The Observer Posted June 4, 2011 Share Posted June 4, 2011 It has come to our unfortunate attention that NATO and our good friend Barrack Osama-Llama 24th-century Obama have recently upped the stakes with regard to hacking. They now treat hacking as an act of war. So, we just hacked an FBI affiliated website (Infragard, specifically the Atlanta chapter) and leaked its user base. We also took complete control over the site and defaced it, check it out if it's still up: http://infragardatlanta.org/ While not very many logins (around 180), we'd like to take the time to point out that all of them are affiliated with the FBI in some way. Most of them reuse their passwords in other places, which is heavily frowned upon in the FBI/Infragard handbook and generally everywhere else too. One of them, Karim Hijazi, used his Infragard password for his personal gmail, and the gmail of the company he owns. "Unveillance", a whitehat company that specializes in data breaches and botnets, was compromised because of Karim's incompetence. We stole all of his personal emails and his company emails. We also briefly took over, among other things, their servers and their botnet control panel. After doing so, we contacted Karim and told him what we did. After a few discussions, he offered to pay us to eliminate his competitors through illegal hacking means in return for our silence. Karim, a member of an FBI-related website, was willing to give us money and inside info in order to destroy his opponents in the whitehat world. We even discussed plans for him to give us insider botnet information. Naturally we were just stringing him along to further expose the corruption of whitehats. Please find enclosed Karim's full contact details and a log of him talking to us through IRC. Also, enjoy 924 of his internal company emails - we have his personal gmail too, unreleased. We call upon journalists and other writers to delve through the emails carefully, as we have uncovered an operation orchestrated by Unveillance and others to control and assess Libyan cyberspace through malicious means: the U.S. government is funding the CSFI to attack Libya's cyber infrastructure. You will find the emails of all 23 people involved in the emails. Unveillance was also involved in a scheme where they paid an Indian registrar $2000 to receive 100 domains a month that may be deemed as botnet C&Cs. Shameful ploys by supposed "whitehats". We accept your threats, NATO. Game on, losers. Now we are all sons of [bleep]es, Lulz Security http://pastebin.com/MQG0a130 In a self-titled hack attack called "F**k FBI Friday" the hacking group known as LulzSec has published details on users and associates of the non-profit organization known as Infragard. Infragard describes itself as a non-profit focused on being an interface between the private sector and individuals with the FBI. LulzSec published 180 usernames, hashed passwords, plain text passwords, real names and email addresses. Where did the plain text passwords come from? Considering LulzSec was able to decrypt them it would imply that the hashes were not salted, or that the salt used was stored in an insecure manner. One interesting point to note is that not all of the users passwords were cracked... Why? Because these users likely used passwords of reasonable complexity and length. This makes brute forcing far more difficult and LulzSec couldn't be bothered to crack them. In addition to stealing data from Infragard, LulzSec also defaced their website with a joke YouTube video and the text "LET IT FLOW YOU STUPID FBI BATTLESHIPS" in a window titled "NATO - National Agency of Tiny Origamis LOL". http://sophosnews.files.wordpress.com/2011/06/infragarddefaced500.png?w=500&h=464 http://nakedsecurity.sophos.com/2011/06/04/infragard-atlanta-an-fbi-affiliate-hacked-by-lulzsec/ -- more LulzSec is a hacking group that has been upping its game over the pass month hacking the following; X-Factor Contestants Database - Sony Pictures & Sony BMG (1 million account details leaked online) - Lockheed - PBS Website taken over (http://i.imgur.com/DsgWI.jpg front page of Wall Street Journal) and more. Yesterday they hacked into: http://infragardatlanta.org/ Link to comment Share on other sites More sharing options...
The_Gabe Posted June 4, 2011 Share Posted June 4, 2011 That can't be good. Three months banishment to 9gag is something i would never wish upon anybody, not even my worst enemy. Link to comment Share on other sites More sharing options...
sohkmj1 Posted June 4, 2011 Share Posted June 4, 2011 I have no idea what they're trying to prove. Link to comment Share on other sites More sharing options...
shasta_sms Posted June 4, 2011 Share Posted June 4, 2011 Next on their list, Jagex. As they try to unban all accounts muhahaha. Link to comment Share on other sites More sharing options...
