WSJ is reporting that the AntiSec hackers known as LulzSec that have been horsing around the internet using SQL injectors to steal username and password have hit Apple’s servers and taken usernames and passwords.
The hackers said in a statement posted to Twitter that they had accessed Apple’s systems due to a security flaw used in software used by the Cupertino, Calif.-based gadget maker and other companies. “But don’t worry,†the hackers said, “we are busy elsewhere.â€Â A spokesman for Apple didn’t immediately respond to a request for comment. The posted information comes as part of a two-month campaign of digital heists targeting corporations including Sony Corp. and AT&T Inc., as well as government agencies such as the U.S. Senate, the Central Intelligence Agency and the Arizona Department of Public Safety.
However in a Previous postings by the group, titled “LulzSec into the iCloud,” they have claimed a much bigger bounty:
Some weeks ago, we smashed into the iCloud with our heavy artillery Lulz Cannons and decided to switch to ninja mode. From our LFI entry point,we acquired command execution via local file inclusion of enemy flee. Apache vessel. We then found that the HTTPD had SSH auth keys, which let our ship SSH into other servers. See where this is going? We then switched to root ammunition rounds.And we rooted… and rooted… and rooted… After mapping their internal network and thoroughly pillaging all of their servers, we grabbed all their source code and database password which we proceeded to shift silently back to our storage deck.
Nothing yet whether these info are true.
LulzSec, short for Lulz Security, the hacker group behind hacking the CIA, U.S. Senate, Nintendo, Sony and others. They took down the CIA’s website, hacked Sony’s servers, released sensitive documents from the Arizona state government and attacked the U.S. Senate’s website. While a suspected member of LulzSec was recently apprehended, the group claims he was not its leader.
The team claim that they intended to only operate for 50 days as an attempt to revive the AntiSec movement, which is opposed to the computer security industry.