LulzSec has struck again over the weekend, and this time the targets were the official website of the US Senate and the Bethesda Softworks’ computer network.
Officials are currently reviewing the sites hosted on the Senate.gov domain, but according to Reuters and Senate Deputy Sergeant-at-Arms Martina Bradford, the hackers have only breached the public side server and have not compromised any senator’s information.
“Although this intrusion is inconvenient, it does not compromise the security of the Senate’s network, its members or staff,” stated Bradford. “Specifically, there is no individual user account information on the server supporting senate.gov that could have been compromised.”
LulzSec has posted a list of valid directories, and according to John Bumgarner of the U.S. Cyber Consequences Unit, “the information disclosed online … shows that the intruders had administrator-level access to the Senate server. This access could have potentially been used as a jump-off point to compromise other systems in the network.”
In the statement released along the information, the hackers included a taunt: “This is a small, just-for-kicks release of some internal data from Senate.gov – is this an act of war, gentlemen? Problem?” – referring to the recent Pentagon’s statement that it will consider cyber attacks against national networks as acts of war.
The second hack revealed yesterday concerns the computer network of Bethesda Softworks, the company behind successful online game titles such as The Elder Scrolls.
“After mapping their internal network and thoroughly pillaging all of their servers, we grabbed all their source code and database passwords, which we proceeded to shift silently back to our storage deck,” says the group. “Please find enclosed everything we took, excluding one thing – 200,000+ Brink users. We actually like this company and would like for them to speed up the production of Skyrim, so we’ll give them one less thing to worry about.”
“We believe we have taken appropriate action to protect our data against these attacks. While no personal financial information or credit card data was obtained, the hackers may have gained access to some user names, email addresses, and/or passwords,” said the company on its official blog after having confirmed the intrusion.