Sony Website Hacked By the "Lulz Boat"

Recommended Videos

Kopikatsu

New member
May 27, 2010
4,924
0
0
Awexsome said:
poiuppx said:
Frylock72 said:
This is the one of the things that would make me glad to deal with a regulated internet.
Depressingly, I'm starting to agree. I'm a believer in free speech and a free internet, but if it allows this kind of damage... maybe it's time to tame the Wild West.
Seconded. This is out of control.

I'd be fully in favor of requiring to identify yourself with your social security number or whatever takes the place of something like that in other countries before surfing online. It's too lawless. People could believe the government conspiracy theories of if they'd watch you surfing porn, but I for one have the confidence that the government isn't going to turn into Big Brother from bringing criminals like this to justice just like that.
Thirded. I don't know about government not turning into Big Brother (I'm a believer in Communism, but there hasn't been a single true Communist nation. Soviet Russia, North Korea, Vietnam, etc...those were all Socialist. You can't have totalitarian anything or a Dictator in an actual Communist society, but lo and behold...people took advantage and made themselves into Tyrants. Kind of like the thing with Anonymous breaking down. Alphas and people who perceive themselves as an Alpha will always be looking to take control...)

ANYWHO! Getting off topic here. I would give up my anonymity in order to make the internet a safer place, most definitely so.

SenseOfTumour said:
As someone else said, it's time to stop hiring lawyers and start hiring some security, all the lawyers in the world won't help if this stuff keeps going public as people just are not going to trust you with their info.

As an analogy, in defending your home, most people make sure they have locks on their doors before they get guns and guard dogs. Defence before attack.

OF course, that's all based on whether what this bunch of criminals are saying is actually true, about how weak their security was. If it is however, they really should have shifted some funds around and got some shit locked down after the first break in.
Sony hired at least three separate security firms to revamp their security after the PSN fiasco. I think this is the 23rd time I've mentioned this on this thread...
 

sleeky01

New member
Jan 27, 2011
342
0
0
Kopikatsu said:
sleeky01 said:
Kopikatsu said:
sleeky01 said:
You want a real challenge?

http://www.pbc.gov.cn/

Take your pick.
Uuuuuh...http://blogs.forbes.com/andygreenberg/2011/05/30/pbs-hacked-after-critical-wikileaks-show/
Oh for god sa...look at that link again would you?
...Oh. I mistook the 'c' as an 's'. My bad. Why would that site be difficult to hack, though?
Did you even look at the site I linked? Somehow I don't think you would be asking me that question if you did. Take a look again:

http://www.pbc.gov.cn/

If lulzdouche is looking to finance themselves and are looking for a challenge...
 

Kopikatsu

New member
May 27, 2010
4,924
0
0
sleeky01 said:
Kopikatsu said:
sleeky01 said:
Kopikatsu said:
sleeky01 said:
You want a real challenge?

http://www.pbc.gov.cn/

Take your pick.
Uuuuuh...http://blogs.forbes.com/andygreenberg/2011/05/30/pbs-hacked-after-critical-wikileaks-show/
Oh for god sa...look at that link again would you?
...Oh. I mistook the 'c' as an 's'. My bad. Why would that site be difficult to hack, though?
Did you even look at the site I linked? Somehow I don't think you would be asking me that question if you did. Take a look again:

http://www.pbc.gov.cn/

If lulzdouche is looking to finance themselves and are looking for a challenge...
Yeah, I did. People's Bank of China. I don't get the challenge thing, though. Are Chinese Government sites supposed to be hackproof or something?
 

OutforEC

Professional Amateur
Jul 20, 2010
427
0
0
This alleged security breach, as far as I have been able to tell, hasn't even been verified by Sony yet (who at last check was 'looking into it'), so everyone is basically just taking as gospel the words of a group called Lulzboat? Really?
 

Sikratua

New member
Apr 11, 2011
183
0
0
Doxcology said:
Oh for fucks sake, I'll say it again and maybe this will be put to rest. THERE IS NO REASON FOR THE HACKERS TO LIE ABOUT THEIR METHODS!
That comment has already been shown to be bullshit multiple times in this thread. If you read this thread, you will see that most of the comments fall into one of two catagories.

1: "These hackers suck and should go to jail."

2: "Sony sucks, and so does their security."

Since the only stated reason for this attack was to discredit Sony, it would benefit the hackers to claim that it was dirt simple to perform this hack. Let's put this into a different kind of attack. When a couple kids get into a fight in the playground, how often does the winner say "I got some of the crap kicked out of me, but I still won?" It's human nature to try to discredit other people, because doing so brings them down to a lower level. That's exactly what these guys intended to do with Sony. So, their stated intent gives them an extremely good reason to lie about the defenses that Sony mustered.

So, just to reiterate: The comment I quoted above is bullshit. Can we move on, please?
 

Kopikatsu

New member
May 27, 2010
4,924
0
0
mojodamm said:
This alleged security breach, as far as I have been able to tell, hasn't even been verified by Sony yet (who at last check was 'looking into it'), so everyone is basically just taking as gospel the words of a group called Lulzboat? Really?
It helps that they regularly post all of the information they've gathered and it's a rather simple matter to check if the accounts/people are real or not.

One news network called an account's given phone number post by LulzSec and verified that it was genuine.

Out of hundreds of thousands.
 

DanDeFool

Elite Member
Aug 19, 2009
1,891
0
41
TornadoFive said:
Also, I must have missed the memo that said, "Everyone gang up on Sony for the next couple of months." Seriously, their online stuff has been attacked how many times now? More than I can be bothered keeping track of anyway.
I made a prediction about this a few weeks ago, and I think it's coming true. It seems to me that these hackers have one objective; to use their knowledge of internet security to ruin a multinational company, JUST TO SHOW EVERYONE THAT THEY CAN.

That said, I originally gave a semi-approval of what they were doing, saying something like "if these guys can put the fear of the common man into the hearts of the corporate world, I think it's a net positive" but after thinking about it some more, I realized that these kinds of attacks could be a huge blow to the case for Net Neutrality. After all, protecting their corporate campaign contributors from hackers could just be the last push needed to get legislators worldwide to vote for a regulated and restricted Internet.

Greg Tito said:
The group claims that much more could have been nabbed if only they had the resources (read: money) to make it happen, prompting a request for donations.
Yes, because now we're all going to be chomping at the bit to fund cyberterrorists. Frankly, I think these guys have their hearts in the right place, hitting Sony back for abusing their customers and whatnot, but they have their heads up their asses. Not seeing the big picture at all.
 

OutforEC

Professional Amateur
Jul 20, 2010
427
0
0
Kopikatsu said:
mojodamm said:
This alleged security breach, as far as I have been able to tell, hasn't even been verified by Sony yet (who at last check was 'looking into it'), so everyone is basically just taking as gospel the words of a group called Lulzboat? Really?
It helps that they regularly post all of the information they've gathered and it's a rather simple matter to check if the accounts/people are real or not.

One news network called an account's given phone number given by LulzSec and verified that it was genuine.
I can give you the phone number of any number of people and claim I hacked into secret-squirrel database to get it, but that doesn't make it true. Hell, I could give a news network my phone number and tell them to ask for so-and-so, and they'd never know the difference. Especially if some of the stories I've read tonight on various sites is indicative of people's ability to fact-check.

All I'm saying is that I'll reserve judgement until I get the facts, and not just heresy sourced by a Twitter feed.

Edit: Ah, I see you edited and clarified. Then perhaps there's more to this than I thought, and I'll await to hear what the target/victim has to say.

Thanks for the clarity.
 

-Dragmire-

King over my mind
Mar 29, 2011
2,821
0
0
I know nothing of hacking but the wikipedia page says this is a "SQL Injection, abbreviated SQLIA, is a very sophisticated Web Attacking Vector."

Granted, anything taken in "plain text" sounds bad.

source: http://en.wikipedia.org/wiki/SQL_injection
 

Redd the Sock

New member
Apr 14, 2010
1,088
0
0
I wonder if these twerps realize how much damage they're doing to their own cause. This kind of activity is only going to put the hard clamps down on the internet, not make it more open. Then again, they seem like little sociopaths that have a beef with Sony and don't care that customers and employees are colatoral damage in their personal war, so I doubt they're really thinking far ahead.
 

Kopikatsu

New member
May 27, 2010
4,924
0
0
CrashertheSmasher said:
Why? Why wold they hack the again? I'm getting ready to get rid of my PSN account.
Sony Pictures (What got hacked) and Sony Games are two WHOLLY separate companies. Sony Games is probably nearing Fort Knox levels of protection, considering they've hired multiple security firms and completely recreated the PSN with a higher level of security.

Your PSN account is most certainly safe. A Sony Pictures account, on the other hand...
 

taciturnCandid

New member
Dec 1, 2010
363
0
0
Got bored and looked through the stuff that lulsec posted. I don't see any justification for what they did. In interest I looked at what type of passwords people were using. Dear god people, use more secure passwords! I mean seriously, 99% of those people had simple passwords. I thought they would use more security then sony, but I guess people just don't know how to be secure online.
 

