Lulz Security, the hacking group that broke into a number of Sony servers and then denied any moral responsibility for repercussions of that hack, is at it again. The group discovered a security issue on one of Nintendo's Web servers, published the user database of an FBI information sharing program, and for good measure, published the source code to another Sony Web property.

The Nintendo hack was minor; LulzSec found a configuration issue and exploited it to retrieve an Apache configuration file, which it duly published. The group said that the issue has since been fixed while expressing its love for the company, and said that it would never harm Nintendo, or one-time Nintendo rival Sega.

'Sup, FBI

InfraGard is a spin-off of an FBI program to assist the sharing of information and analysis within the FBI, and between the FBI and other law enforcement agencies. The group has chapters around the US, and LulzSec broke into the Atlanta chapter's website. The hackers compromised around 180 login accounts, all belonging to FBI agents or private sector companies that work with the FBI, many of them with passwords reused in multiple systems.

One particular password was used by Karim Hijazi, the founder of Unveillance, a company specializing in data breaches and botnets. He used the same password for InfraGard, his personal Gmail account, and Unveillance's Gmail account. In a move that mimicked the Anonymous attack on security firm HBGary—another hack enabled by the use of shared passwords—LulzSec took the opportunity to copy and distribute Hijazi's corporate e-mail.

LulzSec also engaged Hijazi in conversation, and claim that he offered the group money in return for their silence; they say also that he offered money to break into the sites of Unveillance's competition.

Unveillance in turn says that Hijazi didn't reuse his passwords and that LulzSec was attempting to extort money from him.

Don't forget Sony

The hacking group's campaign against Sony is also continuing; today the group released a large quantity of PHP source code that Sony uses in its Sony Computer Entertainment Developer Network. SCE DevNet is a private Sony site used by registered developers for the company's various gaming platforms.

The FBI was claimed to be fighting back in a post made to the Full Disclosure mailing list. The post includes an IRC chat log—one featuring the names Topiary and joepie91, two people involved in Anonymous' operations—and the claim that one LulzSec member, known as both xyz and ev0, was currently in FBI custody.

These claims were vigorously denied by LulzSec, with the group saying that the IRC channel was just an offshoot used for recruiting, and that none of the people quoted were involved with the hacking group. Further, they deny all knowledge of xyz/ev0. Further posts to Full Disclosure would appear to corroborate LulzSec's claims: the "dox" referenced by the initial Full Disclosure post are from a pastebin post that is several weeks old.