PBS Web Site hacked By Lulz Security
The image that Lulz Security posted on the PBS web site when they defaced it. Other additions to the site included a story saying Tupac Shakur was actually alive. Sophos Labs

With the games industry already weakened after April's attack on Sony's PlayStation Network, the hacker collective LulzSec have mounted a fresh cyber assault not just on Sony, but also game-development guru Nintendo, leading to speculation about a possible future assault on Microsoft.

Sony the PSN crisis and LulzSec

Sony's PSN crisis began in mid-April when a group of, as yet unidentified, hackers breached the tech-giants online security. The attack left as many as 100 million PlayStation customers account and billing information compromised and forced Sony to shutdown its network.

The network subsequently experienced a prolonged period of downtime leaving users without the service for up to six weeks -- or more in certain Asian territories.

While the PSN was reactivated early last month, certain key services like the PlayStation Store remained inactive until a few days ago.

The reason for the attack has commonly been speculated to stem from the large amounts of ill-will the company built against it as a result of its treatment of George Hotz.

Hotz, also known as GeoHot in certain online circles, came into Sony's firing-line back in 2010 after he released a hack on his blog and website that, amongst other things, allowed users to play pirated games on their PS3.

Sony's reaction was to sue Hotz and subsequently demand that PayPal give the IP addresses of every internet user who viewed the video on how to do the hack.

The what many considered heavy-handed approach taken by Sony is often considered one of the key reasons the unknown hacker group targeted it.

Since the attack, despite receiving a fair amount of public criticism for its handling of the outage, Sony did seem to be getting back on its feet. The company had managed to re-start all the key features of its PSN and had released numerous apologies and "Welcome Back" gifts to affected users.

It was at this point that the hacker collective LulzSec claimed to have mounted its own successful raid on Sony's computer networks.

The group first claimed responsibility in a post on its Twitter page reading, "1,000,000+ unencrypted users, unencrypted admin accounts, government and military passwords saved in plaintext. #PSN compromised. @Sony".

It subsequently went on to post images and text files of the data it reportedly stole from Sony.
On its website the group cited its reason for the attack as to demonstrate the inherent weakness of Sony's security.

"Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now.

"From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"

The post continued, "What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it."

Nintendo and LulzSec

Since it targeted Sony, LulzSec has gone on to claim responsibility for a second successful attack, this time against Nintendo.

In correspondence with GameSpot Nintendo has since confirmed that it did suffer a recent attack on its network. The company also promised consumers that it had thwarted the attempt and no user or company information was lost.

"The protection of our customer information is our utmost priority. Therefore, we constantly monitor our security. This particular situation was a server configuration issue that we investigated and resolved a few weeks ago. The server contained no consumer information."

As it did with its attack on Sony, the group went on to post the data it reportedly stole on its website.

Bizarrely LuzlSec has offered no real reason why it chose to target Nintendo. The closest reason the group gave for the attack was that it was "fun".

In a statement on its website the group even admitted to liking the company, "We're not targeting Nintendo," said a message posted on the group's Twitter page. "We like the N64 (gaming console) too much - we sincerely hope Nintendo plugs the gap."


It is because of the random nature of LulzSec's attack on Nintendo that certain analysts and industry commentators have speculated that a future cyber attack on Microsoft may be in the works.

While both the attacks on Sony could be seen as having some purpose behind them, LulzSec's subsequent attack on Nintendo couldn't.

The cause for concern stems from the fact that the group by its own admission targeted Nintendo just for fun, or as posted on its website "just for LulzSec".

The group by extension has demonstrated a bizarre new dimension and insight into how hacker groups like LulzSec operate. Showing how rather than being the active group trying to achieve an actual goal with its cyber attacks -- as LulzSec claimed it did with Sony -- the group is in reality just hacking companies and websites because the individuals involved find it fun.

While this is by no means a startling revelation, it could mean bad news for companies. LulzSec in its attack on Nintendo and Sony shows a new type of mindset. Not only did it commit an attack just for fun, but in both cases it boasted the hack as a true achievement, even displaying trophies -- the documents it claims to have stolen -- on its website.

If this behaviour is shared by other hacking groups this in reality means that no company is immune. In fact, companies with high-profiles or strong security could increasingly be targeted being viewed as "better game".

If true Microsoft would present the hacker with a rather sizeable trophy.

UPDATE: LulzSec have issued a fresh statement claiming to have once again hacked Sony.