LulzSec Hacker Arrested, Group Leaks Sony Database
UPDATE: News of a LulzSec member being arrested was based on a chat log that was released online. It stated one of their chat rooms was raided and one members was arrested. The name of the individual was apparently based on an inside joke among 4Chan users, which The Epoch Times was not aware of. LulzSec released a statement later, noting that one of their recruitment chat rooms was compromised, but none of their members were arrested. The Epoch Times regrets the error.
Hacker group LulzSec, also going by the name Lulz Security, leaked the source code of the Sony Computer Entertainment Developer Network, around 11 a.m. EST on June 6.
Just following the hack, LulzSec chat logs appeared online detailing a government raid of their chat server, stating “military hackers are trying to hack us.” They stated one member of the group, Robert Cavanaugh, was arrested. He is now allegedly in FBI custody.
The source code leaked by the group could give users access to Sony’s developer network. A PlayStation 3 (PS3) jailbreak giving access to the network months back led to mass piracy of PS3 games.
Access to the source code would allow hackers to be able to reverse-engineer the network and spawn new sites similar to Sony’s, as well as perhaps "fork" the software to create new versions of it. In addition, the fact that hackers have been able to access the source code for Sony’s internal servers indicates that they may also be able to change the source code on Sony’s servers, thus changing how the official developer network operates.
They would also be able use the source code to find and perhaps even create more security holes in the system and exploit them, wreaking further havoc on Sony’s already battered network security team.
Although previous hacks into the network allowed many people to illegally download games for free and access Sony programming resources, it is possible that by being able to access the servers and the source code of the systems, a hacker could potentially create a sort of "wormhole" or portal to the servers that would allow him or her to have constant real-time access to it.
LulzSec recently breached Sony Pictures and stole 150,000 records, claiming they had access to a database with more than 4.5 million records. LulzSec stated “SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”
SQL injection methods refer to an attack vector by which hackers change URL or other strings used by browsers to access servers, and use vulnerabilities in these strings to be able to access and manipulate database records directly stored on the server.
The recent hack is also significant in that it comes only a day before the Electronic Entertainment Expo in Los Angeles in which Sony is expected to publicly and directly apologize for their response to the PSN and Qriocity breach in April. They are also expected to introduce new technology and products.