New hackers, old name: LulzSec Reborn hacks servers
The name is just as familiar as the approach: a group of unknown hackers that goes by the name of "LulzSec Reborn" intruded into the servers of a US technology company and of an online dating agency for US soldiers. They extracted database information and released the material on the internet.
On Tuesday, the hackers released data they extracted from a server belomging to CSS Corp, an IT service provider that specialises in security and mainly operates in the US and in India. The leaked data includes a list of the names, phone numbers and passwords of ten lead technicians and the names and email addresses of CSS Corp customers. Evidence within the files indicates that the data was harvested in mid-March.
A couple of days ago, LulzSec Reborn published the personal data of 163,792 members of the MilitarySingles.com e-dating site. The released information includes email addresses, nicknames and full names, as well as postal addresses and passwords. MilitarySingles accepts both military personnel and civilians; the majority of members are US soldiers although the site is not being run by the US military itself.
The user passwords in the published database extract are stored as MD5 hashes – this allows simple passwords to be decrypted with minimum effort via dictionary attacks. According to the database records, the hack took place on 24 March. In a tweet, the hackers said that they plan to publish further site data soon.
Claiming responsibility on Pastebin, the hacker group calls itself "LulzSec" and mentions an IRC chat room called "#LulzSecReborn" – although, in effect, the LulzSec chapter is now supposed to be closed: in early March, the FBI brought charges against six hackers, four of whom were leading LulzSec members. One of the hackers, Hector Xavier Monsegur, aka "Sabu", had been arrested in June 2011. He subsequently helped the FBI identify further members.
The original LulzSec group is thought to be responsible for intrusions such as those into US TV stations Fox Broadcasting and Public Broadcasting System (PBS) as well as entertainment companies Sony Pictures and Bethesda Softworks.
On 17 March, a YouTube video had announced the return of LulzSec on 1 April – a statement that was originally met with disbelief. Talking to Eduard Kovacs at Softpedia.com, "LulzSec Reborn" said that they don't have anything to do with the video: "we don't know who is planning that." The LulzSec hackers also openly admitted to Softpedia that they are a new group: "The idea is to continue what some have started and never managed to finish. At the same time we want to avenge the ones that were arrested."