1-15 November 2015 Cyber Attacks Timeline

It’s time to publish the first timeline of November covering the main Cyber Attacks reported in the media, occurred between  1 and 15 November 2015.

Unfortunately this month did not start very well with the hacks against Vbulletin (480,000 victims) and FoxIt, and the trend continued with an unprecedented spree of DDoS attacks against several email providers and other kind of targets, characterized by the request of a ransom (actually one of the targets, Protonmail, decided to pay hoping, uselessly, to stop the attacks. And the list of the victims also include  Comcast (590,000 users potentially compromised).

Hacktivists were equally quite active in the first half of November: Crackas With Attitude, the teen hackers who previously breached CIA director personal email account, claimed to have breached a law enforcement database and the email account of FBI Deputy Director Mark Giuliano, whereas the Anonymous continued their battle against the Ku Klux Klan releasing the identities of 1000 alleged activists online.

Cyber Espionage chronicles report an alleged hack of the email and social media accounts of several Obama administration officials by members of Iran’s Revolutionary Guard.

If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Access the timeline in Google Sheet format: spreadsheets-32

 DateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
CountryLink
101/11/2015Coldzer0VbulletinA hacker called Coldzer0 claims to have hacked Vbulletin.com and to have obtained the details of 479895 users.Unknown 0-dayIndustry: SoftwareCCUShttps://theadminzone.com/threads/vbulletin-com-forums-hacked.136961/page-5#post-1017399
201/11/2015Coldzer0FoxIt SoftwareColdzer0 also claims to have hacked the FoxIt Forum using the same 0-day.Unknown 0-dayIndustry: SoftwareCCUShttp://www.databreaches.net/vbulletin-foxit-software-forums-hacked-by-coldzer0-hundreds-of-thousands-of-users-info-stolen/
301/11/2015?Salt Lake City School DistrictThe Salt Lake City School District is struck by a DDoS attack that takes down the district's website, phone system and online administrative tools.DDoSEducationCCUShttp://www.scmagazine.com/salt-lake-schools-hit-with-ddos-attack/article/451480/
402/11/2015AnonsecIsrael Missile Defense Association
http://imda.org.il/
The Anonsec collective hacks the Israel Missile Defense Association (imda.org.il) and dumps 2161 usernames and hashed passwordsSQLiOrg: MilitaryHILhttp://pastebin.com/qaqADFTH
503/11/2015Smitt3nz AKA Rubberchromeplay.comSmitt3nz AKA Rubber hacks chromeplay.com and dumps the records of 9000 users.SQLiOnline ServicesCCUKhttp://siph0n.in/exploits.php?id=4159
603/11/2015Armada CollectiveProtonmailA collective called Armada Collective takes down Protonmail, a Swiss provider of end-to-end encrypted email. The company pays a ransom of 15 BTC (6000 USD) but is taken down again after paying.DDoSIndustry: Email Service ProviderCCCHhttp://arstechnica.com/security/2015/11/crypto-e-mail-service-pays-6000-ransom-gets-taken-out-by-ddos-anyway/
703/11/2015Pro-Palestine ActivistsHa'aretz Twitter AccountPro-Palestine activists Hacked Ha’aretz Newspaper’s Twitter Account and Posted: “Our martyrs’ mothers will drink your soldier’s blood.”Account HijackingNewsHILhttps://www.hackread.com/pro-palestinian-hackers-hack-haaretz-twitter/
803/11/2015Smitt3nz AKA Rubberhttp://library.killersites.comSmitt3nz AKA Rubber hacks library.killersites.com and dumps the records of 1596 users.SQLiOnline ServicesCCUShttp://siph0n.in/exploits.php?id=4173
904/11/2015Islamic Revolutionary Guards CorpObama Administration OfficialsThe Wall Street Journal reveals that the email and social media accounts of Obama administration officials were recently hacked by members of Iran's Revolutionary Guard.Targeted AttackGovernmentCEUShttp://www.esecurityplanet.com/network-security/u.s.-government-officials-hacked-by-iranian-revolutionary-guard.html
