Hackers hit Sesame Street's original 'home'

Not even the original home of the children's educational show "Sesame Street" was spared from the attacks of hackers out to make a political statement. Hacker group LulzSec attacked the Public Broadcast Service site, and posted links of its handiwork on its Twitter account (@lulzsec) on Monday afternoon (Manila time). "Their motive? Mayhem. They took offense at a portrayal of Bradley Manning in a segment on PBS's Frontline news magazine program and decided to attack the broadcaster," security firm Sophos' Chester Wisniewski said in a blog post. PBS is a American public television network which was one of the first to air "Sesame Street." Aside from "Sesame Street," it has also broadcast programs on a wide range of topics —including a documentary on Wikileaks that was the apparent target of @lulzsec's "hacktivist" attack. Wisniewski said that the hackers dumped SQL databases through a SQL injection attack, and injected new pages into PBS's website. "What's wrong with @PBS, how come all of its servers are rooted? How come their database is seized? Why are passwords cracked? :(" LulzSec said in one of its Twitter messages. The group also hinted it would attempt to get PBS' home page, with the message, "stay tuned in case we get pbs.org itself." It even posted what it claimed were the usernames and passwords of database administrators and users, as well as login information of PBS local affiliates, including their passwords (http://pastehtml.com/view/avf0xtvun.html) and (http://pastehtml.com/view/avetuy7rz.html). "While PBS is the victim here, the passwords disclosed for most affiliates are embarrassingly predictable," Wisniewski said. He added the attack is nearly identical to the recent attack against SonyMusic.co.jp., Sony Music's Japan website. Wisniewski said LulzSec likely used the same tool to attack the Sony website, although far less sensitive information was disclosed in the Sony attack. On the other hand, he said it was "unfortunate" that PBS was vulnerable to this kind of attack and even worse that so many passwords were stored in clear text. "Revealing this information is criminal and there are certainly more respectable ways of disclosing flaws than exposing so many users' passwords," he said. "Whether you are related to political causes or not, an easy way to ensure you aren't the next victim is to make sure that you protect the information you are entrusted with. Data stored insecurely is a bomb waiting to detonate. Security must be a proactive attitude because reacting is simply too dangerous," he added. Wikileaks row The incident stemmed from the PBS documentary "WikiSecrets: The inside story of Bradley Manning, Julian Assange and the largest intelligence breach in U.S. history," which did not speak kindly of Wikileaks, a PC World story said. PC World said that this may be another case of "hacktivism," in which hacker-tivists showed solidarity with Wikileaks and what they collectively perceive to be a violation of free speech and an attempt to obscure the truth. Fake news: Tupac alive On Sunday night, visitors to PBS' Newshour website read the news that famed rapper Tupac Shakur had been found “alive and well" in New Zealand. But Tupac died in 1996. The false story was indexed by Google News, and spread rapidly through Facebook and Twitter, even after PBS pulled it down. “Again, our site has been hacked — please stay with us as we work on it," read one of the Newshour’s several tweets responding to the incident Sunday, according to an article on "Wired" (http://www.wired.com/threatlevel/2011/05/lulzsec/). — TJD, GMA News