EVE Online and other gaming websites hit by LulzSec DDoS attack

EVE OnlineEVE Online, the popular sci-fi multiplayer online game, is amongst the latest websites to have been attacked by the LulzSec hacking group.

In an operation dubbed “Titanic Takeover Tuesday”, LulzSec instigated a distributed denial-of-service (DDoS) attack that swamped EVE Online’s web servers and forced makers CCP Games to take the site completely offline for some hours yesterday.

Also hit were Escapist magazine’s website, and online games Minecraft and League of Legends, as the hacking group appeared to take requests from online fans regarding which sites they would like to see hit next.

EVE Online

There don’t appear to be any rhyme or reason behind these latest LulzSec attacks against gaming websites – they appear to be motivated purely for the group’s own entertainment, at the expense – obviously – of the gaming companies and customers affected.

LulzSec tweet

What is clear is that these attacks (and earlier ones by the group against FBI affiliates, Sony and others) are gaining a lot of attention from the media, and as such must have garnered the attention of the computer crime authorities.

If LulzSec is going to carry on having its “fun” it will need to be very careful that it isn’t leaving clues as to the identities of its individual members.

LulzSec attacks US Senate and Bethesda Softworks

LulzSec ASCii artApparently committing crimes for the “lulz” is still entertaining for the group known as LulzSec.

They announced their latest conquests around 12:30pm PDT today, senate.gov and Bethesda Softworks.

Nothing terribly secret was lost in the breach of the US Senate’s web server. LulzSec posted some basic information on the filesystems, user logins and the Apache web server config files.

The also dumped a directory listing of what appears to be every single file on the server. Under the Computer Fraud and Abuse Act this hack could earn someone 5 to 20 years in prison, if convicted.

At the end of their post LulzSec appears to be taunting the American authorities…

"This is a small, just-for-kicks release of some internal data
from Senate.gov - is this an act of war, gentlemen? Problem?

- Lulz Security"

They also attacked Bethesda Softworks, the makers of Quake, Fallout, Doom, Elder Scrolls and other big name video games.

Fallout logoIt is unclear why LulzSec decided to attempt to embarrass yet another video game company other than to show off.

They made a statement on their website suggesting they needed to prove they were better hackers than the group who recently hacked the website of Bethesda’s new game Brink.

It is difficult to explain random acts of sabotage and defacement, so I am not going to attempt to get into the heads of those behind these attacks. About the only take-away is that it’s best to secure your web assets against these types of attacks before rather than after.

Codemasters warns customers after hackers steal data

Codemasters gameCodemasters, the UK-based video game development company, has fallen foul of hackers, who have broken into their network and stolen customer information.

In an email sent to customers, Codemasters explained that the intrusion was detected on Friday June 3rd, and users are urged to change their online passwords and keep an eye open for scams which might exploit the stolen information.

Email to Codemasters customers

Names, addresses, usernames, dates of birth, telephone numbers, gamer tags, and encrypted passwords are just some of the pieces of information stolen by the hackers. Fortunately, the firm assures customers that credit card information was not included in the hackers’ haul, but the data which was exposed would be of value to phishers and other online criminals.

It’s clearly a serious problem, even if some online gamers are trying to see the funny side:

Sam Robson

I see Codemasters have been hacked now. Luckily the hackers already have all my details from my PS3…

In response, Codemasters has shut down its website – obviously fearful that it could be breached again before its security has been properly assessed – and visitors are now redirected to the firm’s Facebook page instead.

Codemasters Facebook page

Sophos recommends that Codemasters customers change their passwords as quickly as possible – not just for the Codemasters website, but also on any other website where you might have been using the same password.

And it’s essential that you choose a strong, unique password.

Not sure what a strong password is, or why it’s important you should choose a unique one? Watch our video.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Unfortunately, many internet users have chosen to use the same password on multiple websites. So if your password was stolen during the Codemasters hack, it could then be used to unlock many other online accounts – and potentially cause a bigger problem for you.

So always use unique passwords.

Furthermore, computer users should ensure they don’t use dictionary words as passwords as it is relatively easy for hackers to figure these out using electronic dictionaries that simply try out every word until they get the right one.

If video doesn’t float your boat, here’s a podcast where we talk around the issues of password security:

Even if you’re not a Codemasters customer, it still makes sense to ensure that all of your passwords are strong and unique.

Hat tip: Thanks to Naked Security reader Paul for sending us a tip about the Codemasters breach