Jump to content

FBI-related site Hacked


The Observer

Recommended Posts

It has come to our unfortunate attention that NATO and our good friend Barrack Osama-Llama 24th-century Obama have recently upped the stakes with regard to hacking. They now treat hacking as an act of war. So, we just hacked an FBI affiliated website (Infragard, specifically the Atlanta chapter) and leaked its user base. We also took complete control over the site and defaced it, check it out if it's still up: http://infragardatlanta.org/ While not very many logins (around 180), we'd like to take the time to point out that all of them are affiliated with the FBI in some way.

 

Most of them reuse their passwords in other places, which is heavily frowned upon in the FBI/Infragard handbook and generally everywhere else too. One of them, Karim Hijazi, used his Infragard password for his personal gmail, and the gmail of the company he owns. "Unveillance", a whitehat company that specializes in data breaches and botnets, was compromised because of Karim's incompetence. We stole all of his personal emails and his company emails. We also briefly took over, among other things, their servers and their botnet control panel.

 

After doing so, we contacted Karim and told him what we did. After a few discussions, he offered to pay us to eliminate his competitors through illegal hacking means in return for our silence. Karim, a member of an FBI-related website, was willing to give us money and inside info in order to destroy his opponents in the whitehat world. We even discussed plans for him to give us insider botnet information. Naturally we were just stringing him along to further expose the corruption of whitehats.

 

Please find enclosed Karim's full contact details and a log of him talking to us through IRC. Also, enjoy 924 of his internal company emails - we have his personal gmail too, unreleased. We call upon journalists and other writers to delve through the emails carefully, as we have uncovered an operation orchestrated by Unveillance and others to control and assess Libyan cyberspace through malicious means: the U.S. government is funding the CSFI to attack Libya's cyber infrastructure. You will find the emails of all 23 people involved in the emails. Unveillance was also involved in a scheme where they paid an Indian registrar $2000 to receive 100 domains a month that may be deemed as botnet C&Cs. Shameful ploys by supposed "whitehats". We accept your threats, NATO. Game on, losers. Now we are all sons of [bleep]es, Lulz Security

 

http://pastebin.com/MQG0a130

 

In a self-titled hack attack called "F**k FBI Friday" the hacking group known as LulzSec has published details on users and associates of the non-profit organization known as Infragard.

 

Infragard describes itself as a non-profit focused on being an interface between the private sector and individuals with the FBI. LulzSec published 180 usernames, hashed passwords, plain text passwords, real names and email addresses.

 

Where did the plain text passwords come from? Considering LulzSec was able to decrypt them it would imply that the hashes were not salted, or that the salt used was stored in an insecure manner.

 

One interesting point to note is that not all of the users passwords were cracked... Why? Because these users likely used passwords of reasonable complexity and length. This makes brute forcing far more difficult and LulzSec couldn't be bothered to crack them.

 

In addition to stealing data from Infragard, LulzSec also defaced their website with a joke YouTube video and the text "LET IT FLOW YOU STUPID FBI BATTLESHIPS" in a window titled "NATO - National Agency of Tiny Origamis LOL".

 

http://sophosnews.files.wordpress.com/2011/06/infragarddefaced500.png?w=500&h=464

 

http://nakedsecurity.sophos.com/2011/06/04/infragard-atlanta-an-fbi-affiliate-hacked-by-lulzsec/ -- more

 

LulzSec is a hacking group that has been upping its game over the pass month hacking the following; X-Factor Contestants Database - Sony Pictures & Sony BMG (1 million account details leaked online) - Lockheed - PBS Website taken over (http://i.imgur.com/DsgWI.jpg front page of Wall Street Journal) and more.

 

Yesterday they hacked into: http://infragardatlanta.org/

j0xPu5R.png

Link to comment
Share on other sites

If a group of amateur hackers can do this what happens when China gets ratty?

Pedicabo ego vos et irrumabo
2mqj8rr.png
Minigames: Level 5 in All Barbarian Assault Roles PM me in game or on these forums to play. Over 500 Castle Wars Games with 460+ Tickets.

Link to comment
Share on other sites

Good for them. What America and Canada are doing to the internet is a disgrace, and I enjoy seeing them lose face over this.

 

I do fear that this will just end up being used to further the anti-freedom side's cause though.

Link to comment
Share on other sites

>[bleep] with people just because you can

>wonder why they are trying to limit anonymity on the internet

 

:/

This. These [bleep]ers are going to be the ones that ruin it for everyone. Don't know about you, but I can't wait for it to happen. The [cabbage]storm will be hilarious.

Yeah, I agree with these guys. What they're doing is completely counter-productive (if thats the word).

It isn't in the castle, It isn't in the mist, It's a calling of the waters, As they break to show, The new Black Death, With reactors aglow, Do you think your security, Can keep you in purity, You will not shake us off above or below

Scottish friction

Scottish fiction

Link to comment
Share on other sites

Are we supposed to applaud them for this? What's the point? They're just making themselves look like idiots imo.

