The hacker group known as Lulz Security has reportedly pwned an FBI-affiliated website in retaliation for a recent U.S. DoD strategic report classifying cyber sabotage as an act of war.
According to an official communiqué, Lulz breached the digital security perimeter surrounding the Atlanta chapter of Infragard, took complete control of the site, defaced it and leaked the local user base.
“While not very many logins (around 180), we’d like to take the time to point out that all of them are affiliated with the FBI in some way,” the group explained.
“Most of them reuse their passwords in other places, which is heavily frowned upon in the FBI/Infragard handbook and generally everywhere else too.”
Indeed, Infragard employee Karim Hijazi apparently recycled his work password for two external e-mail accounts – allowing digital infiltrators to easily break into Unveillance, a whitehat company specializing in data security and botnets.
“Unveillance was compromised because of Karim’s incompetence. We stole all of his personal emails and his company emails. We also briefly took over, among other things, their servers and their botnet control panel. After doing so, we contacted Karim and told him what we did.
“After a few discussions, he offered to pay us to eliminate his competitors through illegal hacking means in return for our silence. Karim, a member of an FBI-related website, was willing to give us money and inside info in order to destroy his opponents in the whitehat world. We even discussed plans for him to give us insider botnet information.”
During the brief cyber foray, Lulz also managed to obtain documents pertaining to an alleged operation orchestrated by Unveillance and others to “control and assess” Libyan cyberspace through malicious means.
“The U.S. government is funding the CSFI to attack Libya’s cyber infrastructure. You [can] find the emails of all 23 people involved in the emails,” claimed Lulz.
“[In addition], Unveillance was involved in a scheme where they paid an Indian registrar $2,000 to receive 100 domains a month that may be deemed as botnet C&Cs. [All are] shameful ploys by supposed ‘whitehats.’ [Yes], we accept your threats NATO. Game on, losers.”