Discussion in 'privacy problems' started by PJC, Jun 4, 2011.
Infragard Atlanta, an FBI affiliate, hacked by LulzSec
I heard a radio discussion on these many hacks, with one expressing surprise at apparant levels of usage of plain 'ol "easy" g-mail, and I had been thinking the same myself, given it's established levels of privacy. Do even the FBI use GMail..no!! yes??
From what I heard the FBI; NSA; uses a bunch of $6000 Cisco Routers.
Just as with the HBGary drama, someone who should have know better (think CEO of specialized security firm) was using the same password all over the place.
(According to the Sophos linked article, the pw wasn't long nor complex...)
The same password for his Infragard account was used aswell for his private and work Gmailaccounts.
So, this turned this particular hack into another drama; read about CEO 'Karim Hijazi', head of Unveillance (specialized in analyzing/stopping botnets) and his nasty weekend due to LulzSec.
Heise Onlline article link.
LulzSec has posted their view on this particular whitehat/blackhat soapseries episode on Pastebin; link.
HBGary wasn't just the one guy. The guy in charge of the emails had a weak account as well plus the weak CMS they were running without updating the exploits. But the major damage was done right at the end. They had two passwords one is correct others not and they had access to one guys email account. So they did a bit of social engineering. But lol this
GREG not knowing his own username
True, there was a bit more involved at HBGary than just one pw.
Indeed, lol that. No alarm bells going off? Not one?
Hello, I'm your colleague Bill...
-Bill? You mean 'Bob'?
Yes, I'm your colleague Bob. Bob...erm...White.
-Bob White? You mean 'Bob Black'?
Exactly, I'm your colleague Bob Black. Now send me the root password.
(Just paraphrasing a bit o/c...)
Just shows the power of a email account. How many companies do get nailed by a hacked email. But do we look in vulnerabilities in the mail providors after it happened? No. I mean google dont want to let you access your own mail account with cookies on. You click on the wrong mail your cookies get ripped. What then? Your password and username
Separate names with a comma.