Posted Image

 

- 99 fletching | 99 thieving | 99 construction | 99 herblore | 99 smithing | 99 woodcutting -

- 99 runecrafting - 99 prayer - 125 combat - 95 farming -

- Blog - DeviantART - Book Reviews & Blog

Link to comment
Share on other sites

Are we supposed to applaud them for this? What's the point? They're just making themselves look like idiots imo.

 

Agreed.

 

Just removing every argument for anonymity on the Internet one by one.

j0xPu5R.png

Link to comment
Share on other sites

To be fair, their hack of Sony Entertainment or whatever was to show how laughable their security was, hopefully more companies start taking security seriously and not doing [developmentally delayed]ed [cabbage] like keeping passwords in a plain text file.

Link to comment
Share on other sites

To be fair, their hack of Sony Entertainment or whatever was to show how laughable their security was, hopefully more companies start taking security seriously and not doing [developmentally delayed]ed [cabbage] like keeping passwords in a plain text file.

If they actually want to do it to help the companies, they'd keep it private: do the hacking and then contact the company saying, "Look what I did. Up your security." Reading the quote above, it really sounds like they're just doing it for fun, because they can, and to see how much they can get away with.

 

We accept your threats, NATO. Game on, losers.

Posted Image

 

- 99 fletching | 99 thieving | 99 construction | 99 herblore | 99 smithing | 99 woodcutting -

- 99 runecrafting - 99 prayer - 125 combat - 95 farming -

- Blog - DeviantART - Book Reviews & Blog

Link to comment
Share on other sites

To be fair, their hack of Sony Entertainment or whatever was to show how laughable their security was, hopefully more companies start taking security seriously and not doing [developmentally delayed]ed [cabbage] like keeping passwords in a plain text file.

 

exactly

Dheginsea.png

 

I once met a man named Jesus at a Home Depot. Is this the Messiah returned at last?

 

And i once beat someone named Jesus in a chess game. Does that mean I'm smarter than the messiah?

BOW TO THE NEW MESSIAH

 

 

Maybe a president who didn't believe our soldiers were going to heaven, might be a little less willing to get them killed. ~ Bill Maher

Barrows drops: 2 Karil's Coifs (on double drop day)

92,150th person to 99 defense

Link to comment
Share on other sites

To be fair, their hack of Sony Entertainment or whatever was to show how laughable their security was, hopefully more companies start taking security seriously and not doing [developmentally delayed]ed [cabbage] like keeping passwords in a plain text file.

If they actually want to do it to help the companies, they'd keep it private: do the hacking and then contact the company saying, "Look what I did. Up your security." Reading the quote above, it really sounds like they're just doing it for fun, because they can, and to see how much they can get away with.

 

 

Customers deserve to know if companies aren't taking the protection of their information seriously. Protecting that kind of information is very serious, and if a group of random people like Lulzsec or the people who hacked the PSN can do it so easily, then it's a good thing they did it before a more malicious group could do it.

 

Also, in regards to contacting the companies privately:

After doing so, we contacted Karim and told him what we did. After a few discussions, he offered to pay us to eliminate his competitors through illegal hacking means in return for our silence. Karim, a member of an FBI-related website, was willing to give us money and inside info in order to destroy his opponents in the whitehat world. We even discussed plans for him to give us insider botnet information. Naturally we were just stringing him along to further expose the corruption of whitehats.

Link to comment
Share on other sites

After doing so, we contacted Karim and told him what we did. After a few discussions, he offered to pay us to eliminate his competitors through illegal hacking means in return for our silence. Karim, a member of an FBI-related website, was willing to give us money and inside info in order to destroy his opponents in the whitehat world. We even discussed plans for him to give us insider botnet information. Naturally we were just stringing him along to further expose the corruption of whitehats.

 

Their intent was different as shown by that last sentence.

j0xPu5R.png

Link to comment
Share on other sites

After doing so, we contacted Karim and told him what we did. After a few discussions, he offered to pay us to eliminate his competitors through illegal hacking means in return for our silence. Karim, a member of an FBI-related website, was willing to give us money and inside info in order to destroy his opponents in the whitehat world. We even discussed plans for him to give us insider botnet information. Naturally we were just stringing him along to further expose the corruption of whitehats.

 

Their intent was different as shown by that last sentence.

 

The dude offered to pay them to perform attacks on competitors. I'm sure them trying to string him along had some impact on how he responded, but the fact that he even offered is why contacting the company is silly. These companies know their system are insecure, but they won't actually bother taking time to fix it until something like this happens. Although personally, I don't think I would release all the personal information on to torrents.

Link to comment
Share on other sites

I agree with some other people above when they say this is totally counter-productive. This is screws the internet over for everybody else. It's like those teenagers who give all young people a bad name due to the things they do.

