In a self-titled hack attack called "F**k FBI Friday" the hacking group known as LulzSec has published details on users and associates of the non-profit organization known as Infragard.
Infragard is a non-profit focused on being an interface between the private sector and individuals with the FBI. LulzSec published 180 usernames, hashed passwords, plain text passwords, real names and email addresses.
According to Chester Wisniewski, senior security sdvisor at Sophos Canada, " Considering LulzSec was able to decrypt them it would imply that the hashes were not salted, or that the salt used was stored in an insecure manner."
Wisniewski added that not all of the users passwords were cracked. Apparently, these users likely used passwords of reasonable complexity and length.
In addition to stealing data from Infragard, LulzSec also defaced their website with a joke YouTube video and the text "LET IT FLOW YOU STUPID FBI BATTLESHIPS" in a window titled "NATO - National Agency of Tiny Origamis LOL".
Aside from defacing their site and stealing their user database, they tested out the users and passwords against other services and discovered many of the members were reusing passwords on other sites - an violation of FBI/Infragard guidelines.
LulzSec singled out one of these users, Karim Hijazi, who used his Infragard password for both his personal and corporate Gmail accounts according to the hackers.
They've published a BitTorrent with what they claim are nearly 1000 of Hijazi's corporate emails and a IRC chat transcript that proclaims to be a conversation they had with him.
They also disclosed a list of personal information including his home address, mobile phone and other details.
In the meantime, Sony Pictures Entertainment has confirmed that LulzSec was behind the recent attack against the company
"The cybercrime wave that has affected Sony companies and a number of government agencies, businesses and individuals in recent months has hit Sony Pictures as well. Yesterday (June 2) afternoon a group of criminal hackers known as "LulzSec" claimed to have breached some of our websites," said Michael Lynton, Chairman and Chief Executive Officer, and Amy Pascal, Co-Chairman, Sony Pictures Entertainment.
"We have confirmed that a breach has occurred and have taken action to protect against further intrusion. A respected team of outside experts is conducting a forensic analysis of the attack," Sony's execs added.
Sony has also contacted the U.S. Federal Bureau of Investigation and are working with them to assist in the identification of those responsible for the latest attack.