Over the weekend, the Japanese game company Nintendo announced that it had been hacked a few weeks ago, but that the damage it suffered was minimal. A story in the New York Times reported that the server hacked had no consumer information resident, and that nothing of substance appeared to have been taken.
The Times story states that the hacker group LulzSec, which recently claimed credit for another hack of a Sony website late last week (and which was confirmed by Sony this weekend), also claimed credit for this intrusion.
Sony's stock prices fell this morning on the news of the latest hacking attack.
The LulzSec group also apparently broke into a Federal Bureau of Investigation (FBI) affiliate web site operating in Atlanta, Georgia, causing the FBI to shut the site down over the weekend. According to this article in the Atlanta Journal-Constitution:
"InfraGard Atlanta, a nonprofit partnership between local business, government and academic security experts and the FBI, was hacked late last week by Lulz Security. LulzSec, as it’s known on-line in cyber security channels, hijacked the InfraGard site and published the email addresses, usernames and passwords of its 180 members."
LulzSec also hit PBS last month as well.
Of more serious implications is the New York Times story on Friday that reports that Lockheed Martin claims it has proof that the hackers who attacked its networks were using stolen SecurID tokens taken during the cyber attack on RSA in April. RSA did not dispute Lockheed Martin's findings, the Times stated.
This latest information should place all 30,000 companies and 40 million users of SecurID on notice that they may be much more vulnerable than they were led to believe.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.