bit-gamer.net

Nintendo server hacked by Lulzsec

Nintendo server hacked by Lulzsec

Nintendo is the latest in a long line of victims of the hacking community, LulzSec.

Nintendo has confirmed that its US website has been hacked. A group called Lulz Security, or LulzSec, gained access to one of the site's servers, copying and then publishing a configuration file.

Last week LulzSec also hacked Sony Pictures' website, again publishing user information online.

Thankfully, Nintendo's server contained no customer information - a fact confirmed by both the hackers and the hacked.

In an email sent to Reuters, Nintendo stated:

'The server contained no consumer information,' Nintendo said in a statement to Reuters. 'The protection of our customer information is our utmost priority...We constantly monitor our security.'

'Re: Nintendo, we just got a config file and made it clear that we didn't mean any harm,' said a LulzSec Twitter post regarding the matter. 'Nintendo had already fixed it anyway. <3 them'

What do you make of the news - did Nintendo and Sony have it coming or is it just another case of hackers ruining everyone's fun? Let us know in the forums.

22 Comments

Discuss in the forums Reply
Guinevere 6th June 2011, 10:44 Quote
Sony shouldn't really have been surprised in the reaction resulting from them going after the hacker community like a pitbull. First they remove other OS and then they go all uber litigious. They should have been better prepared but they're too big and too disconnected to get this stuff right. Too many little bits built by different agencies. Wasn't it a Ghostbusters marketing site that got last hit?
confusis 6th June 2011, 10:45 Quote
Arrest them, throw away the key. I understand hacking to show vulnerability but these guys are taking it way too far. It's become a game to them, a criminal game. Hope they can track these guys down and punish them.

That is all
Unknownsock 6th June 2011, 10:52 Quote
I don't care. This person(s) is awesome.
StoneyMahoney 6th June 2011, 11:00 Quote
The contrast between the attacks against the two companies to date are quite striking. Nintendo gets hacked, 1 server is involved, there's a press release and life goes on. Sony gets hacked, their entire online gaming customer database gets stolen (including credit card numbers and the personal details needed to abuse them), the system remains offline for weeks, it's a massive debacle.

While Sony and Microsoft have a streamlined online presence built into their consoles that it's difficult to get away from, Nintendo have always made their online features optional without as much streamlining. From a security point of view, Nintendo were never going to be anywhere near as badly affected by hacker attacks as the other two big players could have been, largely because they deliberately don't keep any customer data that's actually worth stealing. Whether this was astute foresight on Nintendo's part is debatable, but the easy conclusion to draw is that if you're going to build an online database of high-value data you need to secure it properly (no sh*t sherlock!).

MS would be the next logical target but compared to Nintendo and Sony they are a far more difficult prospect. They've been fending off attacks like this for years ever since it became obvious that defacing Microsoft's webpage would make any hacker who could pull it off a hacker's household name. So, unless the Xbox Live system ever suffers a similar fate to Sony's offering, this whole sequence of events could well stand as a textbook example on how to deal with online security. If you aren't experienced at it, don't keep anything lying around worth stealing!
impar 6th June 2011, 11:21 Quote
Greetings!
Quote:
Originally Posted by Guinevere
Sony shouldn't really have been surprised in the reaction resulting from them going after the hacker community like a pitbull. First they remove other OS and then they go all uber litigious.
First, Geohot releases a hack that needs OtherOS, then Sony removes Other OS functionality to try to stop the hack and finally thousands of Sony customers cant access PS3 online features because some hacker group decided to wreak havok on Sonys operations.
The way some defend this kind of illegal activities is scaring.
impar 6th June 2011, 11:30 Quote
PS:
Quote:
LulzSec Targets Elderly in the Wake of Latest Sony Hacks
...
In questionable judgment, LulzSec reportedly decided to comb through the record set from the Sony Pictures breach looking for elderly users who were born in the 1920s (81 or older), 1930s (71 or older), or 1940s (61 or older). They posted the information in a torrent that included names, home addresses, passwords, and e-mail addresses.

Password reuse is rife among even moderately internet-savvy young people today and among the majority of elderly users it's virtually a given. Thus it is not surprising that there have been reports of malicious users hacking users' other web accounts, committing malicious and possibly financially damaging mischief.

LulzSec remains unsympathetic for these attacks on the elderly, stating via Twitter:
I hear there's been some funny scamming with jacked Sony accounts. That's what you get for using the same password everywhere. Hey innocent people whose data we leaked: blame @Sony.
The data appears to be authentic -- the Associated Press has confirmed multiple users/addresses to be real. Some account information appears to be faked -- likely by users who didn't wish to enter their real data for the contest.