Cheat Posted June 4, 2011 Share Posted June 4, 2011 If a group of amateur hackers can do this what happens when China gets ratty? Pedicabo ego vos et irrumaboMinigames: Level 5 in All Barbarian Assault Roles PM me in game or on these forums to play. Over 500 Castle Wars Games with 460+ Tickets. Link to comment Share on other sites More sharing options...
rangers5000 Posted June 4, 2011 Share Posted June 4, 2011 These hackers just do it fir the lols? Link to comment Share on other sites More sharing options...
Bows Posted June 4, 2011 Share Posted June 4, 2011 That can't be good. Link to comment Share on other sites More sharing options...
jasignhagj Posted June 4, 2011 Share Posted June 4, 2011 Good for them. What America and Canada are doing to the internet is a disgrace, and I enjoy seeing them lose face over this. I do fear that this will just end up being used to further the anti-freedom side's cause though. Link to comment Share on other sites More sharing options...
Alg Posted June 4, 2011 Share Posted June 4, 2011 >[bleep] with people just because you can>wonder why they are trying to limit anonymity on the internet :/This. These [bleep]ers are going to be the ones that ruin it for everyone. Don't know about you, but I can't wait for it to happen. The [cabbage]storm will be hilarious. I painted some stuff and put it on tumblr Link to comment Share on other sites More sharing options...
mcneilp Posted June 4, 2011 Share Posted June 4, 2011 >[bleep] with people just because you can>wonder why they are trying to limit anonymity on the internet :/This. These [bleep]ers are going to be the ones that ruin it for everyone. Don't know about you, but I can't wait for it to happen. The [cabbage]storm will be hilarious.Yeah, I agree with these guys. What they're doing is completely counter-productive (if thats the word). It isn't in the castle, It isn't in the mist, It's a calling of the waters, As they break to show, The new Black Death, With reactors aglow, Do you think your security, Can keep you in purity, You will not shake us off above or belowScottish frictionScottish fiction Link to comment Share on other sites More sharing options...
tripsis Posted June 4, 2011 Share Posted June 4, 2011 Are we supposed to applaud them for this? What's the point? They're just making themselves look like idiots imo. - 99 fletching | 99 thieving | 99 construction | 99 herblore | 99 smithing | 99 woodcutting - - 99 runecrafting - 99 prayer - 125 combat - 95 farming - - Blog - DeviantART - Book Reviews & Blog Link to comment Share on other sites More sharing options...
The Observer Posted June 4, 2011 Author Share Posted June 4, 2011 Are we supposed to applaud them for this? What's the point? They're just making themselves look like idiots imo. Agreed. Just removing every argument for anonymity on the Internet one by one. Link to comment Share on other sites More sharing options...
marcustullius Posted June 4, 2011 Share Posted June 4, 2011 To be fair, their hack of Sony Entertainment or whatever was to show how laughable their security was, hopefully more companies start taking security seriously and not doing [developmentally delayed]ed [cabbage] like keeping passwords in a plain text file. Link to comment Share on other sites More sharing options...
tripsis Posted June 4, 2011 Share Posted June 4, 2011 To be fair, their hack of Sony Entertainment or whatever was to show how laughable their security was, hopefully more companies start taking security seriously and not doing [developmentally delayed]ed [cabbage] like keeping passwords in a plain text file.If they actually want to do it to help the companies, they'd keep it private: do the hacking and then contact the company saying, "Look what I did. Up your security." Reading the quote above, it really sounds like they're just doing it for fun, because they can, and to see how much they can get away with. We accept your threats, NATO. Game on, losers. - 99 fletching | 99 thieving | 99 construction | 99 herblore | 99 smithing | 99 woodcutting - - 99 runecrafting - 99 prayer - 125 combat - 95 farming - - Blog - DeviantART - Book Reviews & Blog Link to comment Share on other sites More sharing options...