1004/11/2015Armada CollectiveVFEmailVFEmail is taken down by a DDoS attack. The attackers demand a ransom of 5 BTC
(1700 USD)
DDoSIndustry: Email Service ProviderCCUShttp://havokmon.blogspot.co.uk/2015/11/teenage-script-kiddies-armada.html
1104/11/2015?ZohoZoho is subject to a DDoS attack. The attack starts on November the 4th and affects the company for one week.DDoSIndustry: Email Service ProviderCCUShttps://www.zoho.com/service-updates/blog/zoho-services-under-criminal-attack.html
1204/11/2015?TouchnoteThe U.K.-based app for photo postcard service Touchnote notifies its registered customers that the company has been hacked and some personal information has possibly been compromised.UnknownIndustry: SoftwareCCUKhttp://www.scmagazine.com/touchnote-photo-site-breached-names-addresses-taken/article/452401/
1304/11/2015?ShowTix4UShowTix4U, a Nevada based online ticket sales service used heavily in Central Wisconsin says it has had a data breach.UnknownOnline ServicesCCUShttp://www.wsaw.com/home/headlines/ShowTix4U-ticket-website-customers-warned-following-data-breach--340023262.html
1405/11/2015?HushmailHushmail experiences two unscheduled service outages resulting from distributed denial-of-service (DDoS) attacks.DDoSIndustry: Email Service ProviderCCCAhttps://help.hushmail.com/entries/107539976
1505/11/2015?RunboxRunbox is subject to Distributed Denial of Service (DDoS) attacks. Even in this case the attackers demand a ransom to stop the waves of attack.DDoSIndustry: Email Service ProviderCCNOhttps://blog.runbox.com/2015/11/ddos-attacks-on-runbox/
1605/11/2015?Four Winds Casino ResortFour Winds Casino Resort reveals to have discovered a bank-card-stealing malware in its payment systems. Four properties are affected between October 2014 and October 21, 2015. PoS MalwareIndustry: Hotel and ResortCCUShttp://www.theregister.co.uk/2015/11/05/michigan_casino_credit_card_hack/
1705/11/2015Crackas With Attitude
(CWA)
FBI Deputy Director Mark GiulianoThe same teen hackers who infiltrated the email account of CIA Director John Brennan claim to have hacked an email account of FBI Deputy Director Mark Giuliano.Account HijackingSingle IndividualsCCUShttp://www.scmagazine.com/crackas-with-attitude-say-theyre-at-it-again-claim-hack-of-fbi-deputys-email/article/452037/
1806/11/2015CocaineSecuritySwedbankSwedbank is taken down by a DDoS attack A hacker called CocaineSecurity claims to have received a ransom.DDoSFinanceCCSEhttp://www.theregister.co.uk/2015/11/06/swedbank_hit_by_ddos_attack/
https://twitter.com/CocaineSecurity/status/662973175400148992
1906/11/2015Armada CollectiveNeomailboxNeomailbox is taken down by a DDoS attack carried on by the Armada Collective, who also asks for a ransom.DDoSIndustry: Email Service ProviderCCCHhttp://www.neomailbox.com/about/news/305-ddos-attack
2006/11/2015AnonymousKu Klux Klan
Hacking collective Anonymous has released the identities of 1000 KKK members online.UnknownOrganization: PoliticsHUShttp://www.zdnet.com/article/anonymous-exposes-identities-of-1000-kkk-members/
2106/11/2015?XAT
http://xat.com
The UK social networking Xat (xat.com) is hacked and notifies the users that its database has been acquired by the attackers.Account HijackingSocial NetworkCCUKhttp://www.databreaches.net/uk-social-networking-site-xat-hacked-user-database-acquired-by-hackers/
2206/11/2015Eggfatherhttp://www.islandermania.comEggfather hacks islandermania.com and dumps 8,525 usernames and hashed passwords.SQLiOnline ForumCCUShttp://siph0n.in/exploits.php?id=4182
23Eggfatherhttp://www.lonestarspeedzone.com
Eggfather hacks lonestarspeedzone.com and dumps 1,939 usernames and hashed passwords.SQLiOnline ForumCCUShttp://siph0n.in/exploits.php?id=4181
24Eggfatherhttp://pixarra.com/Eggfather hacks pixarra.com and dumps 8,525 usernames and hashed passwords.SQLiIndustry: SoftwareCCUShttp://siph0n.in/exploits.php?id=4180
25Eggfatherhttp://www.sikhawareness.com/Eggfather hacks pixarra.com and dumps 4,520 usernames and hashed passwords.SQLiOnline ForumCCUShttp://siph0n.in/exploits.php?id=4178
2608/11/2015?Fastmail
FastMail is hit by a DDoS attack that briefly make some services unavailable. A further attack is executed on Monday, 9 Nov. Both attacks are accompanied by an extortion demand that threaten further attacks if the company does not pay the attacker 20 Bitcoin (approximately US$7500).
DDoSIndustry: Email Service ProviderCCAUhttp://blog.fastmail.com/2015/11/11/ddos-attack-may-lead-to-potential-service-disruption-this-week/
2708/11/2015?Brazilian ArmyThe Brazilian Army's servers are hacked, resulting in personal details (National Insurance Numbers and passwords) of about 7,000 officers getting leaked. The attack appears to have been prompted as retaliation against the supposedly inappropriate conduct of an Army team during a "capture the flag" (CTF) cybersecurity competition at the government's Center for Cyber Defence.UnknownMilitaryCCBRhttp://www.zdnet.com/article/brazilian-army-gets-hacked/
2808/11/2015Crackas With Attitude
(CWA)
Joint Automated Booking System
(JABS)
Crackas With Attitude (CWA), the hackers who breached CIA director John Brennan's personal email account claims to have gained access to a law enforcement arrest database, known as the Joint Automated Booking System (JABS).
UnknownLaw EnforcementHUShttp://www.wired.com/2015/11/cia-email-hackers-return-with-major-law-enforcement-breach/#slide-1
2908/11/2015KelvinSecTeamhttp://aviacion.mil.veKelvinSecTeam hacks the website of the Aviacion Militar Bolivariana (aviacion.mil.ve) and dumps 1,997 records.UnknownMilitaryHVEhttp://pastebin.com/RzuxwLxF
3009/11/2015?UK Parliament Computer NetworkThe Times reveal that, in May, cybercriminals were able to break into parliament’s computer network, hijacked computers holding sensitive information and presented a ransom demand to Chi Onwurah, MP and shadow digital minister.MalwareGovernmentCCUKhttp://www.thetimes.co.uk/tto/news/uk/article4608292.ece
3109/11/2015HRG (His Royal Gingerness)Norwich International Airport
https://www.norwichairport.co.uk
A hacker calling himself HRG (or His Royal Gingerness) hacks the Norwich International Airport's website (norwichairport.co.uk) and obtains the details of people registered on the website's media centre.SQLiAirportCCUKhttp://www.bbc.co.uk/news/uk-england-norfolk-34769924
3210/11/2015OrionComcastComcast resets 200k cleartext passwords, after a hacker known as Orion claims to have stolen the database and puts it on sale on the dark web. Nearly 590,000 users could have been compromised.Zimbra 0-dayIndustry: TelcoCCUShttp://www.theregister.co.uk/2015/11/11/comcast_passwords_leak/
3310/11/2015?SpotifyNewsweek reveals that over one thousand email addresses and passwords from the musing streaming app Spotify were leaked following a hack.UnknownIndustry: MusicCCSEhttp://www.newsweek.com/hundreds-spotify-accounts-leaked-apparent-hack-last-week-392696
3410/11/2015TAFE QueenslandTAFE Queensland has experienced a breach that has seen the personal details of thousands of the state's TAFE students exposed.UnknownEducationCCAUhttp://www.zdnet.com/article/queensland-tafe-student-data-exposed-in-hack/
3510/11/2015?http://fantasy.premierleague.comMalwarebytes reveals the details of a malvertising campaign targeting the website of fantasy.premierleague.com, potentially redirecting the users to a page hosting the Nuclear Exploit Kit.MalvertisingOnline GamingCCUKhttps://blog.malwarebytes.org/malvertising-2/2015/11/official-premier-league-fantasy-website-site-pushes-malvertising/
3610/11/2015?Korea Advanced Institute of Science Technology
KAIST
More than a dozen students and faculty at the Korea Advanced Institute of Science Technology (KAIST) have their credit card information stolen by a hacker who attempted to make payments in Japan.UnknownEducationCCKRhttps://www.koreatimes.co.kr/www/news/nation/2015/11/116_190866.html
3710/11/2015BravewandererBrigham Young University
byu.edu
A hacker called bravewanderer hacks the Brigham Young University (byu.edu) and dumps 11,894 records.UnknownEducationCCUShttp://pastebin.com/ctusqA92
3810/11/2015Eggfatherhttp://engineerboards.comEggfather hacks engineerboards.com and dumps 21,304 usernames and hashed passwords.SQLiOnline ForumCCUShttp://siph0n.in/exploits.php?id=4195
3910/11/2015Eggfatherhttp://www.c4forums.comEggfather hacks c4forums.com and dumps 15,276 usernames and hashed passwords.SQLiOnline ForumCCUShttp://siph0n.in/exploits.php?id=4194
4010/11/2015Eggfatherhttp://forum.chumpcar.comEggfather hacks forum.chumpcar.com and dumps 15,276 usernames and hashed passwords.SQLiOnline ForumCCUShttp://siph0n.in/exploits.php?id=4193
4110/11/2015Eggfatherhttp://www.mwcboard.com/Eggfather hacks mwcboard.com and dumps 15,276 usernames and hashed passwords.SQLiOnline ForumCCUShttp://siph0n.in/exploits.php?id=4192
4211/11/2015?Securus TechnologiesAn anonymous hacker leaks a vast collection containing metadata of over 70 million records of phone calls placed by prisoners to at least 37 US states and links to actual recordings for each call. The calls, allegedly leaked from Securus Technologies, span a nearly two-and-a-half year period, beginning in December 2011 and ending in the spring of 2014.UnknownIndustry: TechnologyCCUShttps://theintercept.com/2015/11/11/securus-hack-prison-phone-company-exposes-thousands-of-calls-lawyers-and-clients/
4311/11/2015?AmmyyThe installer of the remote desktop software Ammyy is compromised and distributes the tools used by the Buhtrap gang to spy on and control their victims’ computers.MalwareIndustry: SoftwareCCRUhttp://www.welivesecurity.com/2015/11/11/operation-buhtrap-malware-distributed-via-ammyy-com/
4411/11/2015Fallaga TeamJewish Free School
http://www.jfs.brent.sch.uk/
The Tunisian Fallaga Team defaces the website of Europe’s largest Jewish school, JFS, posting a message that calls for an end to Islamophobia and aggression against Muslims.DefacementEducationHUKhttps://www.rt.com/uk/321597-islamist-hackers-jewish-school/
4511/11/2015Fruityhaxhttp://laptopmania.co.uk/A hacker called Fruityhax hacks laptopmania.co.uk and dumps 1500 usernames and hashed passwords.SQLiIndustry: E-CommerceCCUKhttp://siph0n.in/exploits.php?id=4197
4611/11/2015?The Training Room
http://thetrainingroom.com/
An unknown hacker hacks thetrainingroom.com and dumps 1,141 records with usernames and hashed passwords.SQLiEducationCCUShttp://pastebin.com/sWa06kV0
4712/11/2015AnonymousUnknown IndividualHalifax police forced to re-open investigation in a sexual assault case after Anonymous exposes the identity of the alleged culprit.UnknownSingle IndividualHCAhttps://www.hackread.com/anonymous-exposes-identity-of-alleged-halifax-rapist/
4813/11/2015?https://grahamcluley.comThe website of the security blogger Graham Cluley (https://grahamcluley.com) is taken down by a DDoS attack.DDoSNewsCCUKhttps://grahamcluley.com/2015/11/cluley-ddos-attack/
4914/11/2015?Tor NetworkReports emerge of possible DDOS attacks being directed at Tor exit nodesDDoSTor NetworkCCN/Ahttps://www.deepdotweb.com/2015/11/14/possible-large-scale-ddos-attacks-on-tor-exit-nodes
5015/11/2015?Fashion to Figure
http://www.fashiontofigure.com
Fashion to Figure notifies customers of a breach involving malware inserted on their web host’s serverMalwareIndustry: RetailCCUShttp://www.databreaches.net/fashion-to-figure-notifying-customers-of-payment-card-compromise/
5115/11/2015?Noble House Hotels and ResortsLuxury hotel chain Noble House Hotels and Resorts notifies customers of a breach in six properties they uncovered in the wake of reports by customers of fraudulent charges on payment cards.MalwareIndustry: Hotel and ResortCCUShttp://www.databreaches.net/noble-house-hotels-and-resorts-notifies-customers-at-six-luxury-hotels-of-payment-card-breach/

Leave a Reply

%d bloggers like this: