DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

What impact will the Sony and Infragard hacks have?

Posted on June 4, 2011 by Dissent

Chester Wisniewski writes:

In a self-titled hack attack called “F**k FBI Friday” the hacking group known as LulzSec has published details on users and associates of the non-profit organization known as Infragard.

Infragard describes itself as a non-profit focused on being an interface between the private sector and individuals with the FBI. LulzSec published 180 usernames, hashed passwords, plain text passwords, real names and email addresses.

[…]

Read more on Naked Security.

In its press release yesterday, LulzSec posted to Pastebin:

LulzSec versus FBI (we challenge you, NATO!)

[…]

Dear Internets,

It has come to our unfortunate attention that NATO and our good friend Barrack Osama-Llama 24th-century Obama have recently upped the stakes with regard to hacking. They now treat hacking as an act of war. So, we just hacked an FBI affiliated website (Infragard, specifically the Atlanta chapter) and leaked its user base. We also took complete control over the site and defaced it, check it out if it’s still up: http://infragardatlanta.org/

While not very many logins (around 180), we’d like to take the time to point out that all of them are affiliated with the FBI in some way. Most of them reuse their passwords in other places, which is heavily frowned upon in the FBI/Infragard handbook and generally everywhere else too.

One of them, Karim Hijazi, used his Infragard password for his personal gmail, and the gmail of the company he owns. “Unveillance”, a whitehat company that specializes in data breaches and botnets, was compromised because of Karim’s incompetence. We stole all of his personal emails and his company emails. We also briefly took over, among other things, their servers and their botnet control panel.

After doing so, we contacted Karim and told him what we did. After a few discussions, he offered to pay us to eliminate his competitors through illegal hacking means in return for our silence. Karim, a member of an FBI-related website, was willing to give us money and inside info in order to destroy his opponents in the whitehat world. We even discussed plans for him to give us insider botnet information.

Naturally we were just stringing him along to further expose the corruption of whitehats. Please find enclosed Karim’s full contact details and a log of him talking to us through IRC. Also, enjoy 924 of his internal company emails – we have his personal gmail too, unreleased.

We call upon journalists and other writers to delve through the emails carefully, as we have uncovered an operation orchestrated by Unveillance and others to control and assess Libyan cyberspace through malicious means: the U.S. government is funding the CSFI to attack Libya’s cyber infrastructure. You will find the emails of all 23 people involved in the emails.

Unveillance was also involved in a scheme where they paid an Indian registrar $2000 to receive 100 domains a month that may be deemed as botnet C&Cs. Shameful ploys by supposed “whitehats”.

We accept your threats, NATO. Game on, losers.

Now we are all sons of bitches,

Lulz Security

Links to the chat log and Karim’s email followed the text above.

The recent hacks by LulzSec have generated mixed reactions.  On the one hand, there are those who appear to be reveling in the hacks and the group’s apparently successful attempts to embarrass Sony.  On the other hand, there are those who point out that people’s personal information is being exposed and that they have become victims/pawns in the campaign to embarrass others.

Undoubtedly the Secret Service will be all over these hacks.  But where does Congress go from here?  Will they look at the recent spate of attacks and take it as a wake-up call to impose serious security and data protection/retention requirements on businesses or entities that collect and store personally identifiable information?  Or will they look at everything and say, “Well, woe, maybe we shouldn’t be too harsh because if it’s happening to even well-funded operations, what chance do small businesses have to provide adequate security?”

And what will consumers make of all this? Will they do anything differently going forward in terms of not reusing passwords across sites or not giving their real data to entities if it’s not really needed?  Are consumers becoming numb to breaches and going into a learned helplessness pattern instead of taking action to change the future?

Related posts:

  • LulzSec the time line, history, information links, images videos and haters
  • “I’m Not Pro-Russia and I’m Not a Terrorist!” —- InfraGard and Airbus Hacker “USDoD” Unveils His New Campaigns
  • Operation Anti Security Breakdown and targets, the full time line
  • Main stream Media will take anything, LulzSec & Anonymous are not Extremist
Category: Breach IncidentsBusiness SectorHackU.S.

Post navigation

← Sony Europe hacked by Lebanese hacker… Again
Editorial: Let me make my own decisions, thankyouverymuch →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.