Bethesda and US Senate sites hacked, data published

By on June 13, 2011, 3:33 PM

Bethesda is encouraging users to reset their passwords following a weekend security breach on the company's servers. In a blog post today, the developer explained that although no personal financial information or credit card data was stolen, the hackers have gained access to usernames, email addresses and passwords for all of the company's websites, including its community forums and Brink statistics site.

Bethesda didn't outwardly accuse any person or party for the attack, saying only that a "hacker group" is responsible. However, Lulz Security (LulzSec), the folks behind the recent Sony Pictures breach, have claimed accountability for the act. Through its Twitter account, the group admitted to having its sights set on Bethesda yesterday, and in fact has been poking around on the company's network for more than two months.

In its usual fashion, the group has released some of the swiped data via BitTorrent. When the group hacked Sony Pictures, it offered tons of sensitive user information along with Sony music coupons, the layout of Sony's database and more via BitTorrent. In that particular case, LulzSec gained entry with a simple SQL injection and found sensitive user data including addresses and passwords stored unencrypted.

It doesn't seem like Bethesda was quite as feeble, but LulzSec still snuck in. "Some weeks ago, we smashed into Brink with our heavy artillery Lulz Cannons and decided to switch to ninja mode. From our LFI entry point, we acquired command execution via local file inclusion of enemy fleet Apache vessel. We then found that the HTTPD had SSH auth keys, which let our ship SSH into other servers. See where this is going?"

"After mapping their internal network and thoroughly pillaging all of their servers, we grabbed all their source code and database passwords, which we proceeded to shift silently back to our storage deck." The torrent includes everything LulzSec swiped -- except the data of more than 200,000 Brink users. In a peculiar nod of respect, the group said it actually liked Bethesda and wanted to give it "one less thing to worry about."

Along with releasing Bethesda's data, LulzSec has published some internal data from Senate.gov. This follows less than a month after the US warned hackers that it would respond to cyber-attacks as any other hostile threat, including military force if deemed necessary. Just last week, the hacker collective Anonymous essentially told NATO to back off. "Do not make the mistake of challenging Anonymous," the group said.




User Comments: 22

Got something to say? Post a comment
Xclusiveitalian Xclusiveitalian said:

This is crazy how no-one is safe on the internet anymore and these guys/gals are like a elite Independence special force going around attacking wherever it wants. They may be able to change Sony but I don't think them or anyone else can change how horrible and corrupt our government is tho =p

Trillionsin Trillionsin said:

Very interesting.. I think I am starting to see the new trend, and I'm curious to see where its going.

Guest said:

Governments are love to control the information and how the people act within their borders.

All this hacking will force governments to introduce various cybersecurity laws that intrude on our rights to a free Internet.

gwailo247, TechSpot Chancellor, said:

Yeah, way to show those stupid Bethesda customers who's boss.

I'm really lost here. How exactly is any corporation getting screwed over here? So far all I see is people not being able to play games, people worry that their accounts are going to get hacked. Who exactly is this supposed to benefit?

What will probably happen, is that the US Gov't is going to introduce some kind of draconian database safety measure, which will require each one of us 2 minutes to log into any account, and then probably have to pay 20 bucks a month for the enhanced security.

If they have some master plan to actually help rather then screw over the public, I'm waiting to hear it.

amstech amstech, TechSpot Enthusiast, said:

Todays Government is still functioning with 30 year old principles.

Obviously, they do not work today and haven't for quite some time now.

The problem is, people making the rules don't remotely understand the complexity of computers, code/technology and what they are capable of.

You cannot top pure passion, if your smart you will hire one of these guys and pay them good, RIT don't graduate pro-hackers, society does. These guys know everything there is plus some and this is about the value of information...and if you think you know more then they do, just try them Uncle Sam.

You will lose.

gwailo247, TechSpot Chancellor, said:

amstech said:

You will lose.

Like Mob lost? The gov't has money and prisons. People like money and fear prisons. Multiple murderers testify to avoid prison, well knowing that they'll be killed by their former friends. You think hackers are going to show more balls in not turning over their friends?

Besides, they can probably invoke some Patriot Act provision and force the ISPs, etc, to turn over the data.

All they have to do is declare Anon a terrorist group. At that point they can do whatever they please to them, their families, etc.

Guest said:

China recently admitted they have a specialized cyber warfare unit of elite hackers which leads me to believe the US has their secret elite hackers too. So do other governments.

TomSEA TomSEA, TechSpot Chancellor, said:

These jackasses need to die in a fire.

Burty117 Burty117, TechSpot Chancellor, said:

gwailo247 said:

All they have to do is declare Anon a terrorist group. At that point they can do whatever they please to them, their families, etc.

But surely if they did, doesn't that mean anyone talking "anonymously" on the internet is part of a terrorist group? sometimes I simply don't want to sign up again to another site to simply leave a lost about one story they have and use the "anonymous" account to do that! does that then make me part of this group? the problem is that these guys are true to their name, no one really knows anything about the group and no one knows where even half of them are, I'm pretty sure declaring them a terrorist organisation is stupid.

TekGun TekGun said:

So basically there are a lot of companies holding sensitive customer data with poor security, I guess they have more important things to spend their profits on.

It does make you wonder who it will be next...

