Nintendo hit by LulzSec hack

gallery

Nintendo has become the latest high profile organisation to be targeted by hacking group LulzSec, according to reports.

LulzSec was responsible for attacks on Sony recently and hacked a site of an FBI affiliate on Friday.

The Wii manufacturer saw one of its affiliate’s servers attacked a number of weeks ago, although no specifics have been given.

Nintendo claimed no consumer or corporate data was stolen, with no third parties affected either.

"The protection of our customer information is our utmost priority," Nintendo said in a statement. "We constantly monitor our security.”

It comes at a bad time for Nintendo, which is hoping to impress at the E3 games conference in LA this week.

LulzSec also claimed responsibility for breaking into SonyPictures.com, compromising over one million users’ personal data, including passwords, email addresses and home addresses.

“We do have 54MB of Sony data to drop. Maybe a torrent - we'll see what we can do with that. No estimated time yet,” the group posted on Twitter this morning.

FBI Friday

Whilst the Nintendo breach appears not to be overly serious at the current time – certainly not on the scale of the Sony breaches – LulzSec’s efforts on an FBI affiliate could have notable connotations.

On Friday, the group hacked into Infragard, a collaboration service designed to help connect the private sector and individuals with the FBI.

Having infiltrated the Atlanta chapter of the Infragard website, LulzSec published 180 usernames, hashed passwords, plain text passwords, real names and email addresses.

LulzSec went after one Infragard user in particular – Karim Hijazi, chief executive of private botnet monitoring service Unveillance.

The hacking collective claimed in a statement Hijazi offered to pay LulzSec “to eliminate his competitors through illegal hacking means” in return for its silence.

“Karim, a member of an FBI-related website, was willing to give us money and inside info in order to destroy his opponents in the whitehat world. We even discussed plans for him to give us insider botnet information,” LulzSec said.

In his own statement, Hijazi said he had been threatened by LulzSec and asked to provide money and botnet information to the collective.

“I was personally contacted by several members of this group who made threats against me and my company to try to obtain money, as well as to force me into revealing sensitive data about my botnet intelligence that would have put many other businesses, Government agencies and individuals at risk of massive Distributed Denial of Service (DDoS) attacks,” Hijazi said.

“In spite of these threats, I refused to pay off LulzSec or to supply them with access to this sensitive botnet information. Had we agreed to provide this data to them, LulzSec would have been able to grow the size and scope of their DDoS attack and fraud capabilities.”

Hijazi said he refused to bow to LulSec’s demands and hoped the incident would “enlighten others as to the true character and intent of this organisation.”

“I refused to comply with their demands. Because of this, they followed through in their threats – and attacked me, my business and my personal reputation.”

In response, LulzSec released a new statement, claiming it never planned to extort Unveillance.

“We were simply going to pressure you into a position where you could be willing to give us money for our silence, and then expose you publicly,” the group said.

Email to a friend

Print this page