Exclusive: CEO says hackers tried to extort data, money | InSecurity Complex – CNET News
Karim Hijazi knew his nightmare was just beginning when he saw that a mysterious e-mail had arrived in his inbox at 3 a.m. on May 26 that included his e-mail password and the subject line “Let us talk.”
That would mark the beginning of a weeklong saga of e-mail exchanges and Internet Relay Chat (IRC) discussions in which Hijazi says a group of hackers told him they wouldn’t publicly divulge information they had gotten from snooping on his accounts if he revealed sensitive security information acquired by the botnet-tracking firm, Unveillance, that he launched last year. The hackers, who call themselves LulzSec, wanted to know the whereabouts of compromised computers on the Internet that when remotely controlled are used en masse to attack Web sites, he told CNET in an exclusive phone interview late last night.
Hacking victim Hijazi says LulzSec hackers tried to extort money and information out of him, as evidenced by this excerpt he provided of a chat log. Click to enlarge.
(Credit: Karim Hijazi)
When he refused, LulzSec went public with his data, Hijazi says, posting his personal contact information, e-mails, and chat logs for download online yesterday as part of a campaign to embarrass the FBI and its InfraGard partner. The group had hacked the Web site of InfraGard Atlanta and grabbed usernames and passwords for about 180 members, including Hijazi. Because Hijazi had used the same password on the InfraGard site that he used on his personal Gmail account and his corporate Google Apps account, the hackers were easily able to spy on his personal and business activities.
Hijazi contacted the FBI right after that first LulzSec e-mail and said he plans to prosecute if he can.
“They had me under the gun for a little over a week with threats and extortion,” said Hijazi, chief executive of Unveillance. “The very nature of having to contend with someone who is holding something ransom is not pleasant.”
Another excerpt from chat logs provided by Hijazi. Click to enlarge.
(Credit: Karim Hijazi)
“I don’t believe it will impact our organization; it just sucks for my family and me,” he said when asked whether his business would suffer as a result of the incident.
The first signs that something was amiss in Hijazi’s world were suspicious activities related to Unveillance’s corporate network that started about a week before he was contacted by the hackers. Someone kept repeatedly trying to sneak into the network using a VPN (virtual private network) tunneling tool called iPredator designed to let people traverse the Web anonymously.