Unveillance faces troubled waters in the wake of LulzSec visit


Steve Ragan


In response to the news that the U.S. government wants to view hacking as an act of war, the group responsible for attacks on Sony and PBS targeted the Atlanta chapter of InfraGard, a security association that works with the FBI.

The aftermath of LulzSec docking their ship in InfraGuard's port has resulted in accusations of corruption against data intelligence and metrics firm Unveillance.

The attack on InfraGard resulted in the public posting of nearly 200 usernames and passwords for those who joined the Atlanta chapter. However, those passwords are what led to the mini-HBGary Federal incident, which has recently tossed Unveillance and its founder, Karim Hijazi, onto the public stage.

At the time this story was published the Atlanta InfraGard website was offline.

Speaking about the InfraGard breach, LulzSec commented that most of the names on the leaked list reuse passwords, "...which is heavily frowned upon in the FBI/InfraGard handbook and generally everywhere else too."

"One of them, Karim Hijazi, used his InfraGard password for his personal GMail, and the GMail of the company he owns. 'Unveillance', a whitehat company that specializes in data breaches and botnets, was compromised because of Karim's incompetence. We stole all of his personal emails and his company emails. We also briefly took over, among other things, their servers and their botnet control panel."

The leaked emails, nearly a thousand of them in all, are a mix of personal and business related messages. However, there is more to this story, thanks to chat logs released by Hijazi and LulzSec.

In a statement, Hijazi said that over the last two weeks, he was contacted by several members of LulzSec, who made threats against him and his company in order to obtain money as well as sensitive data.

"In spite of these threats, I refused to pay off LulzSec or to supply them with access to this sensitive botnet information. Had we agreed to provide this data to them, LulzSec would have been able to grow the size and scope of their DDoS attack and fraud capabilities. Plain and simple, I refused to comply with their demands. Because of this, they followed through in their threats – and attacked me, my business and my personal reputation," the statement explained.

Along with his comments, Hijazi published chat logs from an IRC conversation, which show LulzSec members attempting to extort him. You can read the statement and the chat logs here.

Not willing to back down, LulzSec published chat logs of their own, from a conversation held less than a day after the extortion chat between them and Hijazi.
Part of the Unveillance drama is that LulzSec has accused Hijazi of handing information over to the Cyber Security Forum Initiative (CSFI), in order to help them attack Libya's cyber infrastructure.

The LulzSec logs show Hijazi commenting that he regretted sending information to CSFI, but that he did so because he was in marketing mode at the time due to the fact that he was "truly starving".

"That CSFI is odd. They took my data and ran," Hijazi said when asked about his relationship with CSFI in the chat logs, "I don't know their intent. [If] it was what you referred to, I regret giving them data..."

In a statement LulzSec said that they were never going to extort anything from Hijazi.

"We were simply going to pressure you into a position where you could be willing to give us money for our silence, and then expose you publicly... Karim, founder of Unveillance, attempted from the start to work with us for his own gain, and he even offered us payment for certain 'tasks'. These tasks, hardly subtle at this point, were those of a malicious nature; destroying Karim's competitors through insider info and holes Karim would supply us."

The LulzSec chat logs and response to the Unveillance statement are here and here.

We've reached out to Hijazi for additional comment on the LulzSec chat logs. We'll update this story with any new information.

main page ATTRITION feedback