Hacking collective LulzSec did breach Sony Pictures, the company has admitted, but the group has now announced that it is targeting law enforcement, and appears to have broken into an FBI subsidiary.
LulzSec defaced the PBS web site earlier this week with a fake story about Tupac Shakur, after it aired a documentary about WikiLeaks. Yesterday Sony Pictures admitted that it too had been successfully attacked.
"We have confirmed that a breach has occurred and have taken action to protect against further intrusion. A respected team of outside experts is conducting a forensic analysis of the attack," Sony Pictures said in a statement.
"In addition, we have contacted the FBI and are working with them to assist in the identification and apprehension of those responsible for this crime."
LulzSec claims to have harvested the unencrypted account details of a million Sony customers, along with 75,000 music codes and 3.5 million music coupons. However, the group has now turned its attention to government.
"NATO and our good friend Barrack Osama-Llama 24th-century Obama have recently upped the stakes with regard to hacking," LulzSec said in a statement.
"They now treat hacking as an act of war. So, we just hacked an FBI affiliated web site (Infragard, specifically the Atlanta chapter) and leaked its user base. We also took complete control over the site and defaced it."
The web site was taken down, but is back up. The group claims to have harvested around 180 account details and passwords from the organisation, some of which were used to secure other accounts.
One of these belonged to Karim Hijazi, chief executive of botnet monitoring firm Unveillance, who has confirmed that it was attacked.
"Over the last two weeks, my company, Unveillance, has been the target of a sophisticated group of hackers now identified as LulzSec," Hijazi said in a statement.
"I was personally contacted by several members of this group who made threats against me and my company to try to obtain money as well as to force me into revealing sensitive data about my botnet intelligence that would have put many other businesses, government agencies and individuals at risk.
"In spite of these threats, I refused to pay off LulzSec or to supply them with access to this sensitive botnet information."
Hijazi posted transcripts of his conversation with the hacking group on IRC, in which LulzSec demanded money in exchange for not posting data from the firm publicly. Hijazi contacted the FBI and US-CERT immediately and did not pay them.
LulzSec issued another statement in response, denying extortion and claiming that the conversations were to expose the company as one that would deal with hackers.
Children as young as four to be taught about the dangers of social media
Bans already issued to hundreds of players who used offensive language
The site is perfectly situated for launching small satellites into orbit
Delegates at the ESOF 2018 conference were warned that their perceptions of the digital age were coloured by private industry