Guest said:

I don't think many people understand the section about domestic terrorism and it would be good to introduce this into the discussion:

SEC. 802. DEFINITION OF DOMESTIC TERRORISM.

(a) DOMESTIC TERRORISM DEFINED- Section 2331 of title 18, United States Code, is amended--

(1) in paragraph (1)(B)(iii), by striking 'by assassination or kidnapping' and inserting 'by mass destruction, assassination, or kidnapping';

(2) in paragraph (3), by striking 'and';

(3) in paragraph (4), by striking the period at the end and inserting '; and'; and

(4) by adding at the end the following:

'(5) the term 'domestic terrorism' means activities that--

'(A) involve acts dangerous to human life that are a violation of the criminal laws of the United States or of any State;

'(B) appear to be intended--

'(i) to intimidate or coerce a civilian population;

'(ii) to influence the policy of a government by intimidation or coercion; or

'(iii) to affect the conduct of a government by mass destruction, assassination, or kidnapping; and

'(C) occur primarily within the territorial jurisdiction of the United States.'.

(b) CONFORMING AMENDMENT- Section 3077(1) of title 18, United States Code, is amended to read as follows:

'(1) 'act of terrorism' means an act of domestic or international terrorism as defined in section 2331;'.

matrix86 matrix86 said:

From this day forth, 2011 shall be considered "The Year of the Hacker".

stewi0001 stewi0001 said:

I give the Gov't a week to counter. If nothing happens, then that's just sad on the Gov't

Cota Cota said:

Even how much i LOVE Bethesda well they got owned, and good thing Lulz didnt posted private data this time.

Dear LulzSec even if you do this for the lulz (and to prove companies are far from being secure) pls dont post users personal stuff Far from that keep the lulz coming =D

Timonius Timonius said:

so much conspiracy fuel. These increased 'reports' of hacker activity can be publicity stunts, the real thing, clever social engineering, etc. Still it would be a good idea to regularly change passwords. The problem is with all these user accounts that we 'have' to sign up with, are we going to remember all of them? I've got a decent memory, but I know some people who constantly forget passwords or use other non-secure methods (like *gasp* writing it down!) to assist them.

captaincranky captaincranky, TechSpot Addict, said:

Historically, from time to time. outlaws have enjoyed the support and acclaim of the public. Take for example Jesse James and others. The public is fickle, and has this secret deisre to "stick it to the man" Myself, I just like to kick back and hope that the people who are clamoring for more hacking attacks, and deifying groups like "anonymous", will get their just desserts, by having their personal information stolen, their computers infected with a bot email program. Mark my words.

The problem with "anonymous" being "anonymous", is that every clown, troll, and hormonally dysfunctional 13 year old game boy, will start posting all this crap about, "we are anonymous, we don't...blah, blah, blah". That assumes that they haven't already. Power corrupts, and any organization is susceptible to it, mark my words.

And yes, the US government is corrupt, as is every government on the planet. That's unfortunately a given. Why? Because power corrupts. I told you to mark my words.

China recently admitted they have a specialized cyber warfare unit of elite hackers which leads me to believe the US has their secret elite hackers too. So do other governments.
Well indeed they did, read about it here: http://www.techspot.com/vb/topic165884.html Thanks for the heads up anyway.

Guest said:

God they are playing with fire. Eventually they will get cocky and try and hack the FBI or the DoD and all hell will break loose.

Guest said:

i agree with TomSEA...although crucifixion is making a comeback...

and to all the ****** who have been defending these losers as "fighting for freedom and anti-censorship"; you are kidding yourselves. these are pasty faced 30 year old virgins who are tired of the being losers and want to pretend like they are something.

treetops treetops said:

Its almost like this group is out there to try and make the noble anonymous look bad.

slamscaper slamscaper said:

So... The US government issues a statement recently stating that they can and will use military force if they catch some hacker group stealing any of their sensitive information.

Lulzsec sees this as a "challenge" of course, so they hack the senate (and Bethesda just for the Lulz).

To Lulzsec: You should heed the words of the US government. It's all fun and games until they drop a bunker buster on your house. Believe me, they will not hesitate to strike you if they feel threatened, and they most certainly will not do this for the "Lulz".

jonelsorel said:

Gotta love the part "we're gonna bomb you if you hack us". No sane mind would ever make such a statement unless he/she only envisioned the US getting hacked by some lonely nerd living in a tent/cave in Iran or Northern Korea.. But what if the hackers live in densely populated areas called cities IN the US, Britain, Germany, France, etc? Will you declare war on those countries while at it? Cause it surely won't work like Syria did (what would the world do without Nato).

Then again, this is the best of US military intelligence. Props for keeping this oxymoron alive and kicking!

Guest said:

Remember these 3 words: problem, reaction, solution

An example:

Problem: hacking that appears to be rampant with no low-level government or corporation safe

Reaction: people start to worry about their personal information and whether there are terrorists trying to steal government information

Solution: introduction of Draconian cybersecurity laws that infringe on the rights of a free Internet for all.

Maybe the governments are purposely letting these things happen for the end result that they desire.

slamscaper, they don't need to drop a bunker buster on a hacker's house. The US intelligence agencies have assets that kill the person and make it look like a suicide or accident.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.