Security and high profile sites get 'pwned'

Nigerian scams, chain letters, pyramid schemes and anything not auction related.
Post Reply
User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Security and high profile sites get 'pwned'

Post by Foggyone » Wed Feb 09, 2011 6:32 pm

ADMIN NOTE:
The posts in this thread were split from the NSA spying thread on 19 January 2014 - so the "views" counter will only
reflect viewing numbers from that date.
Interesting article here.

Includes a declaration of war
HBGary founder Greg Hoglund has promised revenge. "We try to protect the US Government from hackers. They couldn't have chosen a worse company to pick on," he said.
This may be an interesting fight!
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Wed Feb 09, 2011 9:19 pm

Interesting story. I guess the reader's perspective will be relative to their moral position
regarding WikiLeaks release of embarrassing US government documents. And let's be real
about this... the information released by WikiLeaks so far is embarrassing to the US but
I've seen no indication that it has compromised national security. The US government's
response to date has been rather heavy-handed.

I see WikiLeaks as the good guys in that struggle, so the fact that a shady company
employed by the US Govt to infiltrate a WikiLeaks supporters group ends up being
hacked by those very same people seems just a little like natural justice to me.

For a "hi-tech" company whose motto is "Detect, Diagnose, Respond" HBGary come out
of this fiasco looking like a bunch of amateurs. There's a notice on the front page of
their website. In fact there's ONLY a front page... the rest has disappeared.
HBGary, Inc and HBGary Federal, a separate but related company, have been the victims
of an intentional criminal cyberattack. We are taking this crime seriously and are working
with federal, state, and local law enforcement authorities and redirecting internal resources
to investigate and respond appropriately. To the extent that any client information may
have been affected by this event, we will provide the affected clients with complete and
accurate information as soon as it becomes available.

Meanwhile, please be aware that any information currently in the public domain is not
reliable because the perpetrators of this offense, or people working closely with them, have
intentionally falsified certain data. HBGary, Inc and HBGary Federal are committed to a
comprehensive, accurate, and swift response to this crime.

http://www.hbgary.com/" onclick="window.open(this.href);return false;
Pwned indeed!

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

More On This Story

Post by Foggyone » Wed Feb 16, 2011 7:26 pm

Anonymous victim HBGary goes to ground
According to e-mails that Anonymous claims to have taken from HBGary's servers, the company had proposed a plan to undermine Wikileaks.
In e-mails from early January 2011, it is claimed that Mr Hoglund sent out proposals to develop a spying program, known as a rootkit, that would run on Windows-based computers.

"There isn't anything like this publicly," the proposal stated. It would be "almost impossible to remove" or detect.
I think there will be more twists and turns yet in this saga.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

How It Was Done

Post by Foggyone » Sat Feb 19, 2011 6:44 pm

Anonymous speaks: the inside story of the HBGary hack

hbgaryfederal.com site used a custom CMS susceptible to SQ@L injection
MD5 hash algorithm used in password hash creation (hashed passwords were grabbed as a result of the SQL injection). MD5 used badly.
Rainbow tables used to compare password hashes
Two HBGary Federal employees—CEO Aaron Barr and COO Ted Vera—used passwords that were very simple; each was just six lower case letters and two numbers.
These simple passwords were reused in different places, including e-mail, Twitter accounts, and LinkedIn.
One of these two reused his password in ssh, on a Linux computer.
HBGary server used passwords, and not public key cryptography, as is best practice
There was a system flaw on the Linux computer allowing privilege escalation. This was found Oct 2010 and fixed in most distributions by Nov 2010. HBGary system was still unpatched in February 2011.
HBGary used Google Apps for it's email system.
One of the simple passwords (see above) belonged to the administrator of this system. This ability gave the hackers wide access to the companies email, including access to owner Greg Hoglund's mail.
In this mail was the root password to the computer running Greg's rootkit.com site
Social engineering got the hackers another required login/password

So there you have it. Simple steps through simple, basic doors.

The feeling within the security industry is this breach may well be fatal to HBGary.

The final paragraphs of this story....
So there are clearly two lessons to be learned here. The first is that the standard advice is good advice. If all best practices had been followed then none of this would have happened. Even if the SQL injection error was still present, it wouldn't have caused the cascade of failures that followed.

The second lesson, however, is that the standard advice isn't good enough. Even recognized security experts who should know better won't follow it. What hope does that leave for the rest of us?
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

The Continuing Saga

Post by Foggyone » Mon Feb 21, 2011 6:21 pm

HBGary Emails A Sweet Valentine For Social Engineers

I would imagine the officials of various security and Government agencies will be thrilled to little bits (not) to have these emails published. Email addresses and all the other stuff can help spear phishing no end. It will be interesting to see if there are spear phishes as a result.

The compromise and publication has the potential to be far more damaging than the original wikileaks cable publication that started it all.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Shine The Light

Post by Foggyone » Tue Mar 01, 2011 6:04 pm

As part of the HBGary breach it has now come to light that global financial services firm Morgan Stanley were the victims of an attack (reading the story here suggest they have been breached more than once!).