Yeah, lets all defend these hackers actions against evil Sony!
Unknownsock 6th June 2011, 11:33 Quote
Quote:
Originally Posted by impar
Greetings!
Quote:
Originally Posted by Guinevere
Sony shouldn't really have been surprised in the reaction resulting from them going after the hacker community like a pitbull. First they remove other OS and then they go all uber litigious.
First, Geohot releases a hack that needs OtherOS, then Sony removes Other OS functionality to try to stop the hack and finally thousands of Sony customers cant access PS3 online features because some hacker group decided to wreak havok on Sonys operations.
The way some defend this kind of illegal activities is scaring.

Whilst I agree, it's just as scary that no-one seems to care about anything anymore.
SexyHyde 6th June 2011, 11:50 Quote
I think what is getting forgotten is Sony wanted most of your personal details, basically like having a copy of all the details in your wallet. Then it basically left it in a closed but not locked place.
Faunus 6th June 2011, 12:03 Quote
Hai gais.

Maybe you accidentally all commented on the wrong post. Just sayin'.
SexyHyde 6th June 2011, 12:37 Quote
I think what is getting forgotten is Sony wanted most of your personal details, basically like having a copy of all the details in your wallet. Then it basically left it in a closed but not locked place.
SexyHyde 6th June 2011, 12:39 Quote
Damn my stupid phone. What I meant to say was its hard to comment on the Nintendo hacking solely as its just "hackers get into server, important info secure, life goes on".
rogerrabbits 6th June 2011, 13:06 Quote
I kind of liked the idea of them making fools out of sony, until I read that they published all the private information of old people that they had stolen. And then a lot of these old people got asshats stealing money from their accounts and stuff...

That's so horrible. I don't care how old these Lulz kiddies are now, I just want someone to track them down and get them in prison where they belong.
leveller 6th June 2011, 13:39 Quote
I'm in two very different minds here ...

1) I'm bored, angry and frustrated by all these hacks causing nothing but disruption and grief to people who deserve to be able to get on with their gaming in peace. I'm starting to believe that maybe governments should lock down the internet because nothing else will stop these kids doing this.

and

2) Doesn't anyone else find it hugely suspicious that there are so many high profile attacks that will in turn work against any good the attackers are trying to achieve. The hackers aren't stupid though, in fact I am led to believe that it's possible each hacker's brain holds more intelligence than entire governments put together, minus an essential helping of social etiquette. My point being that all these hacks are working against what most hackers would want, which is more freedom to have fun. These hacks will push governments faster to lock the internet down ... Wouldn't it be in agencies benefits to be pulling off these attacks themselves to force the lock-down?
azazel1024 6th June 2011, 14:26 Quote
Yeah security was lax and need to be fixed. A benevolent hack would have been doing it and contacting Sony to tell them they found the vulnerability and maybe telling the world that they are vulnerable after it is fixed or Sony seems reluctant to do anything and leaving it that.

Anything beyond that isn't even remotely benovolent. It is a criminal prank or just plain criminal (though technically hacking it period is criminal, but you could at least claim you did it for benevolent means if you didn't take it beyond the bounds I mentioned).

Lolzsec is also going further and basically saying that users have it coming if their other accounts get accessed if they reuse username and/or password information. Really? You are going to go there? Your criminal action caused people to be exploited means its their fault and not yours? Its like saying its the renter's fault that they lost everything if they didn't insure their posessions if you burn the apartment complex down.

Well if you didn't burn the darn thing down, it wouldn't have been a problem (would it have been smarter if they hadn't used the same username and common password, sure, but it isn't their fault that you hacked Sony and then revealed all their information)
jrs77 6th June 2011, 15:09 Quote
I see this whole thing as a protest against companies collecting data, where the companies can't guarantee this data to be stored safely.

The internet is a nice tool for communication and spreading information, but I'd recommend everyone to only use it anonymously and not to give away their information freely. In the past 16 years I'm actively using the internet on a daily basis, I've never used my CC to pay for something, nor did I ever subscribe to networks (social networks, forums, etc) by using my real name, birthdate or adress.
I don't even do order something online, but pick up the phone instead and pay per bill.

So, if all these current hacks make people aware of the fact, that their data isn't safe in the internet, then this can only be a good thing.

Privacy first.
Bede 6th June 2011, 15:18 Quote
Quote:
Originally Posted by impar
Greetings!
Quote:
Originally Posted by Guinevere
Sony shouldn't really have been surprised in the reaction resulting from them going after the hacker community like a pitbull. First they remove other OS and then they go all uber litigious.
First, Geohot releases a hack that needs OtherOS, then Sony removes Other OS functionality to try to stop the hack and finally thousands of Sony customers cant access PS3 online features because some hacker group decided to wreak havok on Sonys operations.
The way some defend this kind of illegal activities is scaring.

+1. The way people defend these guys you'd think they were Robin Hood.
SexyHyde 6th June 2011, 15:56 Quote
Most of these big companies take your info for no real reason. The some act responsibly, some don't. The way Sony have been acting over the years is one reason why I actively avoid their products and services.
thehippoz 6th June 2011, 18:49 Quote
Quote:
Originally Posted by leveller
in fact I am led to believe that it's possible each hacker's brain holds more intelligence than entire governments put together

not intelligence.. it's passion

if you like to solve cryptic problems, you can be a hacker.. the thing is noone will tell you anything.. you have to first dive in head first and figure it all out yourself

but most people seem too dumb/lazy and want everything handed to them on a platter or it's not worth their time.. trust me the stuff has nothing to do with intelligence- it's just like audiophiles who build a better box and are always striving for perfect sound

like the people at rapid7 who work on metasploit.. to a layman someone running metasploit without a front end looks like genius.. and really until you actually find an exploit (I found a few in gaming engines back it the day myself) your just a newbie using the tools put out there and running the latest exploits found by others

it helps to get your ccna as that will give you a better understanding.. as you get better you can pivot through firewalls in more secure networks and even get amin on unpatched windows 7 machines by passing the hash from a compromised machine.. it's not like rocket science though- a lot of it relies on people who don't know what they're doing (patching, bad passwords, social engineering), and occasionally 0-day exploits

there's also attacks that have nothing to do with exploiting the machine itself and can still get you the data your looking for.. these types of attacks are the most fun imo- as they can be done on anyone even in a secure network by getting access to their wireless ap or a access to a computer wired on the network.. scan and target the machine you want to sniff, all passwords pass through your rig unencrypted including ssl

now imagine your using online banking and fatboy is sitting in your network playing a man in the middle attack.. he has the password to your bank account now and he could be sitting in a car a couple blocks away (if he's setup right) even further is using a dish and biquad or a lot of power through a yagi (my favorite)

now a script kiddie could never pull something like that off but it's possible (through testing I've confirmed all of this, why I can talk about it).. not really about how smart you are- if you don't enjoy doing it, you'll be mediocre at best

some people enjoy popping pimples.. others enjoying solving crime.. others, buttsecks

http://img225.imageshack.us/img225/9133/44929434632413380780203.jpg
azazel1024 6th June 2011, 19:38 Quote
Quote:
Originally Posted by jrs77
I see this whole thing as a protest against companies collecting data, where the companies can't guarantee this data to be stored safely.

The internet is a nice tool for communication and spreading information, but I'd recommend everyone to only use it anonymously and not to give away their information freely. In the past 16 years I'm actively using the internet on a daily basis, I've never used my CC to pay for something, nor did I ever subscribe to networks (social networks, forums, etc) by using my real name, birthdate or adress.
I don't even do order something online, but pick up the phone instead and pay per bill.

So, if all these current hacks make people aware of the fact, that their data isn't safe in the internet, then this can only be a good thing.

Privacy first.

If you've payed through EFT (eletronic funds transfer), CC or similar, than your financial information is stored by these various companies in a manner that might well be accessible to hackers (IE on a computer that is probably connected to the internet in some manner). About the only thing not paying over the internet has prevented is removing phishing vulnerability and man in the middle attacks. It doesn't stop your private information from being scoured from any company's hacked system that you've delt with.
PCBuilderSven 6th June 2011, 19:47 Quote
Sony with the PS3, Nintendo for the Wii, I just hope it's Microsoft next!
StoneyMahoney 6th June 2011, 22:47 Quote
Quote:
Originally Posted by PCBuilderSven
Sony with the PS3, Nintendo for the Wii, I just hope it's Microsoft next!

PS3 hacked, Wii hacked, PC hacked so long ago it's all taken as read... BillBox is the last one left standing.

I won't be around to comment on anything for a while, my friend Lucifer just asked if I wanted to spend the rest of the week at his place for some snowboarding.
leveller 7th June 2011, 07:56 Quote
Gmail servers attacked by 'apparently' Chinese hackers.

Hilary Clinton declares that cyber-attacks on the US can be classed as a declaration of war ...



Does that mean that internal US attacks are classed as treason now?

Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums