FBI Partner InfraGard Hacked, Passwords Stolen, LulzSec Claims Credit

By RAPHAEL G. SATTER 06/ 5/11 08:03 PM ET Associated Press

React

share this story

Get Technology Alerts

Submit this story

LONDON -- Nearly 180 passwords belonging to members of an Atlanta-based FBI partner organization have been stolen and leaked to the Internet, the group confirmed Sunday.

The logins belonged to members of the local chapter of InfraGard, a public-private partnership devoted to sharing information about threats to U.S. physical and Internet infrastructure, the chapter's president told The Associated Press.

"Someone did compromise the website," InfraGard Atlanta Members Alliance President Paul Farley said in a brief email exchange. "We do not at this time know how the attack occurred or the method used to reveal the passwords."

Copies of the passwords – which appear to include users from the U.S. Army, cybersecurity organizations and major communications companies – were posted to the Internet by online hacking collective Lulz Security, which has claimed credit for a string of attacks in the past week.

In a statement, Lulz Security also claimed to have used one of the passwords to steal nearly 1,000 work and personal emails from the chief executive of Wilmington, Delaware-based Unveillance LLC.

Lulz Security claimed it was acting in response to a recent report that the Pentagon was considering whether to classify some cyberattacks as acts of war.

The FBI said Sunday that it was aware of the incident and that steps were being taken to mitigate the damage. Farley said InfraGard's website had been taken down and that members had been advised to change their passwords and beware of further attacks.

Farley added that his group – a volunteer organization – had had no previous involvement with Lulz Security, which describes itself as a collective of hackers who attack weakly-protected websites for fun. Lulz is a reference to Internetspeak for "laugh out loud."

The collective appears to have had a busy week.

Earlier Sunday, Nintendo said it had been targeted in a recent online data attack claimed by Lulz Security. Nintendo said no personal or company information was lost.

On Thursday, Lulz Security boasted of a major breach which saw as many as tens of thousands of Sony users' details posted to the Internet.

The group has also claimed credit for defacing the PBS website after the public television broadcaster aired a documentary seen as critical of WikiLeaks founder Julian Assange.

Emails and other messages seeking comment from the group over the past few days have gone unanswered, although it maintains an active presence on microblogging site Twitter, where it taunts its opponents and promises more hacks.

___

Online:

Array

FOLLOW HUFFPOST TECH

Facebook:

71k

Twitter:

Get Alerts

CONTRIBUTE

TO THIS STORY

Comments
102
Pending Comments
0
View FAQ

Comments are closed for this entry

View All

Favorites

Recency |

Popularity

Page: 1 2 3 Next › Last » (3 total)

This user has chosen to opt out of the Badges program

nobody special

99 Fans

12:59 AM on 06/14/2011

The purpose of InfraGard is to disseminate info given to it by the FBI or CIA on possible security threats to local community leaders. Its members include not only local government and law enforcement groups, but also private companies and corporations.

The problem is who decides who gets the info? There's a real potential for abuse by members who have a political agenda or an axe to grind with someone not privy to the same data.

Permalink | Share it

HUFFPOST SUPER USER

KarlaElisa

The atmosphere is Toxic

869 Fans

04:26 PM on 06/11/2011

http://www.youtube.com/watch?v=dqYEp4OQUBI

The music LulzSec schemes to...absolutely perfect plan hatching tune.

04:00 PM on 06/11/2011

fun stuff.

cabinetmaniac

Think for yourself. Question authority.

1353 Fans

10:33 AM on 06/07/2011

"InfraGard, a public-private partnership devoted to sharing information about threats to U.S. physical and Internet infrastructure,"

InfraGard is now the poster child for threats to the internet infrastructure. They've had their covers pulled.

They obviously are incompetent and should have any contracts immediately revoked.

:-]

POPE INNOCENT

54 Fans

10:23 AM on 06/07/2011

BUDGET CUTS AND FORCED DEPOPULATION!
KILL A PRIVATE SECURITY CONTRACTOR TODAY!

catchy phrase you have there. i like it.

nuited

19 Fans

02:14 AM on 06/07/2011

A Trojan virus goes to the computer and if you can pay the fee you can get an instant download that will remove something that was placed on your computer by thieves. The people should go to JAIL and pay serious fines and monitored for 5-10 years. Either we send a message or they will steal the messages and strike fear on the messengers who have sworn to uphold the law ans protect our society.

zoemax

21 Fans

11:24 PM on 06/06/2011

LulzSec didn't send me here this time.

