FBI mum on hacker attack on Conn. affiliate

Silence may be to stem publicity

By Stephen Dockery
Associated Press / June 24, 2011

E-mail this article

Invalid E-mail address
Invalid E-mail address

Sending your article

Your article has been sent.

Text size +

HARTFORD — Days after hackers claimed to compromise more than 1,000 accounts of an FBI affiliate in Connecticut, authorities have yet to release any details about the extent of damage to the organization, which counts large businesses and state agencies among its members.

Web security specialists say the silence is probably calculated to avoid giving any credit to hackers that thrive on limelight and to reduce the risk of any further exposure.

“You don’t want to pump up the attacker,’’ said Dave Marcus, director of security research at McAfee Labs, an Internet security company in Santa Clara, Calif. “When you’re a big brand and you’re already a target, you certainly don’t want to give them any more press than is necessary.’’

A collective of anonymous hackers known as Lulz Security — the same outfit that said it was behind a breach that compromised millions of user accounts at Sony Corp. in April — claimed credit for the attack on the Connecticut chapter of InfraGard, an FBI partner organization that shares information among the agency and state organizations.

FBI officials in Connecticut and Washington, D.C., have declined to comment beyond confirming an attack that prompted a shutdown of the website as a precaution.

Robert Kenny, the president of InfraGard Connecticut, also refused to describe the extent of any damage. He said the website had limited information about members but did not provide further details.

In one hint of the potential exposure, Lulz claimed via Twitter that passwords stolen from InfraGard allowed them to take control of RECOL, a Branford, Conn., Internet provider. The company declined to comment.

InfraGard is an association of businesses, academic institutions, and law enforcement agencies dedicated to sharing information to prevent hostile acts against the United States, according to its website.

Business representatives who participate get access to security information from government sources such as the FBI and Department of Homeland Security and can participate in discussions with others in the IT-security field.

Hackers also stole 180 passwords from members of InfraGard’s Atlanta chapter in an attack earlier this month. Lulz released those passwords online for anyone to see.

No such data has been released from the Connecticut attack, although Lulz said recently they would release a payload of information from their leaks and breaches today.

In addition to the breach of Sony’s PlayStation Network, the hackers say they are responsible for attacks on government websites in Brazil, the CIA website, and the US Senate computer system.

Organizations sometimes wait to talk about security events until after they have fixed their issues, Marcus said. Statements from organizations that have been breached can open them up to more attacks.

The hackers, in contrast, have not been shy to boast of their exploits. Lulz has taken credit for defacing the PBS website after it aired a documentary seen as critical of WikiLeaks founder Julian Assange, and a manifesto released by the group earlier this week called for a united hacker war and encouraged “any vessel, large or small, to open fire on any government or agency that crosses their path.’’