http://www.nextgov.com/nextgov/ng_20111229_4856.php By Aliya Sternstein NextGov.com 12/29/2011 Recent and future government victims of the hacker collective Anonymous may want to stop using agency passwords on nonwork websites, say officials with the Arizona Department of Public Safety, which learned that lesson the hard way. During the weekend, hacker activists purportedly from Anonymous leaked the apparent passwords and some credit card data of federal subscribers to intelligence publisher Stratfor, according to the attackers' online messages. It is unclear whether the clients, whose government email addresses also were revealed, were using any of the passwords for federal government systems. But in Arizona, Anonymous allegedly unlocked state government systems by stealing and reusing the passwords officers used to access their personal email accounts and nonwork websites, said Officer Carrick Cook, spokesman for the police department. "People were using the same password for a lot of different things," he said. "Cops are kind of silly when it comes to that and using the same password twice." A former Anonymous member said some of the functioning passwords came from pornography websites. Jennifer Emick, who became a security consultant after abandoning the group's antics, said the police had registered on the elicit sites using their government e-mail addresses and government passwords. The attackers, who either operated the porn sites or hacked them, entered the customers' passwords into their corresponding government accounts to see if that would open department databases, she said. It worked, current Anonymous members confirmed. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Fri Dec 30 2011 - 01:56:46 PST
This archive was generated by hypermail 2.2.0 : Fri Dec 30 2011 - 01:51:37 PST