bit-gamer.net

LulzSec targets EVE Online, Minecraft, League of Legends

LulzSec targets EVE Online, Minecraft, League of Legends

Hacking group LulzSec has targeted a number of new sites and game servers.

Hacking group LulzSec has launched attacks on a number of new sites and companies, ranging from review site The Escapist through to indie hit Minecraft.

The attacks apparently came about after LulzSec started taking requests on Twitter in an event LulzSec called #TitanicTakeoverTuesday.

The group targeted the login servers for online games EVE Online and League of Legends, preventing users from playing the games and taking down the website for EVE in the process. Minecraft's login servers were also targeted, though Mojang were quick to react to the attack. Games website The Escapist was also taken down as part of yesterdays attacks.

CCP, the developer of EVE Online, explained that the attacks came in the form of distributed denial of service attacks and that no subscriber information or payment details had been compromised.

'Our policy in such cases is to mobilize a taskforce of internal and external experts to evaluate the situation,' said CCP's Jón Hörðdal. 'At 17:55 UTC, that group concluded that our best course of action was to go completely offline while an exhaustive scan of our entire infrastructure was executed.'

LulzSec has previously targeted other games companies, including Sony, Nintendo, Bethesda and Codemasters.

Let us know your thoughts in the forums.

65 Comments

Discuss in the forums Reply
will_123 15th June 2011, 12:11 Quote
What is the reasoning behind this? Or are they just doing it because they can..
BRAWL 15th June 2011, 12:13 Quote
Quote:
Originally Posted by will_123
What is the reasoning behind this? Or are they just doing it because they can..

"For the Lulz"

I expect this comments section to explode with hate against them...
Artanix 15th June 2011, 12:13 Quote
kids who think DDoS'ing is cool, I don't even count them as hackers if thats all they can do lol
TheLegendJoe 15th June 2011, 12:21 Quote
They hacked into some bot net over the weekend and have been trying it out from what I gather.....

Funny that their taking request :P They also said that it only took "0.4% of our guns" to take down the escapist :S no one better recommended bit tech ;)
MrJay 15th June 2011, 12:29 Quote
I don’t like the Medias definition of 'Hacking' a DDoS attack is not hacking.

Another case of words being to crude to describe a situation.

Lulz are just doing it for the Lols...Pure and simple, the power of a relative few to cause such disruption to many must be very appealing...Considering we live in a time that tries to stamp out individuality and force people to conform. I can totally see why people would be seduced by such activities. It’s not an excuse, but it is most certainly a reason.
oMonarca 15th June 2011, 12:33 Quote
Remember how DRM and similar crap came to be? Oh! Right... Because assholes needed to prove a point. No, please go ahead and give reason to those who want to tie down the Internet and make it more controlled and secure and harder to use.
Mentai 15th June 2011, 12:35 Quote
They've also targeted FBI affiliates, the US Senate, PBS, an Islamist Extremism site and Pron.com.

So nothing related to myself yet. I'll feel slightly less amused by the whole thing if they target Steam. Then again I tier my passwords across different accounts so I'm not sure how affected I'd be if they did hit something I use. Interesting that they haven't had anything happen to them yet after consistent attacks for 5 weeks now.

This helped me understand the situation a bit more:
http://newschoolsecurity.com/2011/06/are-lulz-our-best-practice/
MrJay 15th June 2011, 12:40 Quote
Quote:
Originally Posted by oMonarca
Remember how DRM and similar crap came to be? Oh! Right... Because assholes needed to prove a point. No, please go ahead and give reason to those who want to tie down the Internet and make it more controlled and secure and harder to use.

I agree this plays right into the hands of people who want to tighten the reins on the internet, which is most defiantly not a good thing : (

I think anonymity and safety in numbers has lead to Lulz being able to operate in the manner they do. The more authorities expose them the less likely they are going to want to face prison time for taking down random services.

I defiantly wouldn’t want to do time for inconveniencing some EVE players. Sony was targeted out of some vague principles, these new attacks are just because they can...No amount of belly aching is going to change that.
crazy95 15th June 2011, 12:49 Quote
i hope they get caught and killed
dam vermin breed like mad
attacking minecraft = death by stoning :P
tad2008 15th June 2011, 12:51 Quote
Lulzsec are n00bs! omfgw3rl33tc0sw3dd052own... NOT!
DwarfKiller 15th June 2011, 12:54 Quote
Wake me up when this group have given up and just fade into the background.
kosch 15th June 2011, 13:28 Quote
Its a conspiracy created by the Lizards from Zeta Reticuli!
Yemerich 15th June 2011, 13:39 Quote
I think they do this because of the attetion they are getting from the caos they generate. The best solution in this case is to just let them die in the anonimity.
Just don't talk about them anymore...
Pete J 15th June 2011, 13:42 Quote
I don't like this, as I imagine most don't either. Are Lulzsec really trying to help, or just being a pain? How long before they just start hacking every PC in sight?

