Late on Thursday (2 June 2011) the LulzSec hacking group claimed to have executed their ‘Sownage’ plot, successfully compromising a number of Sony websites, including two Sony websites in the Netherlands and Belgium, and the massive SonyPictures.com domain.
In the build up to this attack, LulzSec was brazenly taunting Sony over their lack of security, Tweeting: “Hey @Sony, you know we’re making off with a bunch of your internal stuff right now and you haven’t even noticed? Slow and steady, guys.”
LulzSec has now issued a statement claiming: “We recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 “music codes” and 3.5 million “music coupons”.”
By way of evidence, LulzSec has uploaded the various databases on file distribution networks, and linked to them on their website.
“Our goal here is not to come across as master hackers,” explains LulzSec – “hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”
“What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.”
“This is an embarrassment to Sony; the SQLi link is provided in our file contents, and we invite anyone with the balls to check for themselves that what we say is true. You may even want to plunder those 3.5 million coupons while you can,” states LulzSec.
Sony’s embarrassment and flawed security
The attack on Sonypictures.com and two Sony websites in the Netherlands and Belgium represents a new embarrassment for the Japanese electronics giant, which is still struggling to cope with a massive breach of its online entertainment networks in April 2011.
Sony is only just starting to bring those services back online, with the PlayStation store grumbling into life within the last couple of days (http://mygaming.co.za/news/ps3/12081-PlayStation-Store-back.html). It seems that Sony simply cannot keep up with the rampant hacking offensive against it, and the various hacking communities appear to have sensed blood in the water on this one. Hopefully the PSN has been patched up and is secure – only time will tell.
Sony probing hacker’s claims
Sony Pictures says it is investigating the statement from LulzSec hackers claiming to have stolen more than 1 million pieces of user information. Sony Pictures said it is aware of the LulzSec statement and looking into it.
LulzSec also recently claimed responsibility for hacking the website of PBS network to post a fake story in protest of a recent “Frontline” investigative news program on WikiLeaks. A snapshot of the hacked PBS website can be seen here.
What do you make of the latest claims of hacking attacks against Sony? << Let us know on the MyGaming forum
Source : Sapa-dpa/Sapa-AP; LulzSecurity