Kopikatsu

New member
May 27, 2010
4,924
0
0
mojodamm said:
Kopikatsu said:
mojodamm said:
This alleged security breach, as far as I have been able to tell, hasn't even been verified by Sony yet (who at last check was 'looking into it'), so everyone is basically just taking as gospel the words of a group called Lulzboat? Really?
It helps that they regularly post all of the information they've gathered and it's a rather simple matter to check if the accounts/people are real or not.

One news network called an account's given phone number given by LulzSec and verified that it was genuine.
I can give you the phone number of any number of people and claim I hacked into secret-squirrel database to get it, but that doesn't make it true. Hell, I could give a news network my phone number and tell them to ask for so-and-so, and they'd never know the difference. Especially if some of the stories I've read tonight on various sites is indicative of people's ability to fact-check.

All I'm saying is that I'll reserve judgement until I get the facts, and not just heresy sourced by a Twitter feed.

Edit: Ah, I see you edited and clarified. Then perhaps there's more to this than I thought, and I'll await to hear what the target/victim has to say.

Thanks for the clarity.
Yeah, I forgot to add that last part and it was kind...relevant.

I generally don't claim things without fact checking, so I did download a few files from LulzSec to check their validity for myself, and...they're valid. This is just part of one of the files. (But this is staff info, so it wouldn't include addresses or phone numbers or anything. That would be in the user data...which they also posted. I didn't take any of those, though.)

TARGET: Sony BMG Music Entertainment Belgium [sonybmg.be]

[exposed sonybmg.be datbase]

NAME: dbSBPartnerBe

-- This target gave us LOLs as it provided internal release dates of records, barcodes, sales reports, and plaintext Sony employee passwords:

ID | EMAIL | USERNAME | PASSWORD

3 | [email protected] | Bert | vekens5
4 | [email protected] | Linde | SCH.oo
441 | [email protected] | jos | pau02
443 | [email protected] | customerservice | sonybmg
464 | [email protected] | willemien | sonybmg
468 | Sales | sonybmg
469 | [email protected] | jos | paulussen
479 | [email protected] | [email protected] | SqVjnKX2Ds

ID | EMAIL | USERNAME | PASSWORD

1 | Administrator | admin | SB.admin
2 | Generic User | sb_be | sb_gen_user
3 | Myra van Bladel | myra | bladel
4 | Joost Neelemans | joost | neelemans
5 | SCH.oo
6 | Willemien | willemien
7 | Kristin Willems | Kristin | _b2b_52qH
8 | Madelon Fennis | madelon | fennis