 

 

There really is no moral high-ground for them to stand on. They are doing it to be pains for everybody else because they can.

Want to be my friend? Look under my name to the left<<< and click the 'Add as friend' button!

zqXeV.jpg

Big thanks to Stevepole for the signature!^

Link to comment
Share on other sites

LulzSec is the antichrist of the 4chan /b/retheren. It must be destroyed. KILL IT WITH FIRE.

Quote

 

Quote

Anyone who likes tacos is incapable of logic.

Anyone who likes logic is incapable of tacos.

 

PSA: SaqPrets is an Estonian Dude

Steam: NippleBeardTM

Origin: Brand_New_iPwn

Link to comment
Share on other sites

#

#

We call upon journalists and other writers to delve through the emails carefully, as we have

#

uncovered an operation orchestrated by Unveillance and others to control and assess Libyan

#

cyberspace through malicious means: the U.S. government is funding the CSFI to attack Libya's

#

cyber infrastructure. You will find the emails of all 23 people involved in the emails.

 

 

Anyone else see this part?

Dheginsea.png

 

I once met a man named Jesus at a Home Depot. Is this the Messiah returned at last?

 

And i once beat someone named Jesus in a chess game. Does that mean I'm smarter than the messiah?

BOW TO THE NEW MESSIAH

 

 

Maybe a president who didn't believe our soldiers were going to heaven, might be a little less willing to get them killed. ~ Bill Maher

Barrows drops: 2 Karil's Coifs (on double drop day)

92,150th person to 99 defense

Link to comment
Share on other sites

#

#

We call upon journalists and other writers to delve through the emails carefully, as we have

#

uncovered an operation orchestrated by Unveillance and others to control and assess Libyan

#

cyberspace through malicious means: the U.S. government is funding the CSFI to attack Libya's

#

cyber infrastructure. You will find the emails of all 23 people involved in the emails.

 

 

Anyone else see this part?

 

 

you sir...just blew my mind

Quote

 

Quote

Anyone who likes tacos is incapable of logic.

Anyone who likes logic is incapable of tacos.

 

PSA: SaqPrets is an Estonian Dude

Steam: NippleBeardTM

Origin: Brand_New_iPwn

Link to comment
Share on other sites

What's with all the negative responses on this thread? When did [bleep]ing with the government become something to be shunned? [bleep] the pigs :thumbsup:

99 Fletching - 01/08/08

99 Theiving - 09/11/08

99 Cooking - 12/13/08

99 Runecrafting - 10/23/09

99 Strength - 05/07/10

Link to comment
Share on other sites

I applaud what they are doing.

 

To be fair, their hack of Sony Entertainment or whatever was to show how laughable their security was, hopefully more companies start taking security seriously and not doing [developmentally delayed]ed [cabbage] like keeping passwords in a plain text file.

If they actually want to do it to help the companies, they'd keep it private: do the hacking and then contact the company saying, "Look what I did. Up your security." Reading the quote above, it really sounds like they're just doing it for fun, because they can, and to see how much they can get away with.

Oh please, people have been doing that for decades, even being arrested for helping out the companies in these ways. The fact that people still store passwords in a plain text file show that being discreet does not work. If discretion doesn't work then your best bet is the other extreme, as vocal and obvious as possible. If people can gain access to my information like that I want to be informed. Especially since there have been cases where companies haven't acted out on the information given to them for months, as I discovered as part of an assignment for TAFE.

Steam | PM me for BBM PIN

 

Nine naked men is a technological achievement. Quote of 2013.

 

PCGamingWiki - Let's fix PC gaming!

Link to comment
Share on other sites

I applaud what they are doing.

 

To be fair, their hack of Sony Entertainment or whatever was to show how laughable their security was, hopefully more companies start taking security seriously and not doing [developmentally delayed]ed [cabbage] like keeping passwords in a plain text file.

If they actually want to do it to help the companies, they'd keep it private: do the hacking and then contact the company saying, "Look what I did. Up your security." Reading the quote above, it really sounds like they're just doing it for fun, because they can, and to see how much they can get away with.

Oh please, people have been doing that for decades, even being arrested for helping out the companies in these ways. The fact that people still store passwords in a plain text file show that being discreet does not work. If discretion doesn't work then your best bet is the other extreme, as vocal and obvious as possible. If people can gain access to my information like that I want to be informed. Especially since there have been cases where companies haven't acted out on the information given to them for months, as I discovered as part of an assignment for TAFE.

If their intent was actually to help the companies - fine. But I think it's pretty clear from the quotes that they're doing it for stupid "look at what we can do and get away with" reasons. It doesn't seem like they're trying to help anyone. They just want to show off and piss people off.

Posted Image

 

- 99 fletching | 99 thieving | 99 construction | 99 herblore | 99 smithing | 99 woodcutting -

- 99 runecrafting - 99 prayer - 125 combat - 95 farming -

- Blog - DeviantART - Book Reviews & Blog

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.