Attack Minecraft? Why? I might not like the game but the developers seem like nice people.

I was also wondering why I couldn't access the Escapist last night (fancied watching some old ZP).
greypilgers 15th June 2011, 13:45 Quote
Very true. These brainless morons just need to be ignored by those with any intelligence and then they can all go back to their mum's lofts and spend their time looking up pictures of naked ladies...
dyzophoria 15th June 2011, 13:46 Quote
lol they are getting cocky aren't they?, whatever lulzsec, finally giving a reason to destroy net neutrality is what they are doing, fighting for a cause my ass, good work you stupid little script kiddies
liratheal 15th June 2011, 13:47 Quote
Conclusion: They're dicks.
Tokukachi 15th June 2011, 13:48 Quote
Not just for the Lulz, they attacked Eve due to Dust being PS3 only, believing it's a big "F*ck you" to the pc crowd who made CCCP all there money..

I believe the escapist attack was due to comments posted on the site about them and i have no idea why they targeted minecraft...

I'm not surprised they attacked league of legends too, the playing community is the hight of arseholeness...
Woodspoon 15th June 2011, 14:00 Quote
Quote:
Originally Posted by Neat69
Not just for the Lulz, they attacked Eve due to Dust being PS3 only, believing it's a big "F*ck you" to the pc crowd who made CCCP all there money..

I believe the escapist attack was due to comments posted on the site about them and i have no idea why they targeted minecraft...

I'm not surprised they attacked league of legends too, the playing community is the hight of arseholeness...

Actually it would appear an alliance called Atlas is claiming responsibility for paying Lulzsec to do it, and rather dumbly (in my opinion) appear to have announced it on their site.

something to do with, Operation: Free Shmak Datash.

"DDos Demitrios [ 2011-06-14 19:52:45 ]
KEEP IT COMING BITCHES! :P
FREE SHMAK DATASH! Demitrios [ 2011-06-14 18:34:54 ]
We would like to annouce that Atlas. has paid LulzSec to carry out the final, and most important stage of Operation: Free Shmak Datash.

TAKE THAT GM HORSE / NOVA!

I await your pitiful attempt to attack me by banning my account, ****ers."

http://killboard.atlas-dot.net/?a=home
binary101 15th June 2011, 14:00 Quote
Quote:
Originally Posted by Neat69
Not just for the Lulz, they attacked Eve due to Dust being PS3 only, believing it's a big "F*ck you" to the pc crowd who made CCCP all there money..

I believe the escapist attack was due to comments posted on the site about them and i have no idea why they targeted minecraft...

I'm not surprised they attacked league of legends too, the playing community is the hight of arseholeness...

Using the console logic they attacked minecraft cause its comming out on the xbox360 and thinking minecraft is selling out to big corporations?
jhng 15th June 2011, 14:31 Quote
LulzSec = Mary Whitehouse

Perhaps they don't like Minecraft's decision to do a deal with MS, or EVE Online's decision to put Dust on PS3, but that doesn't give them a right to interfere with the activities of Mojang or CCCP or to interfere with the activities of their customers.

By doing so they behave exactly like the worst kind of censor-happy right-wing nightmare -- taking the view that they know better than the rest of us and that their judgment on the what the 'right' behaviour is should be enforced irrespective of the freedoms of anyone else.

Even worse -- shutting down Escape because of negative comments about them is essentially the same approach that the Syrian government take to political dissent.

These guys urgently need a massive JS Mill-shaped suppository...
Panos 15th June 2011, 14:36 Quote
I don't think they bother us in EVE. The majority of us in there are used to siege warfare :D

The great annoyance was that the servers went down when there was an op ongoing to take out a system.
Probably Lulz got hired by our enemies.

As for the action, DDoS IS NOT HACKING. Just a lame way to boast so and try to solve serious real life issues. People who do hacking and phreaking, try to stay anonymous and away from the public eye. In a similar way the organised crime do so. :)
GravitySmacked 15th June 2011, 14:36 Quote
They're just trolling now.
C-Sniper 15th June 2011, 15:04 Quote
Nothing but a bunch of Skids.
Tokukachi 15th June 2011, 15:30 Quote
Pretty interesting article on them..

http://risky.biz/lulzsec
Spreadie 15th June 2011, 15:37 Quote
Quote:
Originally Posted by C-Sniper
Nothing but a bunch of Skids.
Yeah, it doesn't sound like they are pulling off anything that any bunch of script kiddies couldn't achieve.

