Not even a nonprofit that works with the FBI on cybersecurity issues is safe from hackers.
Not even in metro Atlanta, which is home to more than 150 online security companies and a university that researches modern cyberattacks.
More than 180 members of the Atlanta chapter of InfraGard found that out when their usernames and passwords were published online last Friday, part of a cyberattack on InfraGard's website by a hacker group known as LulzSec. The information ended up on Twitter and other parts of the Internet. Any of the members who used their passwords for other accounts such as gmail and Linkedin found those accounts hacked as well.
"The idea that (Internet) sites will be secure, we're realizing that that is a goal that we're never going to win," said Jon Giffin, an assistant computer science professor at Georgia Tech.
It probably didn't help that many of the InfraGard passwords were common words, including "simplepass," "prince" and "dingbats."
Passwords instead should be a long combination of upper and lowercase letters, numbers and at least one symbol. Each one should be different for each bank, email and social media account.
"A true password is something that would make sense to no one but yourself," said Todd Feinman, CEO of New York-based internet security company Identity Finder.
InfraGard is a volunteer group that works with the FBI and other law-enforcement agencies. Anyone can join the group. Chapters hold regular meetings to discuss threats to security, which includes cybersecurity, water, utility and transportation.
InfraGard's main website refers to the group as an FBI program that started in the agency’s Cleveland field office in 1996. The website is not owned, operated or maintained by the FBI.
"I don't know why they targeted us," said Paul Farley, president of the InfraGard Atlanta Members Alliance. LulzSec is a shadowy but audacious group that has also hacked Sony, PBS and others.
Farley said he shut down the site, emailed members to explain what had happened and urged them to change their passwords to all of their accounts.
The group of hackers that compromised InfraGard's site is the same one that took over Sony's gaining access to more than 1 million passwords. The people behind LulzSec may not use the passwords themselves, but the hackers will post the information online for everyone else to see.
"People may not care that their Sony account got hacked, but then it ends up that their banking account got hacked," Giffin said.
About the Author
