Infragard Atlanta, an FBI affiliate, hacked by LulzSec

Discussion in 'privacy problems' started by PJC, Jun 4, 2011.

Thread Status:
Not open for further replies.
  1. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
  2. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    I heard a radio discussion on these many hacks, with one expressing surprise at apparant levels of usage of plain 'ol "easy" g-mail, and I had been thinking the same myself, given it's established levels of privacy. Do even the FBI use GMail..no!! yes?? :D
     
  3. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    From what I heard the FBI; NSA; uses a bunch of $6000 Cisco Routers.
     
  4. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Just as with the HBGary drama, someone who should have know better (think CEO of specialized security firm) was using the same password all over the place.
    (According to the Sophos linked article, the pw wasn't long nor complex...:rolleyes:)
    The same password for his Infragard account was used aswell for his private and work Gmailaccounts.
    So, this turned this particular hack into another drama; read about CEO 'Karim Hijazi', head of Unveillance (specialized in analyzing/stopping botnets) and his nasty weekend due to LulzSec.
    Heise Onlline article link.

    LulzSec has posted their view on this particular whitehat/blackhat soapseries episode on Pastebin; link.
     
    Last edited: Jun 5, 2011
  5. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    HBGary wasn't just the one guy. The guy in charge of the emails had a weak account as well plus the weak CMS they were running without updating the exploits. But the major damage was done right at the end. They had two passwords one is correct others not and they had access to one guys email account. So they did a bit of social engineering. But lol this

    GREG not knowing his own usernameo_O
     
  6. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    True, there was a bit more involved at HBGary than just one pw.
    Indeed, lol that. No alarm bells going off? Not one?

    Hello, I'm your colleague Bill...
    -Bill? You mean 'Bob'?
    Yes, I'm your colleague Bob. Bob...erm...White.
    -Bob White? You mean 'Bob Black'?
    Exactly, I'm your colleague Bob Black. Now send me the root password.
    -OK, sent...

    :rolleyes:
    (Just paraphrasing a bit o/c...;))
     
    Last edited: Jun 16, 2011
  7. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    Just shows the power of a email account. How many companies do get nailed by a hacked email. But do we look in vulnerabilities in the mail providors after it happened? No. I mean google dont want to let you access your own mail account with cookies on. You click on the wrong mail your cookies get ripped. What then? Your password and username
     
Thread Status:
Not open for further replies.