LulzSec plans to release trove of News Corp e-mails

“If you value your privacy you need to actively participate by choosing who you share your information with carefully and selecting secure passcodes and PINs to protect your information.” — Chet Wisniewski, Sophos

By Byron Acohido, USA TODAY, 22July2011, Page 1B

A group of hackers that has bedeviled companies and governments all summer emerged Thursday as a potentially explosive wild card in the British tabloid scandal.

On Thursday, hacktivist group LulzSec claimed, via Twitter postings, to be in possession of a 4-gigabyte cache of archived e-mails stolen from News Corp., the media giant accused of hiring hackers to break into the cellphone voice mails of murder victims, celebrities and 9/11 victims.

However, with law enforcement stepping up arrests of alleged members of the notorious Anonymous hacking cooperative, LulzSec’s leaders indicated they had no immediate plans to publicly post any of the stolen e-mails, at least not yet. The group claims to be working with a select group of media outlets to release the trove of News Corp. e-mails in due course.

Murdoch

Doing so could further escalate the tabloid scandal, as well as the scrutiny surrounding News Corp. CEO Rupert Murdoch. The e-mails could shed light on whether senior News Corp. executives truly had no knowledge of the voice-mail snooping, as they claim, says Josh Shaul, chief technical officer at Application Security.

LulzSec appears to be sitting “on a treasure trove of e-mails that could have a massive impact on the ongoing investigations of Rupert Murdoch’s empire,” says Shaul.

The group’s leaders indicated they aren’t posting the e-mails now because they do not wish to disrupt ongoing investigations of News Corp. by Scotland Yard and the FBI. But fear of getting arrested was likely a factor, security experts say. Authorities this week collared several alleged members of Anonymous in the U.S. and Europe. LulzSec reportedly splintered from Anonymous.

Given the continuing global spotlight on News Corp., hacktivists aren’t likely to steer clear of the corporation for long, says Kurt Baumgartner, senior researcher at Kaspersky Lab. “It’s quite possible that more hacktivists will target related Web properties and resources,” he says. “The attention is now there.”

Shaul

More revelations about the extent of News Corp.’s hacking for business reasons is likely to stir hacktivists back into action. “This all proves that the corporate world has underinvested and underperformed on security,” says Shaul. “Enterprises and governments are just not protecting data right now.”

Earlier this week, members of LulzSec ended a self-imposed hiatus to crack into News Corp.-owned newspaper websites The Sun and News International. LulzSec redirected visitors to The Sun’s website to a fake news story about Murdoch’s death.

Why should any care about this? The ironic clash of ideological hacktivists and unscrupulous corporations makes for great drama. But it also underscores that consumers need to take steps to protect themselves online. If you’re at all concerned about being hacked by a corporation, or about having your personal information swept up and made public as part of a broad hacktivist attack, you need to take proactive steps, says Chet Wisniewski of anti-virus firm Sophos.

It won’t be convenient, but there are ways to make your  Web-connected devices and online accounts much more secure than they usually come in default configurations.

“If  you value your privacy you need to actively participate by choosing who you share your information with carefully and selecting secure passcodes and PINs to protect your information,” says Chet Wisniewski of anti-virus firm Sophos.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone