FBI partner passwords stolen in cyberattack
Altanta-based InfraGard shares info about threats to internet infrastructure
Nearly 180 passwords belonging to members of an Atlanta-based FBI partner organization have been stolen and leaked to the internet, the group confirmed Sunday.
The logins belonged to members of the local chapter of InfraGard, a public-private partnership devoted to sharing information about threats to U.S. physical and internet infrastructure, the chapter's president told The Associated Press.
"Someone did compromise the website," InfraGard Atlanta Members Alliance President Paul Farley said in a brief email exchange. "We do not at this time know how the attack occurred or the method used to reveal the passwords."
Copies of the passwords — which appear to include users from the U.S. Army, cybersecurity organizations and major communications companies — were posted to the internet by online hacking collective Lulz Security, which has claimed credit for a string of attacks in the past week.
In a statement, Lulz Security also claimed to have used one of the passwords to steal nearly 1,000 work and personal emails from the chief executive of Wilmington, Delaware-based Unveillance LLC.
Lulz Security claimed it was acting in response to a recent report that the Pentagon was considering whether to classify some cyberattacks as acts of war.
The FBI said Sunday that it was aware of the incident and that steps were being taken to mitigate the damage. Farley said InfraGard's website had been taken down and that members had been advised to change their passwords and beware of further attacks.
Farley added that his group — a volunteer organization — had had no previous involvement with Lulz Security, which describes itself as a collective of hackers who attack weakly-protected websites for fun. Lulz is a reference to Internetspeak for "laugh out loud."
The collective appears to have had a busy week.
Earlier Sunday, Nintendo said it had been targeted in a recent online data attack claimed by Lulz Security. Nintendo said no personal or company information was lost.
On Thursday, Lulz Security boasted of a major breach which saw as many as tens of thousands of Sony users' details posted to the Internet.
The group has also claimed credit for defacing the PBS website after the public television broadcaster aired a documentary seen as critical of WikiLeaks founder Julian Assange.
Emails and other messages seeking comment from the group over the past few days have gone unanswered, although it maintains an active presence on microblogging site Twitter, where it taunts its opponents and promises more hacks.