Want CNET to notify you of price drops and the latest stories?

Hackers target Sony, Nintendo and FBI partner Web site

Customer data from Sony Europe, InfraGard passwords and benign data from Nintendo server released in separate intrusions, hackers claim.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
4 min read

The InfraGard Atlanta site was defaced, and a non-English language video was on the front door.
The InfraGard Atlanta site was defaced, and a non-English language video was on the front door.

Hackers went on a rampage late today, targeting Sony Europe, Nintendo, and the FBI-affiliate InfraGard Atlanta in a series of intrusions and security compromises that appears to have exposed passwords of some Sony and federal government employees.

The moves follow reports of hacks hours earlier that involved Acer Europe, Iran, NATO, and the United Arab Emirates.

Sony, whose business units globally have suffered what amounts to about a dozen different computer intrusions already over the past two months, was again targeted. Someone identified as Lebanese hacker Idahc, who targeted Sony Ericsson last week, appeared to have compromised the e-commerce site for professionals owned by Sony Europe and released phone numbers and e-mail addresses for about 120 people, according to The Hacker News. The site, apps.pro.sony.eu, was redirecting to Sony.co.uk.

Sony Europe representatives did not return an e-mail seeking comment late today.

Separately, a hacker group called LulzSec that targeted Sony Music Japan last week, said it hacked into the Web site of InfraGard Atlanta, defaced it and released 180 usernames and passwords of members. InfraGard is an FBI program that serves as a public-private partnership dealing with cybersecurity. The site, InfragardAtlanta.org, which appears in some FBI press releases, was displaying a non-English language video and the banner "Let it flow you stupid FBI battleships."

Passwords apparently from government agencies including the FBI, the FAA, the USDA, and the Nuclear Regulatory commission appeared in the public data dump. "All of them (log-ins) are affiliated with the FBI in some way," the group said in a statement. "Most of them reuse their passwords in other places, which is heavily frowned upon in the FIB/Infragard handbook and generally everywhere else too."

LulzSec said it took the action because of a plan by the Obama administration to classify cyberattacks as acts of war.

The group also released e-mails of an InfraGard member whose personal Gmail account and corporate Google Apps account used the same password. Karim Hijazi, chief executive of Unveillance, confirmed the attack to CNET. He said the hackers had threatened to go public with his data if he didn't provide information his firm collects from customers about compromised computers and command-and-control servers that is used to neutralize botnets. He said he had reported the intrusion and alleged extortion to the FBI and that the only harm was that his personal and work e-mails were exposed.

"In spite of these threats, I refused to pay off LulzSec or to supply them with access to this sensitive botnet information," he said in a statement that was later posted on the company's Web site. "Had we agreed to provide this data to them, LulzSec would have been able to grow the size and scope of their DDoS (distributed denial-of-service) attack and fraud capabilities."

LulzSec later disputed the extortion allegation in a statement and accused Hijazi of offering to pay the hackers to destroy his competitors and seeking their help in finding "enemy" botnets and botnet trackers. "To clarify: it was not our goal to extort anything from Karim at @Unveillance--we were merely testing if he would fold or not," the group said in a Tweet, followed by another: "The goal was to get him into a position of wanting to fold to extortion, and then exposing that weakness publicly. :D"

Unveillance had contributed to a report entitled "Cyber Dawn: Libya" from the nonprofit Cyber Security Forum Initiative (CSFI) that is available for download from the CSFI Web site. LulzSec apparently came across e-mails pertaining to that research and claimed in its statement to have "uncovered an operation" involving the U.S. government funding CSFI "to attack Libya's cyber infrastructure," but it was not possible to independently confirm this.

"In light of recent NATO actions to protect Libyan civilians, the primary media focus has been placed on the elimination of Libyan military equipment that has been, or could be, used to suppress and oppress, through the use of lethal force, the civilian population," says the unclassified report. "It is hoped that the analysis and research presented in this report will increase awareness of cyberwarfare as both a threat to be aware of, and an effective tool that if used appropriately, may expedite the resolution, or reformation to a postconflict and stable Libya by a reduced loss of civilian life and minimal negative impact to global economic stability."

Representatives from CSFI did not return an e-mail seeking comment late tonight.

LulzSec released Internet Relay Chat logs that Hijazi confirmed were communications between him and several members of the group. In them, the hackers bully and toy with Hijazi, who was using the alias "moondog," offering to help him and his firm in exchange for information such as "government portal/info searches" or "inside FBI alerts." At one point, Moondog says he provided CSFI information about compromised hosts in Libya. "I didn't know the intent and was in marketing mode," Moondog says. "I am truly starving guys."

In his statement, Hijazi released an excerpt from an IRC log with the group in which one of the hackers says "The point is a very crude word: extortion... Let's just simplify: you have lots of money, we want more money."

Separately, LulzSec released data it identified as a Nintendo configuration file, typically used to configure Web server or other settings and not considered a serious data breach.

"We're not targeting Nintendo. We like the N64 too much--we sincerely hope Nintendo plugs the gap. This is just for lulz. <3," the="" hacker="" group="" wrote="" on="" Twitter.="" "We="" love="" SNES,="" Megadrive,="" N64,="" Dreamcast...Sega="" &="" Nintendo="" have="" a="" special="" place="" in="" our="" Lulz="" Boat.="" Desert="" Strike,="" anyone?="" #MEGADRIVE."="" <="" p="">

A Nintendo representative released this statement when asked for comment: "The protection of our customer information is our utmost priority. Therefore, we constantly monitor our security. This particular situation was a server configuration issue that we investigated and resolved a few weeks ago. The server contained no consumer information."

Updated June 4 at 3:25 a.m. PT with LulzSec statement and at 12:28 a.m. PT with LulzSec denying that it intended to extort Hijazi.