Dheginsea Posted June 4, 2011 Share Posted June 4, 2011 To be fair, their hack of Sony Entertainment or whatever was to show how laughable their security was, hopefully more companies start taking security seriously and not doing [developmentally delayed]ed [cabbage] like keeping passwords in a plain text file. exactly I once met a man named Jesus at a Home Depot. Is this the Messiah returned at last? And i once beat someone named Jesus in a chess game. Does that mean I'm smarter than the messiah?BOW TO THE NEW MESSIAH Maybe a president who didn't believe our soldiers were going to heaven, might be a little less willing to get them killed. ~ Bill MaherBarrows drops: 2 Karil's Coifs (on double drop day) 92,150th person to 99 defense Link to comment Share on other sites More sharing options...
marcustullius Posted June 4, 2011 Share Posted June 4, 2011 To be fair, their hack of Sony Entertainment or whatever was to show how laughable their security was, hopefully more companies start taking security seriously and not doing [developmentally delayed]ed [cabbage] like keeping passwords in a plain text file.If they actually want to do it to help the companies, they'd keep it private: do the hacking and then contact the company saying, "Look what I did. Up your security." Reading the quote above, it really sounds like they're just doing it for fun, because they can, and to see how much they can get away with. Customers deserve to know if companies aren't taking the protection of their information seriously. Protecting that kind of information is very serious, and if a group of random people like Lulzsec or the people who hacked the PSN can do it so easily, then it's a good thing they did it before a more malicious group could do it. Also, in regards to contacting the companies privately:After doing so, we contacted Karim and told him what we did. After a few discussions, he offered to pay us to eliminate his competitors through illegal hacking means in return for our silence. Karim, a member of an FBI-related website, was willing to give us money and inside info in order to destroy his opponents in the whitehat world. We even discussed plans for him to give us insider botnet information. Naturally we were just stringing him along to further expose the corruption of whitehats. Link to comment Share on other sites More sharing options...
The Observer Posted June 4, 2011 Author Share Posted June 4, 2011 After doing so, we contacted Karim and told him what we did. After a few discussions, he offered to pay us to eliminate his competitors through illegal hacking means in return for our silence. Karim, a member of an FBI-related website, was willing to give us money and inside info in order to destroy his opponents in the whitehat world. We even discussed plans for him to give us insider botnet information. Naturally we were just stringing him along to further expose the corruption of whitehats. Their intent was different as shown by that last sentence. Link to comment Share on other sites More sharing options...
marcustullius Posted June 5, 2011 Share Posted June 5, 2011 After doing so, we contacted Karim and told him what we did. After a few discussions, he offered to pay us to eliminate his competitors through illegal hacking means in return for our silence. Karim, a member of an FBI-related website, was willing to give us money and inside info in order to destroy his opponents in the whitehat world. We even discussed plans for him to give us insider botnet information. Naturally we were just stringing him along to further expose the corruption of whitehats. Their intent was different as shown by that last sentence. The dude offered to pay them to perform attacks on competitors. I'm sure them trying to string him along had some impact on how he responded, but the fact that he even offered is why contacting the company is silly. These companies know their system are insecure, but they won't actually bother taking time to fix it until something like this happens. Although personally, I don't think I would release all the personal information on to torrents. Link to comment Share on other sites More sharing options...
Danqazmlp Posted June 5, 2011 Share Posted June 5, 2011 I agree with some other people above when they say this is totally counter-productive. This is screws the internet over for everybody else. It's like those teenagers who give all young people a bad name due to the things they do. There really is no moral high-ground for them to stand on. They are doing it to be pains for everybody else because they can. Want to be my friend? Look under my name to the left<<< and click the 'Add as friend' button!Big thanks to Stevepole for the signature!^ Link to comment Share on other sites More sharing options...
RpgGamer Posted June 5, 2011 Share Posted June 5, 2011 LulzSec is the antichrist of the 4chan /b/retheren. It must be destroyed. KILL IT WITH FIRE. Quote Quote Anyone who likes tacos is incapable of logic. Anyone who likes logic is incapable of tacos. PSA: SaqPrets is an Estonian Dude Steam: NippleBeardTM Origin: Brand_New_iPwn Link to comment Share on other sites More sharing options...