Although, that's an even more damning indictment of the major corps they're scoring points off.
ccxo 15th June 2011, 15:42 Quote
The more they do, the quicker they will be caught then it will be a end to this stupidity and a tighter controlled internet.
Mighty Yoshimi 15th June 2011, 16:00 Quote
Can't be that nab, Given they've not been located yet. Pretty cleverly hidden their locations!
leveller 15th June 2011, 16:08 Quote
Quote:
Originally Posted by MrJay
I don’t like the Medias definition of 'Hacking' a DDoS attack is not hacking.

I agree. I would prefer they use the words "being a *****".
Kúsař 15th June 2011, 16:09 Quote
No more news about these kids, please. They've chosen a bad way to gain some fame. Let them wither and die, just like other internet trollgroups...
Jake123456 15th June 2011, 16:24 Quote
I hate them.

I hate them.


That is how I'm expressing my hate for them.





............



I hate them..
PyrO_PrOfessOr 15th June 2011, 16:25 Quote
I take back anything positive I ever said about Lulzsec. Seriously growing tired of their sh*t. The NHS thing can't override the fact that they are acting like children and will probably end up causing more trouble on the internet than preventing it.

No need for DDOSing - they were just bored and showing off...
azazel1024 15th June 2011, 16:35 Quote
One more case of immaturity, but meh. I meh, because frankly, as with anonymous, I think they are going to find that once they piss off enough people the authorties are eventually going to catch up with them. Sure, I doubt all involved will go to jail, but like with most other notorious hackers and hackers collectives, a lot of them will be taken down eventually. It might take a decade to catch up with them, but I bet 99% of them think "no one is ever going to catch me".

Maybe it is because I hate anarchists (which these guys pretty much are) or maybe it is because frankly I dislike the concept of going to jail (that is me personally going to jail I dislike the idea of)...but I don't see what the Lolz are in doing something illegal that is likely to get you put behind bars for....I'd say anything from 1-10 years depending on what you did and what they come after you with.
von_stylon 15th June 2011, 17:11 Quote
http://www.dailytech.com/LulzSec+Infects+4Chan+Users+Uses+Them+to+DDoS+the+World/article21913.htm

http://www.dailytech.com/Welcome+to+2011+Year+of+the+Hacker/article21896.htm

best site eva lol

http://lulzsecurity.com/

I think they are bunch of twats to be honest but I do agree with going after the fat cats who take advantage of the little men like me.
FelixTech 15th June 2011, 17:12 Quote
Why don't they do something amazingly good natured and go "Here NSA, have the keys to this massive botnet."?
leveller 15th June 2011, 17:23 Quote
Quote:
Originally Posted by von_stylon
I think they are bunch of twats to be honest but I do agree with going after the fat cats who take advantage of the little men like me.

Surely they should attack websites belonging to de-forestors, whaling vessels, arms dealers, Katie Price, corrupt politicians, businesses who infect us with their toxic waste ... any more needed?

These dicks just want attention from like-minded geeks. Hence targeting gaming. They do nothing for societies ills and causes.
thehippoz 15th June 2011, 17:24 Quote
Quote:
Originally Posted by FelixTech
Why don't they do something amazingly good natured and go "Here NSA, have the keys to this massive botnet."?

hopefully they will go whitehat someday.. I really don't want to see any of them go to jail- as they are probably around 15-17.. guys like this make really good infosec guys.. they don the shield against what they formerly were lol ironic huh

otherwise you just get college ed or (special ed) in those positions, and you see how well they do.. might as well hire a chicken
KiNETiK 15th June 2011, 17:31 Quote
In a way what LulzSec are doing is interesting since it is highlighting the fact that the internet is seriously lacking security. Perhaps it will start making companies take notice and start taking security/data much more seriously. I like to think that they are doing it for a reason rather than just because they can.. Still, making a statement like this is not fair if users suffer.
jimmyjj 15th June 2011, 19:09 Quote
Some members of anonymous have been arrested in Spain and other countries.

I imagine once they have been butt raped in some filthy Spanish jail a few times they will not think they are so clever.

These guys should remember that they could be next...
HourBeforeDawn 15th June 2011, 19:14 Quote
Quote:
Originally Posted by MrJay
I don’t like the Medias definition of 'Hacking' a DDoS attack is not hacking.

Another case of words being to crude to describe a situation.

Well when this first came about you had two groups Hackers (the good guys) and Crackers (the bad guys) but then it took one highly publicized news event and a wrong choice of words which in the end merged Hackers and Crackers together as a negative.

Then later in attempt to fix this, White Hat (good guys), Black Hat (bad guys) and Grey Hats (sits on the fence) was coined but hasnt really taken off in the eyes of the media...
HourBeforeDawn 15th June 2011, 19:15 Quote
Quote:
Originally Posted by KiNETiK
In a way what LulzSec are doing is interesting since it is highlighting the fact that the internet is seriously lacking security. Perhaps it will start making companies take notice and start taking security/data much more seriously. I like to think that they are doing it for a reason rather than just because they can.. Still, making a statement like this is not fair if users suffer.

agreed
somidiot 15th June 2011, 22:39 Quote
loosers, it's easy to destroy something. Creation is difficult, I'd like to see them try and make something instead. I doubt they're up to the challenge.
Shayper09 15th June 2011, 22:58 Quote
Oh god I would love lulzsec to hit e-gay and cacktivision next.

Not that I agree with what they do, mostly, but some companies need their arses handed to them on a platter.

**** off and die origin, we want bf3 on steam. And would much prefer dedicated servers on cod.

/probably what was a rather childish rant :)
Fizzl 16th June 2011, 01:01 Quote
I know they are acting like a bunch of kids and it's annoying but I do wonder how many of these companies have had any form of penetration testing in the past? How about a security audit?

Has bit-tech been checked?

Sony certainly hadn't and they can afford the £1000+ a day a skilled penetration testing team can charge.
greypilgers 16th June 2011, 13:18 Quote
Huh - I just read that they allegedly attacked a CIA website. That may just be the start of them and their downfall.

I hope so!
leveller 16th June 2011, 13:58 Quote
Homeland Security is offering advice to financial institutions helping to protect them from hackers ... maybe they could fit in the CIA as well.
azazel1024 16th June 2011, 16:00 Quote
So they took down some websites. There are some things you can do to make a site resistant to DDoS attacks, but only so much. No matter how resistant a site is, if it gets hammered on enough it will go down. It takes processing/routing/firewall power to reject DDoS calls and accept legitimate calls. Of course it is infinitely worse if you have no DDoS protection and you accept DDoS calls as legitimate and you attempt to service thousands or hundreds of thousands of requests at a time.

Anyway, fart in the wind as they say. So far it sounds like they've "hacked" all of two sites using SQL injection attacks. Whoop-ty-do. SQL injection attacks are about as easy as you can manage (which makes having SQL injection vulnerabilities that much more bone headed) and frankly it isn't really much in the way of hacking. Its maybe a step up from script kiddy work, but only a baby step.

All it really does is give you access to information on the database that the form/field is linked to or others that it might have a union to. It isn't like you wield phenomenal cosmic power (have to deal with an itty bitty living space though) over the system.
KiNETiK 16th June 2011, 17:24 Quote
Quote:
Originally Posted by azazel1024
So they took down some websites. There are some things you can do to make a site resistant to DDoS attacks, but only so much. No matter how resistant a site is, if it gets hammered on enough it will go down. It takes processing/routing/firewall power to reject DDoS calls and accept legitimate calls. Of course it is infinitely worse if you have no DDoS protection and you accept DDoS calls as legitimate and you attempt to service thousands or hundreds of thousands of requests at a time.

Anyway, fart in the wind as they say. So far it sounds like they've "hacked" all of two sites using SQL injection attacks. Whoop-ty-do. SQL injection attacks are about as easy as you can manage (which makes having SQL injection vulnerabilities that much more bone headed) and frankly it isn't really much in the way of hacking. Its maybe a step up from script kiddy work, but only a baby step.

All it really does is give you access to information on the database that the form/field is linked to or others that it might have a union to. It isn't like you wield phenomenal cosmic power (have to deal with an itty bitty living space though) over the system.

If you look at their release site you will see that they have released information that suggests they have hacked a lot more than 2 sites: Most recently (from this past week) releasing internal code/data from
Senate.gov, Bethesda , Pron.com. Thats not to mention their various Sony site data and more..

Whether they are using DDoS, SQLi or more advanced techniques, I think companies should start taking notice.
leveller 16th June 2011, 18:11 Quote
Rumour is they've now released 62,000 username and password combinations from an unknown source ...
thehippoz 16th June 2011, 18:14 Quote
it was sql? be sad if it was ftp related.. yeah read about senate.gov but looks like they didn't get much farther than listing the contents of the apache server.. that's not that hard to do

what they did to bethesda is a full break.. metasploit used at it's finest including passing the hash and creating a pivot to get into boxes not connected.. pretty good stuff
I don't like the releasing of names/passwords.. getting out of hand xD
Fizzl 17th June 2011, 00:22 Quote
Quote:
Originally Posted by azazel1024


All it really does is give you access to information on the database that the form/field is linked to or others that it might have a union to. It isn't like you wield phenomenal cosmic power (have to deal with an itty bitty living space though) over the system.

