Sunday 5 June 2011

Hackers Target FBI Affiliate, Post Passwords Online, Hacking collective targets FBI affiliate after Nintendo and Sony attacks

Nearly 180 passwords belonging to members of an Atlanta-based FBI affiliate have been stolen and leaked to the Internet, the group confirmed Sunday.

The logins belonged to members of the local chapter of InfraGard, a public-private partnership devoted to sharing information about threats to U.S. physical and Internet infrastructure, the chapter's president told The Associated Press.

"Someone did compromise the website," InfraGard Atlanta Members Alliance President Paul Farley said in a brief email exchange. "We do not at this time know how the attack occurred or the method used to reveal the passwords."

Copies of the passwords — which appear to include users from the U.S. Army, cybersecurity organizations and major communications companies — were posted to the Internet by online hacking collective Lulz Security, which has claimed credit for a string of attacks in the past week.

In a statement, Lulz Security also claimed to have used one of the passwords to steal nearly 1,000 work and personal emails from the chief executive of Wilmington, Del.-based Unveillance LLC.

Lulz Security claimed it was acting in response to a recent report that the Pentagon was considering whether to classify some cyberattacks as acts of war.

The FBI said Sunday that it was aware of the incident and that steps were being taken to mitigate the damage. Farley said InfraGard's website had been taken down and that members had been advised to change their passwords and beware of further attacks.

Farley added that his group — a volunteer organization — had had no previous involvement with Lulz Security, which describes itself as a collective of hackers who attack weakly-protected websites for fun. Lulz is a reference to Internetspeak for "laugh out loud."

The collective appears to have had a busy week.

Earlier Sunday, Nintendo said it had been targeted in a recent online data attack claimed by Lulz Security. Nintendo said no personal or company information was lost.

On Thursday, Lulz Security boasted of a major breach which saw as many as tens of thousands of Sony users' details posted to the Internet.

The group has also claimed credit for defacing the PBS website after the public television broadcaster aired a documentary seen as critical of WikiLeaks founder Julian Assange.

Emails and other messages seeking comment from the group over the past few days have gone unanswered, although it maintains an active presence on microblogging site Twitter, where it taunts its opponents and promises more hacks.


Hacking collective targets FBI affiliate after Nintendo and Sony attacks

Passwords stolen from 180 members of non-profit organisation InfraGard, including military users and cybersecurity companies

Computer login page

Hackers claim to have used an InfraGard password to steal nearly 1,000 work and personal emails from one chief executive. Photograph: Gregor Schuster/zefa/Corbis

A US private sector affiliate of the FBI has become the latest target of a hackers' collective, which recently penetrated the online security defences of Nintendo and Sony.

Nearly 180 passwords belonging to members of the Atlanta chapter of InfraGard were stolen, according to the non-profit organisation, which connects businesses with law enforcement authorities.

Copies of the passwords – which appeared to include users from the US military, cybersecurity organisations and major communications companies – were posted online by the anonymous hacking collective, Lulz Security.

"Someone did compromise the website," the Associated Press was told by InfraGard Atlanta president, Paul Farley. "We do not at this time know how the attack occurred or the method used to reveal the passwords."

InfraGard started out as an FBI programme and now works with the bureau in the exchange of information concerning terrorism, intelligence, criminal and security matters.

Lulz Security claimed, in a statement, to have used one of the passwords to steal nearly 1,000 work and personal emails from the chief executive of Unveillance LLC, a data leak intelligence company based in Delaware. The group claimed it was responding to a recent report that said the Pentagon was considering whether to classify some cyberattacks as acts of war.

The FBI said on Sunday it was aware of the incident and that steps were being taken to mitigate the damage.

Details of the attack on InfraGard came after Nintendo said it had been targeted by Lulz Security, which describes itself as a collective of hackers who attack weakly protected websites for fun. The group published a server configuration file purportedly from a Nintendo secure server on the internet after a separate security breach.

A Nintendo spokesman said on Sunday: "We are always working to make sure our systems are secure." Nintendo is preparing to launch a new online service this week at E3, the annual video games conference in Los Angeles.

On Thursday, Lulz Security boasted of a major breach in which tens of thousands of Sony users' details were posted to the internet. Sony has contacted the FBI.

The incidents are the latest in a series of high-profile hacking attacks. The military firm Lockheed Martin and the US public news service PBS have also come under attack recently.

Hackers thought to be based in China last week broke into Gmail accounts used by US government officials while Anonymous, the hackers' collective that launched a series of attacks against financial institutions, recently made public more than 10,000 emails it stole from Iran's ministry of foreign affairs.

No comments: