LulzSec Hackers Go After FBI Affiliates
The FBI-affiliated "public-private partnership" Infragard Atlanta was hacked on Friday evening, exposing what's purported to be the non-profit company's user database and defacing the website ("LET IT FLOW YOU STUPID FBI BATTLESHIPS.") The perpetrators? Our old friends at Lulz Security.
LulzSec, the group behind the recent hacks of Sony user data and the PBS website announced on Twitter last night that it had hacked the Atlanta branch of Infragard, an FBI-affiliated non-profit that the ACLU describes as "close[...] to a corporate TIPS program, turning private-sector corporations... into surrogate eyes and ears for the FBI."
Their motive, the group wrote in a statement published to Pastebin, was the recent anti-hacking overtures from the U.S. Government and NATO:
It has come to our unfortunate attention that NATO and our good friend Barrack Osama-Llama 24th-century Obama [sic] have recently upped the stakes with regard to hacking. They now treat hacking as an act of war. So, we just hacked an FBI affiliated website (Infragard, specifically the Atlanta chapter) and leaked its user base. We also took complete control over the site and defaced it[.]
The Infragard Atlanta site is now down entirely, but for a while last night it looked like the screen shot above (courtesy Boing Boing's Rob Beschizza, who describes the embedded YouTube video as "someone LulzSec has argued with on Twitter, being insulted by an interviewer"). The passwords in the database were encrypted, but cracked.
Using the database they obtained in the Infragard breach, the LulzSec hackers were able to access the personal and business email of Karim Hijazi, a "white-hat" ("good guy") hacker who runs a security company called Unveillance. (Hijazi, stupidly, used the same password across most of his email accounts.) In addition to the Infragard database, LulzSec released Hijazi's "full contact details... a log of him talking to us through IRC... [and] 924 of his internal company emails"; they claim he attempted to offer the group money to go after his enemies. Hijazi has since released a statement disputing the claims of the hacking group; in response, LulzSec released another statement, its second of the day. It's just like a real-life The Matrix!
Update: Unveillance's Michael Sias writes us to express "surprise" that we "gave [LulzSec] so much credibility" and complain that it "isn't very fair" of us to quote LulzSec and not Hijazi. Fair enough! We removed a quote from the LulzSec release; if you really care about the great hacker battle of June 2011, we encourage you to read all three releases and the IRC log.