The hacking group known as LulzSec hit its latest target over the weekend: the U.S. Senate.
In an attack confirmed to the media by a Senate representative, LulzSec broke into the Senate's Web site and was able to gain access to the server's directory and file structure, the contents of which the group published on its own site.
In response, the government initiated a security review but so far has determined that network security was not compromised and that no user information was breached.
"The intruder did not gain access into the Senate computer network and was only able to read and determine the directory structure of the files placed on Senate.gov," the Senate's Office of the Sergeant at Arms said yesterday in a statement released to AFP and other news services. "That server is for public access on the public side of the Senate's network firewall, and any files that individual Senate offices place there are intended for public consumption." The Office of the Sergeant at Arms is the law enforcement body for the Senate.
The Web site of the hacking group, which is also known as Lulz Security or Lulz, boasted of its attack against the federal government:
We don't like the US government very much. Their boats are weak, their lulz are low, and their sites aren't very secure. In an attempt to help them fix their issues, we've decided to donate additional lulz in the form of owning them some more!
This is a small, just-for-kicks release of some internal data from Senate.gov - is this an act of war, gentlemen? Problem?
The group's "act of war" question is a not-so-subtle reference to recent reports that the U.S. would consider a cyberattack an act of war, and one potentially inviting a response using conventional military forces or weapons.
LulzSec, whose name is a derivation of "LOL," has been busy lately breaking into other prominent sites, including those of Sony, Nintendo, and FBI partner InfraGard Atlanta. PBS, video game maker Bethesda Softworks, and porn site Pron.com have also been among the recent victims of LulzSec attacks.
LulzSec seems to enjoy stirring up trouble by taunting companies through its actions. But beyond breaking into sites apparently for sheer fun, LulzSec claims its attacks against sites such as InfraGard Atlanta are also a direct response to the policy classifying cyberattacks as acts of war.