Hackers Discover Government Employees Watch Porn

[InfoSec News <alerts () infosecnews org>]

http://www.theatlanticwire.com/technology/2012/03/hackers-discover-government-employees-watch-porn/49818/

By Adam Clark Estes
The Atlantic Wire
March 13, 2012

A group of hackers calling themselves Th3 Consortium and claiming to be 
affiliated with Anonymous and LulzSec broke into yet 
DigitalPlaground.com, the third porn site it's hacked in as many weeks, 
stealing 72,000 passwords and 40,000 credit card numbers. All three porn 
sites Th3 Consortium has targeted are owned by Luxembourg-based Manwin: 
Brazzers got hit in mid-February -- 350,000 usernames and passwords were 
stolen -- and then came a major hack at YouPorn -- a million usernames 
and passwords were compromised. But the porn network does not seem to be 
the real target of the attack: the hackers seem most interested in 
embarrassing government employees who used their official email 
addresses (for some reason?) to register for a porn site. Foolish 
government employees beware.

As AVN.com reports, "According to Th3Consortium, it hacked 27 admins’ 
names, usernames, e-mail addresses, and encrypted passwords; 85 
affiliates’ usernames, plaintext passwords, and in some cases, IP 
addresses; and 82 .gov and .mil e-mail addresses with corresponding 
plaintext passwords."

"And of course as this is a porn site," Th3 Consortium bragged in their 
release about the attack, "there was no shortage of .mil and .gov emails 
in their user list." The hackers' taunting of government employees could 
be nothing more than taunting. Those who have seen the data say that 
there are only a few dozen on the list.

But the hackers seem to share the view that catching government 
employees engaged in naughty online behavior -- whether it's watching 
porn or illegally downloading movies -- it refutes the calls for more 
aggressive enforcement of copyright laws. Fresh out of jail, Megaupload 
founder Kim Dotcom sounded ready for some blackmail when he told 
TorrentFreak in an interview, "Guess what -- we found a large number of 
Mega accounts from US Government officials including the Department of 
Justice and the US Senate." And we're not just talking about usernames 
and passwords in MegaUpload's case. It's terrabytes of actual files. 
Luckily for these public officials, the government has control of that 
data for the time being.

[...]

______________________________________________________________________________
ISSMP, CISSP, and Certified Ethical Hacker training with Expanding Security
gives the best training and support.  Get a free live class invite weekly.
Best program, best price. http://www.ExpandingSecurity.com/PainPill