May 25, 2013

You are here: Home / Archives for Security Breach

China suspected to be behind U.S. Army Corps of Engineers database hack

May 3, 2013 by

dam(LiveHacking.Com) – U.S. intelligence agencies are treating a recent cyber attack and subsequent intrusion into a database belonging to the U.S. Army Corps of Engineers as a cyber attack from China. According to the Free Beacon, U.S. intelligence agencies have traced the hack to the Chinese government or military cyber warriors.

The compromised database belonged to the U.S. Army Corps of Engineers and held data about dams. The National Inventory of Dams (NID) contains information on possible vulnerabilities of some 8,000 dams across the United States. In a worst case scenario the attack is a preemptive move by China in preparation for future cyber attacks against the nations electrical infrastructure.

“The U.S. Army Corps of Engineers is aware that access to the National Inventory of Dams (NID), to include sensitive fields of information not generally available to the public, was given to an unauthorized individual in January 2013 who was subsequently determined to not to have proper level of access for the information,” said Pete Pierce, a Corps of Engineers spokesman.

Upon discovering the unauthorized access the Corps of Engineers revoked the user’s access to the database.

The database collects information about dams which are either large (those that exceed 25 feet in height or exceed 50 acre-feet storage) and those that have a hazard classification because of the loss of human life that would result if the dam failed. The database was started in 1972 when laws came into effect that required cooperation between the Corps and the Federal Emergency Management Agency. These laws were updated in 2002 and 2006 to recognize that dams are part of critical U.S. infrastructure and require protection.

In January, a report published by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), part of the Department of Homeland Security’s Office of Cybersecurity and Communications, revealed that the last three months of 2012 saw at least two instances of malware infecting computers inside power generation facilities.

Filed Under: Attack, Attacks, News Tagged With: ,

Hackers breach externally hosted database used by UK’s Herfordshire Police

September 4, 2012 by

(LiveHacking.Com) – A website belonging to the UK’s Hertfordshire Police has been hacked and what appear to be login details, passwords and other details have been published online. The database for the Safer Neighbourhood Teams website, which was  externally hosted, held personal data including phone numbers and IP addresses that related to a number of officers.

In a statement given to the BBC, the Hertfordshire Constabulary said it was currently investigating the publication of information stored on a database linked to the public Safer Neighbourhoods pages of the external Constabulary website. And that the site has been temporarily disabled. “There is absolutely no suggestion that any personal data relating to officers or members of the public has been, or could have been compromised. Nevertheless matters of IT security are extremely important to the Constabulary and an investigation is already under way.”

The hack seems to be have been motivated by the current plight of Wikileaks founder, Julian Assange. There has been a rise in the number of hacking attacks since the UK government said it would arrest and extradite Mr Assange if he left Ecuador’s embassy in London.  An “OpFreeAssange” banner was included with the database details that were posted online as well as a quote from the Wikileaks founder. However the hacker was also keen to point out that he wasn’t part of the infamous hacking Anonymous.

Catalin Cosoi, chief security researcher at Bitdefender, said to SC Magazine: “The unknown attacker extracted from the second breached website what appear to be police officers’ email addresses, passwords to those email accounts and a list of PINs probably employed as additional safety tools. Several user logs have also been made public, exposing a list of employee names and corresponding IPs that could be used in cyber crime operations requiring identification of a specific machine, containing a particular type of data.”

Questions are now being asked about why a Police force was using an externally hosted website. The problem with any third-party supplier is that their security practices and procedures are unknown and outside the control of the client, in this case a Police force. This attack highlights the need for anyone (including Public sector organisations) using external hosting to validate the security of the external service.

Filed Under: Attack, Attacks, News Tagged With: , , ,

Philips Electronics Website Hacked, 200,000 Records Stolen

February 24, 2012 by

(LiveHacking.Com) – One of the largest electronics companies in the world, Philips Electronics, has been hacked. According to The Hacker News, the hackers defaced a Philips subdomain and left their names “bch195″ and “HaxOr” claiming to be members of Team INTRA.

The hackers posted information on the security breach on pastebin which itself contained links to the site privatepaste.com. These links are samples of the personal information the hackers have stolen including names, email addresses, occupation, date of birth, phone number and postal address.

Also the hackers commented that “This is first 100 emails from 200k list.I don’t want to share more because i will sell it.”

According to V3 , Philips is aware of the incident and has taken action to minimise its impact. Philips is following its standard security incident response procedure and is collaborating with law enforcement.

“Within an hour Philips became aware of the event, the compromised server was shut down. We are assessing the nature and extent of information that may have been accessed and a full investigation is in place,” they said.

This attack is another in a long list of very public security breaches and if the hackers have been able to steal over 200,000 records with personal details including postal addresses and phone numbers it potentially means the hackers could have gained further access to other Philips servers.

It is interesting to note that the hackers defaced a subdomain and not the main site. Hackers like to target smaller websites (even within a larger corporation) as these are often less well protected. This is what happened to Sony Pictures in 2011 when hackers breached an old competition website.

Filed Under: Attack, Attacks, News, Security Tagged With: , , ,

Dutch ISP KPN Security Breach

February 13, 2012 by

(LiveHacking.Com) – One of the largest ISPs in The Netherlands has shut down its email services after a security breach where hackers leaked the credentials and personal information of more than 500 of its customers.

KPN discovered the breach at the end of January but after consulting with the Dutch government and law enforcement agencies decided not to go public with the details. Once KPN discovered that account details were being posted online (at PasteBin) then it decided to suspend its email services as a precautionary measure. During Saturday email services resumed and KPN sent customers information on how to reset their password.

KPN has over two million customers and it is unclear if the hackers got access to information about all of these account or just the 500 posted online.

Filed Under: Attack, Attacks, News, Security Tagged With: , ,

Unauthorized Activity Within One of DreamHost’s Databases Prompts Password Resets

January 23, 2012 by

(LiveHacking.Com) – DreamHost detected some unauthorized activity within one of its databases over the weekend. And as a precautionary measure it is forcing customers to change their Shell and FTP password. To do this users needed to access the DreamHost web panel and go to “Manage Users”, however the rush of customers wanting to protect their accounts left the web panel overwhelmed with intermittent access for about an hour before DreamHost managed to fix it.

According to DreamHost, its support team handled thousands of password related requests over the weekend and that all mandatory Shell & FTP password resets were completed Friday evening for shared hosting customers and by Saturday for its VPS customers

“Due to the fast action we took to reset passwords, we’re not seeing any unusual malicious activity on customer accounts. Our security software and systems are functioning normally.”

DreamHost subsequently posted a security update in which it revealed that the database was accessed using a zero day exploit however the intrusion detection systems alerted DreamHost’s security team who then identified the means of access and blocked it. After a quick review of the data potentially accessed it appeared that some customers’ FTP and shell access passwords were possibly compromised. This then prompted the hosting company to initiate a forced reset of FTP and shell access passwords.

When asked if DreamHost stores its password in plaintext, Simon Anderson CEO, DreamHost, replied “Our systems have stored and used encrypted passwords for a number of years, however the hacker found a legacy pool of unencrypted FTP/shell passwords in a database table that we had not previously deleted. We’ve now confirmed that there are no more legacy unencrypted passwords in our systems. And we’re investigating further measures to ensure security of passwords including when a customer requests their password by email (this was not the issue here, though).

Filed Under: News, Security Tagged With: ,

Ashampoo Security Breach – Names and Email Addresses Taken

April 20, 2011 by

At the moment there seems to be a cyber crime wave and attackers are picking top names on the Internet to attack and hack. Recently servers at RSA were breached and then Epsilon was attacked. Now Ashampoo, the German software company best known for Ashampoo Burning Studio and Ashampoo WinOptimizer, has been attacked.

According to an email sent to its customers today Ashampoo detected an unauthorized access to one of its server systems and customer data was exposed. However it does want to reassure customers that billing information (e.g. credit card information or banking information) was definitely not taken as this data is not stored on its systems. As soon as the break-in was detected it was interrupted instantly, the security gap closed and the incident reported to the police.

Ashampoo is warning its customers of possible after effects of the theft and it cites the example of PurelyGadgets who announced that its servers were used to send bogus confirmations of orders. The emails contained a manipulated PDF document in the attachments that exploited vulnerabilities in Adobe Acrobat Reader to load malicious code on the recipients PC.

If you have further questions concerning this issue, Ashampoo’s support team (security@ashampoo.com) is at hand for help and advice. Inquiries in this context are being handled with the highest priority.

Filed Under: Attack, Attacks, Uncategorized Tagged With: ,

Security Breach at Mozilla.Org

December 28, 2010 by

A database of addons.mozilla.org user accounts was available to public. Chris Lyon, the director of infrastructure security at Mozilla has disclosed a security breach that revealed the addons.mozilla.org user accounts.

According to a post at Mozilla Security Blog, “On December 17th, Mozilla was notified by a security researcher that a partial database of addons.mozilla.org user accounts was mistakenly left on a Mozilla public server. The security researcher reported the issue to us via our web bounty program. We were able to account for every download of the database. This issue posed minimal risk to users, however as a precaution we felt we should disclose this issue to people affected and err on the side of disclosure.”.

Apparently, the database included 44,000 inactive accounts using older, md5-based password hashes. Mozilla has erased all the md5-passwords, rendering the accounts disabled. All current addons.mozilla.org accounts use a more secure SHA-512 password hash with per-user salts.

“It is important to note that current addons.mozilla.org users and accounts are not at risk. Additionally, this incident did not impact any of Mozilla’s infrastructure.”, said Mr. Lyon, Mozilla’s Director of Infrastructure Security.

Filed Under: Mozilla, Security Tagged With: , ,

NASA Security Breach: NASA sells PC with restricted Space Shuttle data

December 8, 2010 by

NASA did not wipe sensitive agency data from computers before selling them to the public.

Kennedy Space Center in Florida – one of four NASA sites with reported weaknesses in the disposition process – cleared the release of 14 computers to the public that had failed tests to verify data had been destroyed, the report found. Of the four that remained in NASA’s possession, one contained Space Shuttle related data that was subject to export control by the International Traffic in Arms Regulations. The audit, prepared by NASA’s Inspector General, covered a 12-month period starting in June 2009.”, stated in the report published by The Register.

Filed Under: Security Tagged With: , ,