The hacking group, whose tagline is “laughing at your security since 2011,” said in a news release Friday that it broke into infragardatlanta.org, took “complete control,” and defaced the site. Further, the group posted online the names, email addresses, usernames and cracked passwords of the site's 180 members.
The data appears to include the credentials of users from multiple cybersecurity firms, Georgia state government and educational institutions, the U.S. Army and major telecommunications companies.
LulzSec said it targeted the FBI-affiliated InfraGard, a public-private partnership that aims to share information about cyberthreats, in response to a report that the Obama administration was considering classifying hacking as an act of war.
As of Monday, the InfraGard Atlanta website was not accessible. A message on the site noted that it was “under construction.” InfraGard and the FBI in Atlanta did not immediately respond to emails from SCMagazineUS.com on Monday.
LulzSec singled out InfraGard member Karim Hijazi, CEO of Unveillance, a Wilmington, Del.-based botnet monitoring service provider, in an effort to “expose the corruption of white hats,” according to the group's statement.
The hacking collective said it used Hijazi's InfraGard password to access his personal and work Gmail accounts and briefly take over his firm's servers and botnet control panel.
“After doing so, we contacted Karim and told him what we did,” the group said in its statement. “After a few discussions, he offered to pay us to eliminate his competitors through illegal hacking means in return for our silence.”
But, in a statement released Friday, Hijazi said he was the target of an extortion attempt by LulzSec members.
“Plain and simple, I refused to comply with their demands,” Hijazi said. “Because of this, they followed through in their threats – and attacked me, my business and my personal reputation.”
The hacker contingent has posted its chat logs with Hijazi, along with nearly 1,000 of his personal and work emails.
LulzSec has been particularly active over the past week. Members of the group used a zero-day vulnerability in a blog software program to break into servers belonging to PBS.org. Three days later, they compromised the personal information of more than one million users of SonyPictures.com.
In addition, the group hacked a server belonging to Nintendo but didn't make off with any personal information. The group actually has expressed its appreciation of the video game giant, according to a tweet.