The personal information of over 1,000 Canadian cellphone users has been posted online after being attained by a hacker in a cyber attack.
The phone numbers, service providers, and cellphone models from Virgin Mobile has been posted online by a hacker known as KrioXis, although there are apparent ties to well known 'hacktivist' groups Lulzsec and Anonymous. The news of the information dump was posted on the Twitter page of Anonymous Operations.
As well, KrioXis has released a statement via Pastebin, a web application that allows users to upload text for public viewing:
"Why should we be stopped from posting this information? The 'secure' firms you give your information too should be the ones who the police approach not us. Even more so after SOME of them "guranntee" your information "isn't stored", and if it is then it is "secure".
"So much for customer relations, so much for customer care if companies really did what they said on the tin groups like ourselves would never exist."
Speaking to Digital Journal, the hacker says there was no set target in mind.
"Virgin was never a target. It was purely accident that it was stumbled upon. We were [to be honest], scared of going near it, but our mission is to make things more secure. It wasn't even on a Virgin database. It was on a hosting [database], which was the weirdest thing."
On the motives of the hack, KrioXis said:
"Our motto is not to leak any information, however we gave the file to [Anonymous] to do with it what they will. There is more information we are compiling that no one else knows about that will be sent to Virgin in due course, containing info on how the [database] was infiltrated and what information was accessible, then it will be wiped. There is so much info i have gained already and have already begun communicating with companies involved."
Posting passwords to accounts however, which Lulzsec did two weeks ago when it leaked the login info to several pornography websites, is not in the interests of KrioXis:
"As stated in a few of my tweets, we will never reveal passwords. That is truly personal, and the method of entrance will never be shared either. Any sensitive information that is used as proof will be heavily blurred and distorted.
"We think of ourselves as ethical hackers to help build better security systems. We can be classed as a public friend, not foe. We infiltrate systems to show it is possible to companies, then are willing to help with building better systems."
Virgin did not return requests for comment.
Of the over 1200 numbers posted, many appear to be Virgin Mobile customers from the Greater Toronto Area, although there are other numbers listed from Canadian service providers Rogers, Koodo, and Solo Mobile. There are also numbers on the list from Quebec, New Brunswick, and Nova Scotia.
This leak of data is the latest attack in 'Operation Anti-Security' or 'Anti-Sec', launched by Lulzsec over the weekend. The attacks, in conjunction with fellow hacker group Anonymous, have seen numerous government websites, including the pages of the Brazilian government, the British Serious Organised Crimes Agency and the website of Italian Minister of Public Administration and Innovation Renato Brunetta, among others.
In a statement posted on Pastebin, Lulzsec explained the reasoning behind 'Anti-Sec':
"As we're aware, the government and whitehat security terrorists across the world continue to dominate and control our Internet ocean. Sitting pretty on cargo bays full of corrupt booty, they think it's acceptable to condition and enslave all vessels in sight. Our Lulz Lizard battle fleet is now declaring immediate and unremitting war on the freedom-snatching moderators of 2011.
"Welcome to Operation Anti-Security (#AntiSec) - we encourage any vessel, large or small, to open fire on any government or agency that crosses their path."