Last Updated on October 16, 2011
October has come and here it is, also for this month, the first part of my Cyber Attacks Timeline covering the cyber events occurred in the first half of the current month.
Three events in particular have marked this month: The German Trojan R2-D2 (that is raising many questions and concerns inside the infosec community), the keylogger hitting U.S. Drones and a new cyber attack to Sony involving this time “only” 93,000 accounts (oops! They did it again).
Except for a couple of isolated occurrences (in Austria and UK), the Cyber Attacks by Anonymous and Antisec had a break, maybe because hacktivism efforts are being focused on the #OccupyWallStreet operation that is rapidly spreading all over the World (I wonder why in here in Rome yesterday it has not been possible to have peaceful protests as happened in all the other Capitals). Besides, albeit not directly related with Anonymous, several Syrian log files were leaked showing the control of the Government on the Internet.
Other events of the month: a couple of fashion related websites were hacked, the Cyber-Guerrilla between India and Pakistan was particularly active with the cyber armies of the two nations facing themselves in the cyber space with continual mutual defacements, @SwichSmoke was also particularly active against Venezuela Government Web Sites. Other “minor” leaks were performed by @FailRoot and @ThEhAcKeR12 but one of the victims of the latter was Camber Corporation, an U.S. Contractor.
Anyway, Camber Corporation was not the only targeted Contractor, also Raytheon Corporation (a survivor of the RSA Breach) was targeted with a cloud based spear-phishing campaign, again the attack was thwarted but, in my opinion, has deserved a mention as well. Chronicles also reports of a claimed hack to Infragard (again).
Moreover the aftermaths of the RSA breach are not completely over: this month the security firm’s CEO claimed that a couple of different Cyber Crews, under the flag of an enemy nation (and the suspects were immediately directed to China), are behind the Cyber Attack in March and acted to perform it.
But a very special mention for this month (and the consequent lowly desiderable prize), is undoubtedly deserved by Mr. Oliver Letwin, Her Majesty’s Cabinet Minister, who was caught by The Daily Mirror in the habit of dumping private correspondence and sensitive documents detailing Al-Qaeda activities and secret service operations into park bins in St James’s Park, Westminster, close to Downing Street. Security, logical and physical, may have many unpredictable implications…
From a technical point of view SQLi and defacements were the most used lethal weapons for this month, even if a massive ASP.NET based attack, targeting 300,000 web sites, is also worth mentioning.
This Timeline was compiled with Useful Resources by:
- Cyber War News
- Naked Security
- Office Of Inadequate Security (DataBreaches.net)
- The Hacker News
And my inclusion criteria do not take into consideration simple defacement attacks (unless they are particularly resounding) or small data leaks.
Last but not least: you may find all the timelines for 2011 in my Master Index. Enjoy the list(s) and share and retweet to encourage me to keep it up2date!
NeatStuffs hacks filmradar.com a movie review and information site/community and releases on Mediafire a 6mb txt file containing 95167 accounts with hashed passwords. Estimated cost of the breach is $ 20,365,738.
|Oct 2||Venezuela National Statistics Institute|
SwichSmoke crew hacks the Venezuela National Statistics Insitute during the 2011 Census.
|Oct 2||Camber Corporation (US Contractor)|
Once again a US Government contractor is target of cyber crime. This time is the turn of Camber Corporation, targeted by a small hack by @ThEhAcKeR12, which releases 3 admin accounts with encrypted passwords. and admin full name.
Again @ThEhAcKeR12, this time the crew dumps 1500+ accounts (in encrypted format) and a database from wrestlegame.co.uk. Estimated cost of the breach is around $321,000.
|Oct 2||A student arrested few days later||Thailand Prime Minister|
Thailand’s Prime Minister, Yingluck Shinawatra, had her Twitter account hacked flooding her followers with a stream of messages criticising her leadership with statements like this: The final post read: “If she can’t even protect her own Twitter account, how can she protect the country?“
|Oct 4||Austrian Economy Chamber (WKO)|
WKO confirms that its webserver was infiltrated by unidentified cyber criminals. More than 6,000 data sets of customers of the chamber were published on the internet. Although Anonymous Austria leaked the data, they stressed they had not carried out the attack on WKO themselves, but had been provided with the records by someone else, adding that the security leak was exposed by using online search engine Google. Estimated cost of the Breach is around $1,284,000.
|Vulnerability on The Target Platform|
@ThEhAcKeR12 does not stop here and dumps 3300 accounts from funniestvideosonline.com and are all encrypted passwords. Estimated cost of the Breach is around $706,200.