You would think that wouldn't you?

As with most things in security 'it depends'. In many cases you can use SQL injection, even blind SQL injection, to completely own a system. For a start that database will have credentials for the machine it's on, there are ways to ask the database what these are. You can often use a database to issue commands to the machine it's on too and since that database was install as an administrator (surprisingly common) your commands are executed with administrator privileges. You can upload your own programs (as in the end programs are just data) you could upload a webshell to make the hack easier, hell MS SQL comes out of the box with XP Command Shell which is basically an I win button if you can get to it.
thehippoz 17th June 2011, 00:58 Quote
they use meterpreter extensions.. then you really have unlimited access to the machine without the limits put on sh or cmd without creating a new process.. your executing in the process that was exploited- all in memory

avoids anitvirus like this too.. it's all part of metasploit
leveller 17th June 2011, 11:12 Quote
So ... All those who support and/or defend these dickheads seem to have gone pretty quiet ... is it possibly because releasing 62,000 persons details and the ensuing chaos it has caused is slightly indefensible?

Your heroes turn out to be villains. What a shocker.

GeorgeStorm 17th June 2011, 11:16 Quote
http://twitter.com/#!/lulzsec
Sickening, people are getting blind robbed because of these guys, it's not just emails or whatever anymore, paypal accounts and stuff, no one can defend them now.
steflizz 17th June 2011, 12:11 Quote
They must live a sad, pathetic life for doing stuff like this.
ccxo 17th June 2011, 17:54 Quote
Im suprised their site and their twitter account have not been taken down yet.
greypilgers 17th June 2011, 23:07 Quote
Ugh. Isn't everyone bored of these fools yet?
thehippoz 17th June 2011, 23:45 Quote
Quote:

@LulzSec The Lulz Boat
@kevinWilson94 You look insanely pompous. Did you have your eyebrows waxed?

I find them funny.. they had one about facebook being people's lives and how sad that it's over.. they are just doing what everyone wants to do but doesn't have the balls too
GravitySmacked 17th June 2011, 23:50 Quote
I don't want to do it.
leveller 18th June 2011, 01:37 Quote
Quote:
Originally Posted by thehippoz
I find them funny.. they had one about facebook being people's lives and how sad that it's over.. they are just doing what everyone wants to do but doesn't have the balls too

There is no way to distinguish between a dickhead hacker, some leecher who grabbed the file, or the real person. Peoples lives could and likely will be made a misery because of this, and you find them 'funny' ...

Grow up.
thehippoz 18th June 2011, 02:57 Quote
I don't really care about the anon rivalry they supposedly have.. but I know they are teenagers who probably just got fed up.. they had the only keys to a building so they decided why not..

hacking servers has been going on forever man.. the only reason your mad is because it's effected you somehow.. china does it all the time- actually they have a super computer that I'm sure is used to crunch rainbow tables and hashes/brute force all day.. you won't hear about it because they target information important to them

these aren't the only people out there.. funny they seem to have no other motive but to cause misery.. I put them quite a bit above the governments and organized crime involved in much deeper theft of information

it is amusing to see the ground level of exploit development go nuts.. gotta admit the twitter feeds are pretty funny- like the stuff about facebook and how it rules people's lives.. it wouldn't be funny if it wasn't true
greypilgers 18th June 2011, 09:29 Quote
They sound like plebs with nothing in their lives except for these malicious 'exploits', to me.
Nothing funny about them. I pity them. It was just silly and a waste of their talent when they were just attacking sites to bring them down. As soon as they started releasing other people's private data for 'Lulz' that became an affirmation that they jkust need to grow up and try and do something productive with their meagre lives. Productive doesn't mean boring, and fun doesn't mean being a complete dick. It's because so many fools get this simple idea wrong that we have so many people like Lulzsec et al.

Shame really. These small minded individuals give the larger majority of intelligent and decent computer wizards a very bad name.
modfx 18th June 2011, 11:00 Quote
[QUOTE=Neat69]
I'm not surprised they attacked league of legends too, the playing community is the hight of arseholeness...[/QUOTE=Neat69]

I resent that, true there are some complete ******s pla
ying but you get that in every game. I only play with a premade team mind because random matched games usually mean you get a load of shitters
leveller 21st June 2011, 13:15 Quote
BBC news. 19 year old. Arrested in Essex. Connection to Lulzsec, with help from FBI.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums