Sony Hacked for What Seems To Be the Umpteenth Time
Chester Wisniewski, blogging for the security firm Sophos, counts this latest attack as the thirteenth to hit a Sony site since its Web security troubles began in March. A Lebanese hacker working under the nom-de-keyboard Idahc claims to have used a rudimentary SQL-injection technique to acquire a database of Sony users. Having hired so many security firms to secure its Playstation and Qriocity networks, you’d think Sony would have learned how to protect its other sites around the world from this sort of thing.
This of course comes on top of an attack earlier in the week by the group Lulzsec against a Web site operated by Sony Pictures. Lulzsec has been on a bit of a tear lately, publishing fake news stories about Tupac Shakur on Monday. On Wednesday it attacked SonyPictures.com saying it used–wait for it–another simple SQL injection attack technique to access everything it obtained, including the personal information of more than 1 million users. Sony officially confirmed the attack today, saying that outside security experts were doing a forensic analysis of the attack and that the FBI has been called in to investigate.
Lulzsec, clearly enjoying the attention, declared Friday “#F–FBIFriday” using a hashtag in its Twitter feed. (I won’t fill in the missing three letters for you, but you can certainly figure it out.) It wasn’t kidding. That same day it attacked the Atlanta chapter of Infraguard, a public-private partnership between the FBI and the private sector geared toward sharing information about hacking attacks. Even more interesting is the fact that Lulzsec is soliciting donations in the form of the anonymous digital currency Bitcoin to help support its ongoing efforts.
Amid all this activity, I couldn’t help relating to a Tweet by 2600, the 27-year-old quarterly journal aimed at hackers: “Hacked websites, corporate infiltration/scandal, IRC wars, new hacker groups making global headlines – the 1990s are back!”