LulzSec hackers strike Nintendo, FBI affiliate & a security firm

LulzSec, the hacker group that had their “fun” with PBS.org, Sony Pictures, and Sony BMG’s unsecured servers and data last week, had a very busy weekend with some new, high-profile targets.

The group has breached servers belonging to Nintendo, non-profit FBI affiliate organization InfraGard, and has been harassing the owner of botnet-tracking security company Unveillance.

“We’re not targeting Nintendo. We like the N64 too much… This is just for lulz,” LulzSec explained on their Twitter feed last week. On Sunday, they added, “…we just got a config file and made it clear that we didn’t mean any harm. Nintendo had already fixed it anyway.”

Nintendo spokesperson Ken Toyoda confirmed that the breach had occurred and denied that any user data had been compromised.

LulzSec then moved on to FBI affiliate InfraGuard’s Atlanta chapter, reportedly in response to the US government’s announcement that they were moving to make hacking equivalent to an act of war. The group got away with less than 200 names and passwords, after defacing the organization’s website. However, that little bit of data was enough to fuel the hacker’s next web mayhem adventure.

“One of them, Karim Hijazi, used his InfraGard password for his personal GMail, and the GMail of the company he owns. ‘Unveillance’, a whitehat company that specializes in data breaches and botnets, was compromised because of Karim’s incompetence,” a LulzSec representative explained. “We stole all of his personal emails and his company emails. We also briefly took over, among other things, their servers and their botnet control panel.”

Hijazi claims that he had been harassed by LulzSec members a few weeks prior to the attack.

“In spite of these threats, I refused to pay off LulzSec or to supply them with access to this sensitive botnet information,” Hijazi said in a statement. “Had we agreed to provide this data to them, LulzSec would have been able to grow the size and scope of their DDoS attack and fraud capabilities. Plain and simple, I refused to comply with their demands. Because of this, they followed through in their threats – and attacked me, my business and my personal reputation.”

Despite all of this high-profile activity, the LulzBoat is still sailing strong. “Nobody arrested, no significant logs leaked, website up, twitter up, Pirate Bay account up, IRC up, Lulz Boat sailing… victory for us,” the group tweeted Monday morning. They are now also keeping a running record of their conquests on their website.

Who will the group hack next? It likely won’t be long until LulzSec strikes again.