Dheginsea Posted June 5, 2011 Share Posted June 5, 2011 ##We call upon journalists and other writers to delve through the emails carefully, as we have#uncovered an operation orchestrated by Unveillance and others to control and assess Libyan#cyberspace through malicious means: the U.S. government is funding the CSFI to attack Libya's#cyber infrastructure. You will find the emails of all 23 people involved in the emails. Anyone else see this part? I once met a man named Jesus at a Home Depot. Is this the Messiah returned at last? And i once beat someone named Jesus in a chess game. Does that mean I'm smarter than the messiah?BOW TO THE NEW MESSIAH Maybe a president who didn't believe our soldiers were going to heaven, might be a little less willing to get them killed. ~ Bill MaherBarrows drops: 2 Karil's Coifs (on double drop day) 92,150th person to 99 defense Link to comment Share on other sites More sharing options...
RpgGamer Posted June 5, 2011 Share Posted June 5, 2011 ##We call upon journalists and other writers to delve through the emails carefully, as we have#uncovered an operation orchestrated by Unveillance and others to control and assess Libyan#cyberspace through malicious means: the U.S. government is funding the CSFI to attack Libya's#cyber infrastructure. You will find the emails of all 23 people involved in the emails. Anyone else see this part? you sir...just blew my mind Quote Quote Anyone who likes tacos is incapable of logic. Anyone who likes logic is incapable of tacos. PSA: SaqPrets is an Estonian Dude Steam: NippleBeardTM Origin: Brand_New_iPwn Link to comment Share on other sites More sharing options...
dusky Posted June 5, 2011 Share Posted June 5, 2011 What's with all the negative responses on this thread? When did [bleep]ing with the government become something to be shunned? [bleep] the pigs :thumbsup: 99 Fletching - 01/08/0899 Theiving - 09/11/0899 Cooking - 12/13/0899 Runecrafting - 10/23/0999 Strength - 05/07/10 Link to comment Share on other sites More sharing options...
Furah Posted June 5, 2011 Share Posted June 5, 2011 I applaud what they are doing. To be fair, their hack of Sony Entertainment or whatever was to show how laughable their security was, hopefully more companies start taking security seriously and not doing [developmentally delayed]ed [cabbage] like keeping passwords in a plain text file.If they actually want to do it to help the companies, they'd keep it private: do the hacking and then contact the company saying, "Look what I did. Up your security." Reading the quote above, it really sounds like they're just doing it for fun, because they can, and to see how much they can get away with.Oh please, people have been doing that for decades, even being arrested for helping out the companies in these ways. The fact that people still store passwords in a plain text file show that being discreet does not work. If discretion doesn't work then your best bet is the other extreme, as vocal and obvious as possible. If people can gain access to my information like that I want to be informed. Especially since there have been cases where companies haven't acted out on the information given to them for months, as I discovered as part of an assignment for TAFE. Steam | PM me for BBM PIN Nine naked men is a technological achievement. Quote of 2013. PCGamingWiki - Let's fix PC gaming! Link to comment Share on other sites More sharing options...
tripsis Posted June 5, 2011 Share Posted June 5, 2011 I applaud what they are doing. To be fair, their hack of Sony Entertainment or whatever was to show how laughable their security was, hopefully more companies start taking security seriously and not doing [developmentally delayed]ed [cabbage] like keeping passwords in a plain text file.If they actually want to do it to help the companies, they'd keep it private: do the hacking and then contact the company saying, "Look what I did. Up your security." Reading the quote above, it really sounds like they're just doing it for fun, because they can, and to see how much they can get away with.Oh please, people have been doing that for decades, even being arrested for helping out the companies in these ways. The fact that people still store passwords in a plain text file show that being discreet does not work. If discretion doesn't work then your best bet is the other extreme, as vocal and obvious as possible. If people can gain access to my information like that I want to be informed. Especially since there have been cases where companies haven't acted out on the information given to them for months, as I discovered as part of an assignment for TAFE.If their intent was actually to help the companies - fine. But I think it's pretty clear from the quotes that they're doing it for stupid "look at what we can do and get away with" reasons. It doesn't seem like they're trying to help anyone. They just want to show off and piss people off. - 99 fletching | 99 thieving | 99 construction | 99 herblore | 99 smithing | 99 woodcutting - - 99 runecrafting - 99 prayer - 125 combat - 95 farming - - Blog - DeviantART - Book Reviews & Blog Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now