The Public Broadcasting Service web site was defaced over the weekend with the hackers posting fake stories about Tupac Shakur being alive and in New Zealand.
The attackers were a group called Lulz Security, which runs a twitter feed called the Lulz Boat. Besides defacing the site, they also posted the passwords and logins of the PBS affiliates. The attack was ostensibly in response to a story PBS ran on its Frontline series, about Wikileaks. The segment delved into the involvement of Bradley Manning, a young marine who is accused of leaking classified information to Wikileaks. PBS regained control of the site by Monday morning.
On the site pastebin.com, the Lulz Boat hackers wrote: Greetings, Internets. We just finished watching WikiSecrets and were less than impressed. We decided to sail our Lulz Boat over to the PBS servers for further... perusing. ... Anyway, say hello to the insides of the PBS servers, folks. They best watch where they're sailing next time.
The attack was done through an SQL injection, which involves sending code to another computer (often through a web site) that changes the way the host computer handles a database. Often the code is sent through special characters that the receiving computer sees as commands rather than ordinary data such as a user name.
Chester Wisniewski, a senior researcher at Sophos Labs, wrote on his blog that the attack was not necessarily a very skilled one. He also noted that the same group attacked Sony Music's Japan site a few days earlier. Lulz Security doesn't appear to be looking for financial gain, just mayhem, Wisniewski wrote.