You might be tempted to think that LulzSec, as hacking groups go, seem kind of youthfully exuberant and even a bit cuddly. As one of their tweets says:
“We love Nintendo and Sega, if anything we’d hack *for* them. If you’re listening Nintendo/Sega, you, you uh… you want Sony hacked more?”
Oh, those kids…
The chances are, though, that Nintendo won’t be going that route. Certainly they won’t if they’ve been following the story of how LulzSec allegedly hacked FBI affiliate Infragard and then used that as a stepping stone to applying pressure to Unveillance. Karim Hijazi, CEO of Unveillance, claims that they made determined efforts to extort money and intelligence data from him. LulzSec claims in response that he offered them money to keep quiet and even to work with him to undermine his competitors, and that they strung him along because they were planning to expose him publicly. Well, even if you believe that was so, that’s an entrapment story that’s not going to persuade Nintendo that LulzSec are the right people to go into some sort of black ops partnership with.
Obviously, I don’t have any privileged insider knowledge of Nintendo’s network and security arrangements. I doubt if LulzSec has any knowledge of their internal systems, either, apart from whatever they might have managed to glean from an external attack. Of course, there’s always the possibility of a system misconfiguration, poor password practice, or an unaddressed vulnerability that would give our little charmers a loophole to wriggle through.
My guess is, though, that if they’d found such a loophole, they would have made full use of it. Instead, the only juicy data they seem to have got hold of is an “interesting,” but hardly glamorous configuration file, via something that “Nintendo had already fixed … anyway.” I certainly don’t have privileged knowledge of LulzSec, either, so I don’t know if they really have more reason to target Sony than they do Nintendo. Could it be just that Sony is a softer target?
Nonetheless, if I were Nintendo, I think I’d still be doing some scrupulous re-checking of my internal security.