A new burst of hacks has left companies and government organizations picking up the pieces.
Earlier today, The Hacker News reported it had received a message from hacking group Pakistan Cyber Army, claiming the PCA had hacked an Acer Europe server and stole sensitive information. The publication posted a screenshot of the data reportedly collected, which included the personal information of 40,000 customers, including their names, addresses, phone numbers, e-mail addresses, and the names of products they had purchased.
According to The Hacker News, the PCA plans to release more data within the next 24 hours, and will follow that up with a press release discussing its reasons for hacking Acer's Europe division.
Acer did not immediately respond to a request for comment.
Not to be outdone, Anonymous, which made headlines last year by hacking financial institutions and other sites in defense of WikiLeaks founder Julian Assange, recently made public more than 10,000 e-mails it stole from Iran's Ministry of Foreign Affairs. According to the International Business Times, which cited a source who viewed the documents, most of the files are passports and visas, and relate to an "oil meeting."
But Anonymous hasn't stopped there. The organization has also launched a new operation it's calling Op NATO Black Fax/E-mail Bomb. Users can surf to the OpNATO page and send a free prewritten fax to the North Atlantic Treaty Organization in defense of Anonymous. The organization has posted a list of fax numbers to the page, and has asked supporters to send "as many [faxes] as you can" to those numbers.
"It has come to our attention that you have classified Anonymous a 'potential threat to the security of [your] member states,' and that you seek retaliation against us," reads the letter to NATO, which is made up of the U.S., Canada, and the U.K., among other countries. Anonymous goes on to ask the member nations to "retaliate against us in any manner you choose." However, even if some of its members are jailed, the letter reads, the nations will find "that Anonymous continues to live on."
Anonymous' letter ends with a threat.
"Think carefully before you continue from here," the letter reads. "You still have the power to stand up for good. Do NOT come between us and our freedom. You have been warned."
Other hacking groups have been busy, as well. Earlier today, a hacker known only as "pr0f" posted the e-mails and passwords of more than a hundred United Arab Emirates government employees. However, the hacker said the list was "historic" and that the e-mail passwords were not current.
Even British intelligence officials have gotten into the mix. According to a Daily Telegraph report yesterday, MI6 hacked into an al-Qaeda online magazine recently and replaced bomb-making techniques with recipes on making "The Best Cupcakes in America."
The latest string of hacks started in earnest in April when hackers launched a sophisticated attack against Sony's PlayStation Network and Qriocity services. The hackers also breached Sony Online Entertainment. After discovering the breach, Sony was forced to take the services down. The company reported that the personal information of more than 100 million users had been exposed. Sony reassured users at the time that credit card data was encrypted. It has also said no identity theft has been reported because of the breach.
So far, Sony hasn't been able to pinpoint who overcame its defenses, but the company did find a file named "Anonymous" on its servers. That file contained part of the hacking organization's slogan: "We are legion." Anonymous has said it was not responsible for the Sony hacks. It did acknowledge, however, that some of its members might have acted independently to attack Sony.
Though Sony might have hoped it was out of the woods following the PlayStation Network breach, the company still faces attacks from hackers. Just yesterday, a hacking organization called LulzSec posted links on its Twitter account to data it had stolen from Sony's internal networks, as well as from the networks of Sony Pictures, Sony Music Belgium, and Sony Music Netherlands.
"We recently broke into SonyPictures.com and compromised over 1 million users' personal information, including passwords, e-mail addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts," LulzSec wrote on Pastebin, the site where it posted some data. "Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 'music codes' and 3.5 million 'music coupons.' "
The group claimed the data was not encrypted and had been left for the taking. Sony confirmed the attack this evening, saying it had contacted the FBI in an effort to track down the individuals who posted the data.
LulzSec's attack on Sony was the second major hack the organization engaged in over the past week. This past weekend, the group showed off its hacking ability by engaging in what it called a "fun battle" with the Public Broadcasting Service. LulzSec posted a fake news story on the PBS site, saying that musical artist Tupac was still alive, and reportedly published log-in data for the PBS workforce. The hack was a response to an airing of a PBS "Frontline" episode called "WikiSecrets" that presented WikiLeaks in a somewhat unfavorable light.
The LulzSec hack followed a statement earlier this week from Google claiming it had "detected and disrupted" a phishing attack that attempted to give the hackers access to hundreds of Gmail accounts belonging to senior U.S. government officials. Google said it believed the attacks originated from Jinan, China, but stopped short of blaming the Chinese government.
The U.S. government has denied that state-run e-mail accounts were hacked, but it has launched an investigation into the possibility of officials' Gmail accounts being targeted.
"Speaking on behalf of the U.S. government, we're looking into these reports and seeking to gather the facts," Caitlin Hayden, deputy spokesperson for the National Security Council, said in a statement to CNET yesterday. "We have no reason to believe that any official U.S. government e-mail accounts were accessed."
Update, 7:52 p.m. PT: Updated to include Sony's confirmation of the Lulzsec attack.