@FailRoot hacks and leaks several accounts from www.xvidonline.com putting the websits offline.
|Oct 5||Optik Fiber||Gmail (Claimed)|
Optik Fiber releases several gmail accounts claimed to have been hacked via a known security flaw in gmail. It is not sure if this is real or not but it is meaningful as well of the global level of (in)security, real or psychological.
|Known Security Flaw in Gmail (N/A)|
|Oct 5||?||Fashion TV India|
Unknown hackers hacks Fashion TV India with the injection tool havij and obtain a list of accounts dumping usernames and passwords in clear text.
|SQLi via havij|
|Oct 6||Syrian Internet Log Files|
Internet activists from Telecomix release 54 GB of log files allegedly created by Syrian internet censors between 22 July and 5 August 2011. The data were found on a third party server.
An Australian University website that lists jobs is hacked by @BlackHatGhosts and has data dumped, included user logins and passwords.
|Oct 7||Several Hackers|
Department of Public Enterprises, south Africa is hacked and had its database dumped
|Oct 7||Same authors above|
Another day, another government website hacked, (and its data leaked).
|Oct 7||?||University Of Georgia|
The University of Georgia discovers a data file on a publicly available Web server that contained sensitive personnel information on 18,931 members of the faculty and staff employed at the institution in 2002. The file included the social security number, name, date of birth, date of employment, sex, race, home phone number and home address of individuals employed at UGA in 2002. Estimatec Cost of the Breach is around $4,051,234.
|Internal Accidental Error|
|Oct 8||?||U.S. Military Drones|
Wired reports that a computer virus has infected Predator drones and Reaper drones, logging pilots’ keystroke during their fly missions over Afghanistan and other warzones. The virus was detected nearly two weeks ago at the Ground Control System (GCS) at Creech Air Force Base in Nevada and has not prevented drones from flying their missions, showing an unexpected strength so that multiple efforts were necessary to remove it from Creech’s computers.
|Oct 8||German law Author. and Customs Dep.||German Citizens|
A very strange (un)lawful Cyber Attack, against German Citizens. Chaos Computer Club discloses a “state malware”: a backdoor Trojan horse capable of spying on online activity and recording Skype internet calls. They declare the malware is used by the German police force. The malware was allegedly installed onto the computer as it passed through customs control at Munich Airport.
|Oct 9||Turkish Energy Team||Several Government Websites|
Turkish Energy Team performs (and keeps on to perform) a massive defacement against several governments websites (in certain cases some sub domains). The list (in continuous growth) is published on Zone-H.
|Oct 9||MCA-CRB||Other Government Websites|
Different Crew, same result: a massive defacement against several governments websites. Also in this case the list (in continuous growth) is published on Zone-H.
Another Web site hosting company defaced: this time it is the turn of justonehost.com that is hacked by @FailRoot, that also dumps its Database online. The leak contains all users informations, emails, paypals and much more is 11.86mb and has been uploaded to megaupload.
|Oct 10|| |
Another government website hit and leaked by @FailRoot: Congress of the state of Chihuahua Mexico. The leak contains administration usernames and (easy guessable) passwords.
|Oct 10||Q!sR QaTaR|
A cybercriminal from Quatar defaces a large number of websites belonging to the Ankara government, leaving them non-operational.
|Oct 10||40 Zimbabwe Government Websites|
A crew called ISCN hacks and defaces 40 Zimbabwe government based websites leaving a polical message.
UKGraffiti is hacked by Anonymous_DR (Anonymous Dominicana) who also dumps usernames, emails and encrypted passwords.
RSA reveals that it believes two groups, working on behalf of a single nation state, hacked into its servers during the infamous Breach of March and stole information related to the company’s SecurID two-factor authentication products used to attack some defense contractors. Although people are likely to assume that China might have been involved in the attack, they did not reveal the name of the nation involved.
|Oct 11||?||Sony (Playstation Network, Sony Entertainment Network and Sony Online Entertainment)|
Back tho the future! Sony under cyber attack… Again! The Company reports of unauthorized attempts to verify valid user accounts on Playstation Network, Sony Entertainment Network and Sony Online Entertainment. A total of 93,000 accounts have been affected (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000). In these cases the attempts succeeded in verifying valid sign-in IDs and passwords, so the accounts were temporalily locked.
Unknown Hackers hack the European property Dealers website blueHOMES.com . About 500,000 Users data claim to be hacked including database with customer passwords in plaintext, full addresses, skype account, and mailboxes of bluehomes. Specified data leaked on pastebin with sample data of some users.
Another website hit by Havij. This time is the turn of Find2Trade, an internet portal whose goal is to help small and medium enterprises to reach much higher profits while reducing costs. UserID, email and passwords, which are encrypted, were leaked.
The U.S. Defense Contractor reveals that it was the victim of a cloud-based attack for the first time, with the incident occurring one week before. Nothing new but the fact that this was the first cloud based attack. The firm usually blocks 1.2 billion attacks a day in addition to four million spam emails each day.
Another Linux Project hacked! Jeremy White, Codeweavers Founder announces that access to the WineHQ database has been compromised. It looks like attackers have used phpMyAdmin to access the WineHQ project’s database and harvest users’ appdb and bugzilla access credentials.
|Oct 13||?||300,000 Websites|
Google reveals another mass infection which affected hundreds of thousands of sites that relied on ASP or ASP.NET: A malicious script got injected into several locations targeting English, German, French and other language speakers surfers.
The biotechnology company suffered a data breach on August, 17 which may have resulted in the theft of information belonging to 3,500 of the million patients who utilize the company’s support programs. Estimated Cost of The Breach is around $750,000
|Oct 14||?||Chili’s Grill & Bar Restaurant|
Ok a Chili Breach is not a big deal, except the fact that the computer server Hackers broke into, is placed at Yokosuka Naval Base. According to Navy officials, hackers stole credit card information and run up erroneous charges.
|Credit Card Thieft|
|Oct 14||?||Fedora Project|
This is not a direct cyber attack but a consequence of the hacks to Linux projects (Kernel.org and Linux). ThreatPost reveals that Fedora Project contacted users to change their password and SSH public key before November 30 to avoid having their accounts marked as inactive.
|Oct 14||Barinas State, Venezuela|
Another dump of sites from @SwichSmoke coming from the state “Barinas” and the government for that state. The release note, in Spanish states that the original password is 123456, fairly lame for a government website.
|Oct 14||Vicky Singh||Pakistan Embassy in China|
Another episode of the Cyberware between Pakistan and Indian Crew: Vicky Singh defaces the Pakistan Embassy in China.
|Oct 14||Team Dexter||Contrexx.com|
An European Content Management System provider is hacked and has a dump of administration details leaked online.
|Oct 14 Oct 15||Several Authors||Club Music CPPS|
Club Music CPPS is hacked: the leak contains account emails, usernames and decrypted passwords. Note: on Oct 16 the site is still defaced 🙁
|Oct 14||Venezuela National Graduate Advisory Council|
Another cyber attack by @SwichSmoke, this time they leak the Venezuela National Graduate Advisory Council and release the leaked data on pastebin.
|Oct 14||?||Infragard Atlanta (claimed)|
It seems that Infragrad has been hacked again and had a dump of accounts leaked and decrypted even if there is no source or reason or even proof that this is 100% real in anyway. Anyway it still shows that Infragard is still in the eyes of some people. The alleged leak contains emails, usernames, encrypted passwords and the decryption of the password as well.
|Oct 14||?|| NSEC (Netaji Subhash Engineering College)|
The Netaji Subhash Engineering College NSEC is hacked and has a fair amount of member accounts dumped on pastebin. This comes from an unknown source and unknown reasons. The leak contains full user information, emails and passwords in clear text.
Barbaros-DZ hacks over 1,700 sites belonging to the Chinese Government defacing them and leaving a message against the Goverment itself. THe list of the sites is available on Zone-H.
Special mention this month for Her Mayesty’s Cabinet Minister Oliver Letwin, who has got himself into hot water, after The Daily Mirror reported him in the habit of dumping private correspondence and sensitive documents detailing Al-Qaeda activities and secret service operations into park bins in St James’s Park, Westminster, close to Downing Street. The documents contained the personal details of the minister’s constituents, including names, phone numbers, email contacts and postal addresses.
|Oct 15||SA3D HaCk3D||16,000+ websites|
SA3D HaCk3D shows on Zone-H the results of his work of the past years: a total of 16,000+ websites defaced.
For an alleged personal revenge, a hacker called p0xy leaks usernames, emails and hashed passwords from the iCPPS online platform.
|Oct 15||iolaka||World Miss Photogenic|
This time is the turn of a fashion/model based website, which is attacked and suffers a dump of accounts leaked containing 1000+ accounts including usernames, emails and encrypted passwords by iolaka.
|Oct 15||India Cyber Crime Investigation Cell|
Another episode of the Cyber-Guerrilla between India and Pakistan: Pakistani hacker Shadow008 hacks and defaces India’s Most Important website of Cyber cell located at Mumbai.
- Just For Reference… (paulsparrows.wordpress.com)
- September 2011 Cyber Attacks Timeline (Part II) (paulsparrows.wordpress.com)
- September 2011 Cyber Attacks Timeline (Part I) (paulsparrows.wordpress.com)