I don't think we have seen the last revelations from this source.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Ouch For Google Gmail

Post by Foggyone » Tue Mar 01, 2011 6:13 pm

Google, the answer to so many questions!
-----------------------------------------------------

User avatar
dobby
Members
Posts: 3336
Joined: Wed Apr 05, 2006 7:48 am
First Name: Dobby
Location: Wellington

Re: Security site gets 'pwned'

Post by dobby » Tue Mar 01, 2011 8:41 pm

All good here.
Idealism increases in direct proportion to your distance from the problem.

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

RSA, a Division of EMC2

Post by Foggyone » Sat Mar 19, 2011 6:19 pm

EMC2 = "Where information lives" (and, apparently, leaves).

RSA is another computer security firm, aimed more at the commercial market than the shadowy secret organisations served by HBGary. They sell SecurID, a security login system.
SecurID is used by an estimated 40 million people at 30,000 organizations worldwide, including banking firm Wells Fargo & Co., Rolls Royce Motor Cars Ltd., the French Ministry of Education, Lockheed Martin Corp., and The New York Times Co., including The Boston Globe.
Their system has also been breached, and secrets stolen, in what they describe as an "extremely sophisticated cyber attack."

RSA breach: Reactions from the security community

Another take on this story here.

I wonder if the attack was sophisticated, or whether they were as dilatory as HBGary?
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Ockers Vulnerable - What About Kiwis?

Post by Foggyone » Sun Mar 20, 2011 6:46 pm

Hacked security firm leaves Aussies vulnerable

Westpac and Telstra Clear are among the known Australian customers who operate in NZ.

“There’s probably one key piece of information in the [documents provided to clients] which would protect against whatever vulnerability now exists due to the RSA security breach,” said one Australian IT manager who wished to remain anonymous. “But RSA wouldn’t want to tell us which one because that would be telling the world exactly what was stolen.”

The IT manager said it would “be much nicer if [RSA] just explained exactly what happened and which key steps you should take to make sure you were protected”.
As is usual, the poor donkeys in the streets are the last to know what's going on. Is there a risk to my fortune??
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

McAfee.com filled with vulnerabilities

Post by Foggyone » Tue Mar 29, 2011 5:21 pm

It's McAfee's turn to be embarrassed! Their sites are apparently able to be hacked.

he YGN Ethical Hacker Group has published details.
Taking in consideration the fact that McAfee offers the McAfee Secure service to other enterprises, and supposedly scans the sites daily for vulnerabilities, malicious links, phishing, hosted malware and more, this disclosure doesn't paint a pretty picture of the company's commitment to security.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: Security site gets 'pwned'

Post by Foggyone » Mon Apr 04, 2011 7:25 pm

The execution of the RSA hack

I would imagine the idiot employee would get caned. However, it is more the fault of the company for using poor quality (M$ & Adobe) software that aided the attack. Also, their training (they are at the cutting edge of computer security) was obviously woefully lacking.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Another One

Post by Foggyone » Mon Apr 18, 2011 6:49 pm

Barracuda Networks, a security provider, is the latest firm to get compromised. Their tagline:
Powerful - Affordable - Easy-to-Use

> Content Security
> Networking & Application Delivery
> Storage & Data Protection
Barracuda Networks breached by automated SQL injection attack
Starting Saturday night at approximately 5pm Pacific time, an automated script began crawling our Web site in search of unvalidated parameters. After approximately two hours of nonstop attempts, the script discovered a SQL injection vulnerability in a simple PHP script that serves up customer reference case studies by vertical market.

As with many ancillary scripts common to Web sites, this customer case study database shared the SQL database used for marketing programs which contained names and email addresses of leads, channel partners and some Barracuda Networks employees. The attack utilized one IP address initially to do reconnaissance and was joined by another IP address about three hours later. We have logs of all the attack activity, and we believe we now fully understand the scope of the attack.
What they are really saying is "we preach, but don't practice".
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

ESA This Tmie

Post by Foggyone » Mon Apr 25, 2011 7:16 pm

ESA (European Space Agency) which runs in opposition to NASA has been thoroughly hacked and exposed.

Hackers blog
Server information
Root account, Database and Admin usernames/passwords, hopefully changed

OOPS!
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Software Company Ashampoo

Post by Foggyone » Mon Apr 25, 2011 7:20 pm

Software company Ashampoo breached, customer data stolen
The German computer software company Ashampoo has been targeted by attackers that managed to gain access to its customers database and possibly exfiltrated data such as names and email addresses.
Another dose of spear phishing and more breaches in prospect.
Among other software, Ashampoo is also the developer of a couple of security offerings (AV solutions, firewalls, encryption software), but as much as this breach can be embarrassing for the company, they take some comfort in the fact that they are not the first firm - or the biggest ones - to have been breached lately.
OUCH!
Google, the answer to so many questions!
-----------------------------------------------------

Post Reply

Who is online

Users browsing this forum: No registered users and 5 guests