TABLE | COLUMNS

tmp_product_test | updaction ppd_new genre_ind5 genre_ind4 genre_ind3 genre_ind2 genre_ind1 price_code packing_units dvd_region genre boxset ppd lblcode status relweek confcode mmijnr conductor composer title artist barcode prefix suffix sender id
tmp_product_new | ppd_new genre_ind5 genre_ind4 genre_ind3 genre_ind2 genre_ind1 price_code packing_units dvd_region genre active pos type updaction boxset ppd lblcode status relweek confcode mmijnr conductor composer title artist barcode prefix suffix sender id
tmp_product | updaction boxset ppd lblcode status relweek confcode mmijnr conductor composer title artist barcode prefix suffix sender id
tbl_defaults | webmaster_email id_sub_themes id_sub_lan id
sub_type_press | descr name id
sub_themes | descr name id
sub_lan | short name id
sub_confcode_old | descr code id
sub_confcode | descr code id
sec_vars | verwachtdays releasedays id
sec_subcat | url name id_sec_maincat id
sec_sort | pos barcode id
sec_returns | entrydate remarks total_weight boxpallet number_boxes contact pickup ret_no country city pc number street company clientnr id
sec_request | entrydate email contactpersoon klantnaam bmgnr sonynr id
sec_maincat | name id
sec_descr_bu | entrydate priority rockoff b2c cinfo minfo_fr minfo_en minfo descr_fr descr_en descr item_doc item_image2 item_image barcode id
sec_descr | entrydate priority rockoff b2c show_tracks cinfo minfo_fr minfo_en minfo descr_fr descr_en descr item_doc item_image2 item_image barcode id
sec_actionrecords | ppd barcode id_prim_action id
ret_cred | bill_date tot_amount net_price ppd cred_qty ret_co artist_title profit_center cat_no order_no bill_no town cust_name cust_no id
ret_auth | sales_person rej_reason ref_bill_no ret_no lastsales_date auth_date ann_date total_amount net_price ppd auth_qty req_qty ret_code title artist cat_no del_city del_street del_name town cust_name cust_no id
product_group | child parent id
prim_product_bu | active pos pricecode boxset ppd label status releasedate confcode conductor composer title artist barcode itemnumber countrycode id
prim_product_ | active pos boxset ppd label status releasedate confcode conductor composer title artist barcode itemnumber countrycode id
prim_product | active pos pricecode boxset ppd label status releasedate confcode conductor composer title artist barcode itemnumber countrycode id
prim_page | entrydate type pagevalue descr name id
prim_news | entrydate active pdate descr_long descr_short title id
prim_links | language entrydate active descr link name id
prim_faq | answer question id
prim_contest | entrydate active ip optin comment bday gender email lastname firstname id
prim_concerts | entrydate entry_user active country classic jazz link descr ptime location city artist pdate company barcode ldar_artist id
prim_clients_new | status default_lan pass username contact company email clientnr id
prim_clients_bu3 | status default_lan pass username contact company email clientnr id
prim_clients_bu2 | status default_lan pass username contact company email clientnr id
prim_clients | code returns check status default_lan pass username contact company email clientnr id
prim_banner | item_image id
prim_b2b_mailingpress | entrydate descr title id
prim_b2b_mailing | entrydate descr title id
prim_auth | entrydate pass username name id
prim_action | entrydate active end start descr title item_doc id
lnk_auth_subcat | id_sec_subcat id_prim_auth id
dig_releases_tmp | title country config id
dig_releases_recip | entrydate code mobile nl email id
dig_releases_prio | entrydate prodno id
dig_releases_mailing | id
dig_releases_artist | artist id
dig_releases | id
bmg_Sec_Image | EntryDate Name PNumber ID
bmg_Prim_Text | EntryDate Date Active Marketinginfo Text Summary Headlines Name PNumber ID_Sec_Image ID
b2b_recippress | code language email id_sub_type_press name company id
 

Liudeius

New member
Oct 5, 2010
442
0
0
Donations? Paypal donations? I know there was something about getting names from Paypal with Geohot that caused a ruckus, but wasn't it donater names, not account owner names? He's making himself so easy to track...
 

sleeky01

New member
Jan 27, 2011
342
0
0
Kopikatsu said:
sleeky01 said:
Kopikatsu said:
sleeky01 said:
Kopikatsu said:
sleeky01 said:
You want a real challenge?

http://www.pbc.gov.cn/

Take your pick.
Uuuuuh...http://blogs.forbes.com/andygreenberg/2011/05/30/pbs-hacked-after-critical-wikileaks-show/
Oh for god sa...look at that link again would you?
...Oh. I mistook the 'c' as an 's'. My bad. Why would that site be difficult to hack, though?
Did you even look at the site I linked? Somehow I don't think you would be asking me that question if you did. Take a look again:

http://www.pbc.gov.cn/

If lulzdouche is looking to finance themselves and are looking for a challenge...
Yeah, I did. People's Bank of China. I don't get the challenge thing, though. Are Chinese Government sites supposed to be hackproof or something?
One would think a bank, let alone a Chinese bank, would have better security don't you think? If they are looking for money, there's the challenge.
 

OutforEC

Professional Amateur
Jul 20, 2010
427
0
0
-Dragmire- said:
I know nothing of hacking but the wikipedia page says this is a "SQL Injection, abbreviated SQLIA, is a very sophisticated Web Attacking Vector."

Granted, anything taken in "plain text" sounds bad.

source: http://en.wikipedia.org/wiki/SQL_injection
If there is honesty in the statement made by those that made the intrusion, the problem isn't necessarily with the mode of entry but the lack of basic encryption on data once inside.
 

Xanthious

New member
Dec 25, 2008
1,273
0
0
After the way Sony has shit all over their customers time and again it warms my heart to see them getting ***** slapped over and over. If they weren't locked down on all fronts like Fort Knox then they deserve to continually get hacked over and over. That being said I think it's unfortunate that innocent people are getting caught in the crossfire.

If what's being reported is true then Sony needs to be punished by the powers that be accordingly for the sheer negligence they are displaying over and over. They obviously do not believe that safeguarding their customers' sensitive information is of any kind of importance as is demonstrated by said information reportedly being stored in in an unencrypted manner and with almost no security in place.

I would really like to see Sony drug out in front of courts in countries across the globe and be made into an example of why you should keep customer information safe and secure.