August 21, 2014

LulzSec Hacker Sabu helps stop over 300 cyber attacks

LulzSec(LiveHacking.Com) – Hector Xavier Monsegur, a.k.a. the hacker “Sabu,” the former “leader” of hacking group LulzSec has been helping the FBI prevent cyber attacks since his 2011 arrest. As a result the court has been petitioned to have his sentence greatly reduced.

According to court documents filed by prosecutors in the Southern District of New York, the work of Hector Xavier Monsegur has helped to prevent losses of millions of dollars. Under current sentencing guidelines Sabu could face prison time of up to 26 years for hacking companies like Fox Television, PBS, Sony, and Nintendo.

In addition to Sabu’s direct involvement in criminal hacking activities, he also had knowledge of other major criminal hacking activities, including hacks into the computer servers of the Irish political party Fine Gael and the Sony PlayStation Network.

Sabu was arrested in June 2011 and pleaded guilty, as part of a co-operation agreement with the US government. As part of that co-operation Sabu “proactively cooperated with ongoing Government investigations” and sometimes worked “literally around the clock.” The court documents also say that Sabu’s “cooperation was complex and sophisticated, and the investigations in which he participated required close and precise coordination with law enforcement officers in several locations.”

The FBI estimates that with Sabu’s help it was able to disrupt or prevent at least 300 separate computer hacks. The victims included divisions of the United States Government such as the United States Armed Forces, the United States Congress, the United States Courts, and NASA. Although difficult to quantify, it is likely that Sabu’s help prevented at least millions of dollars in loss to these victims.

Because of the extent of his help Sabu has received threats which meant the FBI needed to relocate the hacker and some members of his family, presumably under some form of witness protection scheme.

The court filings note that Sabu was repeatedly “approached on the street and threatened or menaced about his cooperation once it became publicly known. Monsegur was also harassed by individuals who incorrectly concluded that he participated in the Government’s prosecution of the operators of the Silk Road website.”

He is due to be sentenced on Tuesday.

First Sony, now Sega – 1.3 Million Customer Records Stolen

In what seems like unstoppable storm, hackers have struck again, this time taking 1.3 million customer records from the Sega Pass system. According to an email sent to its customers on Friday, Sega shutdown the system on Thursday after it detected unauthorized access to the Sega Pass database. They have launched a full  investigation into the extent of the breach of its public systems.

Sega discovered that a subset of  members emails addresses, dates of birth and encrypted passwords were obtained. However no personal payment information was taken as Sega use external payment providers.

Nintendo, Sony and several multi-player gaming communities have been hit in recent months. The now infamous hacking group LulzSec, which has been involved in a number of high profile attacks, including one against Sega rival Nintento, denied responsbilty for the attack and rather ironically send a tweet to Sega offering help: “@Sega – contact us. We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down.”

More Hacking By LulzSec While Sony Hacked Again, This Time By Idahc

It now seems as if hacking is now reaching epidemic proportions and as more and more of our lives are being moved onto “the cloud” (voluntarily and involuntarily) it looks like security breaches and loss of data is becoming the norm rather than the exception.

Over the weekend LulzSec claimed that it hacked the web site of the Atlanta Chapter of InfraGard and released a download of the user login details along with the decrypted passwords. InfraGard is a partnership of businesses, the FBI, educational entities and the National Infrastructure Protection Center designed to protect IT systems from hacker attacks. Such sites are, of course, prime targets for hackers.

LulzSec claim they attacked the web site because NATO now treats hacking as an act of war.

Once they had the list of user names and passwords, LulzSec continued their illegal activities and found that Karim Hijazi, CEO of Unveillance, used the same password for his personal gmail, and the gmail of this company. LulzSec contact contacted Karim where they claim he offered to pay them to eliminate his competitors through illegal hacking. Karmin released an official statement where he shows proof that in fact LulzSec tried to extort him and his company.

While all this was going on, a Lebanese grey hat hacker – who goes by the moniker Idahc, posted the details of 120 accounts which he claimed came from the apps.pro.sony.eu Sony web site. The web site is currently “down for maintenance.”

Sony Hacked Again – This Time Sony Pictures Targeted

Reuters are reporting that the servers running the Sony Pictures Entertainment websites have been breached by a group known as LulzSec. The same group have claimed responsibility for past attacks against PBS television and Fox.com. As a result of the breach LulzSec has published the names, birth dates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony.

“From a single injection, we accessed EVERYTHING,” the hacking group said in a statement. “Why do you put such faith in a company that allows itself to become open to these simple attacks?”

This latest security breach comes on the heels of two separate breaches in April. Sony took down its online PlayStation Network on Wednesday 20th April when it spotted unauthorized access to the network by hackers on the preceding three days (April 17 to April 19, 2011). Sony later confirmed that, certain PlayStation Network and Qriocity service user account information was compromised.

Later, Sony revealed that the breach of its servers was much larger than originally reported. Initially Sony revealed that some 77 million user records where exposed during a breach of the PlayStation Network (PSN), however it then reported that 24.5 million Sony Online Entertainment user records have also been stolen.

Reuters has confirmed the authenticity of the data with several of the contestants who details were published.