After venting out their ire against Sony PlayStation Network and Sony Pictures, hackers have pointed their guns at the Federal Bureau of Investigation.
The group LulzSec has hacked an FBI-affiliated website called InfraGard and siphoned off with the details of around 180 users. The attack was on their Atlanta chapter.
InfraGard is a government and private sector alliance which provides actionable intelligence to protect critical national information infrastructure. The website defines its role as: InfraGard is an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. The site has over 42,026 members.
The recently-drafted cyber strategy of the U.S. Department of Defense (DoD) that termed hacking as an act of war was cited by LulzSec as the primary reason for attacking the government site.
LulzSec stole username, e-mail IDs, and passwords of users from the website. The hackers further stated that most of the users stood in contradiction to FBI rule under which they are not supposed to use the same password on other websites -- an anomaly which is heavily frowned upon in the FBI and Infragard handbook.
This glitch led the hackers to lay bare the email id of one of the InfraGard users Karim Hijazi. He re-used his password for InfraGard website to access his personal Gmail account. Using details from Hijazi's account, the hackers were able to enter into his company called Unveillance, a whitehat firm that holds expertise in data breaches and botnets.
The hackers then contacted Hijazi, who they claimed was willing to offer them funds to eliminate his competitors in the market. Hijazi was also reportedly willing to part with the inside info in return for hackers' silence.
LulzSec also warned that Unveillance was formulating an operation to seize control of Libyan cyberspace through unlawful means. It states that the U.S. government is funding the CSFI to attack Libya's cyberspace. The hackers also published e-mails of 23 people who are supposedly involved in the project.
LulzSec claims that it recently hacked Sony Pictures and stole personal details of over 1,000,000 users. The information stolen included passwords, email address, home address and date of birth. They also stole admin details which included 75,000 music codes and 3.5 million music coupons.
In the SonyPictures fiasco the hacker group claims that Sony stored user password in plain text instead of encrypting the information. LulzSec said that this loophole meant Sony was asking for it.
Since they mentioned Libya and NATO in their message, will NATO be the next target?