LulzSec claims to have hit the CIA this week, and may also have again penetrated web security at the Senate’s website, and an earlier LulzSec leak of over 20,000 usernames and passwords was confined to pornographic websites–headline-earning efforts indeed. But today’s 62,000-plus list actually doesn’t mention which site the passwords and login credentials are connected to. Its tweet announcing the leak simply says, “And as always, LulzSec delivers,” then links to a file-locker site containing the password file, before adding “62,000+ emails/passwords just for you. Enjoy.” A later tweet noted pleasure at the ensuing “carnage.”
With this new action, LulzSec is again pointing out the security weaknesses of the sites it obtained the login codes for (which are being reported around the web as relating to online properties as diverse as the game World of Warcraft, and Gmail). But this time it’s actively encouraging users to try out the hacked logins at random across the web, and that’s a very different thing–its almost pushing a mass-hacking agenda.
And there’s a problem: You as a Net user don’t know what the content of this file is unless you download it. So if your online presence is extensive and you’re worried your data may be among the leaked list, the only option is to download it yourself and search for text that matches your logins–and ignore the gray area of legality of downloading this file full of clearly stolen data (which you can bet security forces are monitoring, in an attempt to identify LulzSec members).
Playing with the web presence of the CIA is one thing, but potentially hurting 60,000 people (who’s only role in the affair is to have had their logins stolen from sites with compromised security) suggests that LulzSec–or possibly just a subset of what’s assumed to be an amorphous entity–has decided its ill-defined agenda needs an aggressive, anarchic edge.