Justin Kedy

6 Fans

05:18 PM on 06/06/2011

America is really crazy we should do it
http://machahir123.blogspot.com/

bikerdude

On the left side of progressive

1458 Fans

02:51 PM on 06/06/2011

If you aren't willing and ready to hold these privateers accountable, then don't use them. The security breach has to go back to the agency involved.

02:34 PM on 06/06/2011

This is really interesting how do you get to be a "partner" with a Federal Agency? Sounds illegal to me. What, exactly, has been done to insure the integrity, honesty and loyalty of such a group? Does the legislature know about this? Hey there, Mr. Eric Holder, has this been approved by the AG's office? I don't like the smell of this...To me it's just outsourcing Federal work to a group that may or may not be dangerous...

Denisehh3

redneckislandgirl

1377 Fans

01:48 PM on 06/06/2011

Whoever did the hacking should be sought out and punished to the highest extent of the law period.......disturbing as heck that it's virtually impossible to keep the persistent hackers out........these are terrorists of a diferent breed.......

Eris23

Justice is in indefinite detention.

469 Fans

07:41 PM on 06/06/2011

Nope. Why cheapen the real crime of terrorism by comparing it to stunts like this?

IfIonlyknew

Go ahead....Say something funny.

2006 Fans

01:43 PM on 06/06/2011

The FbI has a partner group????

monkey-fish-frog

59 Fans

01:27 PM on 06/06/2011

Apparently I am naive to these things but wouldn't hacking into gvmnt agencies and even private companies and stealing info be illegal. If so, how are these people able to have Facebooks accnts and make boastful posts without the FBI going full bore to catch these people?

HUFFPOST COMMUNITY MODERATOR

J0E1

Don't blame me, I'm not a republicrat.

1262 Fans

05:49 PM on 06/06/2011

You need proof to convict someone. In court, these kids could just claim they put that stuff on facebook to look cool.

07:42 PM on 06/06/2011

It all comes down to how you connect to the net. If it's not through an access point that is owned by your name, it makes the identities of people quite difficult to determine.

MyShinyTinFoilHat

8 Fans

01:16 PM on 06/06/2011

Who cares, they should move on.

Stephen a Fazekas

239 Fans

12:58 PM on 06/06/2011

Good what thier hacking revealed is that FBI and CIA are infecting computers worldwide including ones in the US to take them over and use them as BOT nets to attack other countries IT infrastructure.
If your computer or internet is running slow odds are its been infected with a virus and turned into a part of the bot net. Yes the FBI and CIA dont do this directly they hire third party companies to do this.
They even got a member of the group trying to recruit LULZ security to commit cyber attacks against companies he doesnt like

02:38 PM on 06/06/2011

Someone will be calling you very soon, Stevie...Don't leave the country...

06:28 PM on 06/06/2011

LOL If they are reading this
Dear CIA/FBI theres a few simple rules for running clandestine operations that have been known since well the beginning of time,
Rule 1) DON'T GET CAUGHT
Rule 2) DON"T GET CAUGHT
Rule 3) DON'T GET CAUGHT
Rule 4) Repeat rules 1-3 until it sticks in your brain

There are More Comments on this Thread. Click Here To See them All

06:35 PM on 06/06/2011

Oh and Dear FBI/CIA/NSA/Military Intelligence "which is a massive oxymoron" as my father says after doing less than public-ally acknowledged operations"
Dont use the same password for every single account you have.
If i worked at a job like this where national security was on the line id have half a dozen passwords. The best passwords are not DOB or phone numbers or your dogs name.
Pull out a book of quotes and pick a few fav quotes and now use that quote as a password, hell even with 48 characters or more not even the NSA could break it Remember dont use spaces just use a alpha numeral like @#%^&* instead of a space.
you dont remember them its called keep the book on your desk and highlight them or even tape them to your monitor odds are no one would ever pick up that quote as a password and just think your ones of those people who feel compelled to tape quotes to random things through out the office