Password security: LulzSec reveals FBI agents on Infragard reused passwords

ard

By IB Times Staff Reporter: Subscribe to IB's

June 4, 2011 9:06 PM EDT

Sony hackers LulzSec group defaced the website of FBI affiliate Infragard, stole user database and posted them online. The daring attack gives a glimpse of hackers' tentacles reaching for ‘up-hanging’ fruits like the country’s vaulted police force. It also passed on a minor lesson -- in password security.

Share This Story

The hack ate tack revealed that many FBI staff who were on members of Infragard did not follow mandatory password security norms and guidelines.

The LulzSec found it by testing the stolen passwords against other websites. They found that many members, including FBI agents, were probably using weak passwords. And more importantly, they were reusing passwords on other web sites, which caused severe flaws in data security. Moreover this was in blatant violation of official guidelines.

The LulzSec's "F**k FBI Friday" attack was followed up with the publication online of as many as 180 usernames, hashed passwords, plain text passwords as well as real names of Infragard members and email addresses.

One interesting feature of the attack was that not all passwords were hacked. A report in the nakedsecurity.com points out that LulzSec didn’t crack the passwords of members who users probably used passwords of reasonable complexity and length. "This makes brute forcing far more difficult and LulzSec couldn't be bothered to crack them," the report says.

Follow us

And LulzSec tested out the passwords against other services. The findings were interesting -- Many were reusing passwords on their sites, compromising security. "LulzSec singled out one of these users, Karim Hijazi, who used his Infragard password for both his personal and corporate Gmail accounts according to the hackers," the report says.

Meanwhile, a twist in the tale emerged on Saturday with Hijazi, who runs botnet-tracking company Unveillance, alleging that the LulzSec had threatened to post information stolen from on Infragard if he didn't pass on security information about botnets.

Earlier, LulzSec had alleged that Hijazi had offered them money to hack into his competitor’s website and to stay silent about his own database, when they informed him that his personal communication including that through Gmail has been compromised.

This article is copyrighted by International Business Times, the business news leader
Sponsor Link:

We recommend

News From Partners

More from Tech

Join the Conversation

Popular Multimedia

Most Read
  1. The LeapLeap Motion Brings 3-D Motion Control Technology To Laptops And Desktops [VIDEO]
  2. How Does An Accelerometer Work In A Smartphone? Bill Hammack, "The Engineer Guy," Explains [FULL TEXT]
  3. New iPhoneiPhone 5: New Display to be 4.1in, Leaked Screen Bezel Reveals
  4. DmC Devil May Cry reboot: New character Kat Devil May Cry DmC: Release Date January 2013 [SLIDESHOW]
  5. Google ChromeGoogle Chrome Overtakes Internet Explorer as World's Most Popular Web Browser

World
Canada Commits 300 Million to Afghanistan, But No Troops

Recommended for you
Close
  1. The LeapLeap Motion Brings 3-D Motion Control Technology To Laptops And Desktops [VIDEO]
  2. How Does An Accelerometer Work In A Smartphone? Bill Hammack, "The Engineer Guy," Explains [FULL TEXT]Accelerometers are devices that can measure acceleration, but in smartphones, they're able to detect changes in orientation and tell the screen to rotate. Basically, it knows up from down.