The hacker group AntiSec has released a 1GB cache of stolen documents from two organizations with ties to U.S. law-enforcement agencies. Vanguard Defense Industries manufactures an unmanned aerial system called ShadowHawk for law enforcement and security in the private sector, while InfraGard is a partnership between the FBI, businesses, academic institutions, and law-enforcement agencies.
The e-mails posted by hacktivists on Friday reportedly belong to Vanguard Senior Vice President Richard Garcia, who AntiSec said previously worked for the FBI and Shell Oil, according to the group's Pastebin posting.
"Richard T. Garcia is also an executive board member of InfraGard, a sinister alliance of law enforcement, military and private security contractors dedicated to protecting the infrastructure of the very systems we aim to destroy," AntiSec wrote. "It is our pleasure to make a mockery of InfraGard for the third time, once again dumping their internal meeting notes, membership rosters, and other private business matters."
Violating Corporate Policy
Vanguard has been working with the FBI on this security breach since Monday, when AntiSec initially claimed to have hacked into the company's servers, noted Vanguard CEO Michael Buscher in a telephone interview on Friday.
"Obviously we took the claim seriously [when AntiSec] claimed to have taken sensitive data from our web site, which the hackers said they would post today," Buscher said. "Working with the FBI and Europe's cybercrime center, we had forensics done on our terminal."
The forensics determined that "it was Mr. Garcia's personal Gmail account that had been breached, not the VDI servers," Buscher explained. Though Garcia had forwarded some documents from VDI to his personal Gmail account, most of the materials released by AntiSec primarily pertain to the work Garcia does for InfraGard, he added.
"Employees are prohibited from placing any materials related to VDI on e-mail or social-networking sites," Buscher said. "As he is one of our employees, we talked to Mr. Garcia about this."
A Simple Password Vulnerability
Buscher confirmed the AntiSec report that several of the company's ShadowHawk drones are patrolling waters off the coast of East Africa to thwart maritime piracy on behalf of a client from the oil and gas exploration industry. Before the end of 2011, Buscher said, the company's unmanned drones will be "conducting antipiracy activities all the way from the tip of the Horn of Africa to southern Mozambique."
Buscher also confirmed AntiSec's claim that at least one ShadowHawk is destined for deployment within the United States. Montgomery County, Texas, received a Department of Homeland Security grant in April to purchase a ShadowHawk for local law enforcement.
One of that drone's activities will be to conduct anti-narcotics surveillance, Buscher noted. However, an even more important use will be to aid search-and-rescue efforts in the area, since the drones have thermal detectors and can find someone who is lost and report their location coordinates, he said.
The cache released by AntiSec reportedly includes internal meeting notes and contracts, schematics, nondisclosure agreements, personal information about other VDI employees, and several dozen counterterrorism documents classified as "law enforcement sensitive" and "for official use only." However, all this material appears to have come from Garcia's personal account.
"Mr. Garcia did not bother to change any of his many passwords found in his spool at the time of this release," AntiSec said.