the U.S. Senate have all been victims of Lulz Security's exploits. There is undoubtedly more to follow, what with all they have made available thus far, but when is enough going to be enough? The point has been made at this juncture that all entities, small and large, should invest in bettering their security -- be it through software, better password implementation, or otherwise.
And while we are on the topic of these rogue hacker groups, Spain and India have now hopped aboard the victim train thanks to entities other than Lulz Security. It seems the world of underground rogue hackers (who are actually more appropriately labeled as "crackers") has come alive, all influencing and driving one another. Perhaps even more senseless than having a point to prove is the notion that various groups are simply trying to one-up each other. Such affairs tend to leave many helpless individuals lying in the aftermath of pointless endeavors.
What are your thoughts? Do you agree with what Lulz Security and other similar groups are ultimately trying to bring to light with their exploits, or do you think it's just one big game to these people? Do you personally have any concerns over this wave of attacks? Please share your thoughts in the comments below.
-Stephen Chapman SEO Whistleblower