Last Updated on January 3, 2016
It’s time to publish the first timeline of November covering the main Cyber Attacks reported in the media, occurred between 1 and 15 November 2015.
Unfortunately this month did not start very well with the hacks against Vbulletin (480,000 victims) and FoxIt, and the trend continued with an unprecedented spree of DDoS attacks against several email providers and other kind of targets, characterized by the request of a ransom (actually one of the targets, Protonmail, decided to pay hoping, uselessly, to stop the attacks. And the list of the victims also include Comcast (590,000 users potentially compromised).
Hacktivists were equally quite active in the first half of November: Crackas With Attitude, the teen hackers who previously breached CIA director personal email account, claimed to have breached a law enforcement database and the email account of FBI Deputy Director Mark Giuliano, whereas the Anonymous continued their battle against the Ku Klux Klan releasing the identities of 1000 alleged activists online.
Cyber Espionage chronicles report an alleged hack of the email and social media accounts of several Obama administration officials by members of Iran’s Revolutionary Guard.
If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
Date Author Target Description Attack Target
Country Link 1 01/11/2015 Coldzer0 Vbulletin A hacker called Coldzer0 claims to have hacked Vbulletin.com and to have obtained the details of 479895 users. Unknown 0-day Industry: Software CC US https://theadminzone.com/threads/vbulletin-com-forums-hacked.136961/page-5#post-1017399 2 01/11/2015 Coldzer0 FoxIt Software Coldzer0 also claims to have hacked the FoxIt Forum using the same 0-day. Unknown 0-day Industry: Software CC US http://www.databreaches.net/vbulletin-foxit-software-forums-hacked-by-coldzer0-hundreds-of-thousands-of-users-info-stolen/ 3 01/11/2015 ? Salt Lake City School District The Salt Lake City School District is struck by a DDoS attack that takes down the district's website, phone system and online administrative tools. DDoS Education CC US http://www.scmagazine.com/salt-lake-schools-hit-with-ddos-attack/article/451480/ 4 02/11/2015 Anonsec Israel Missile Defense Association
The Anonsec collective hacks the Israel Missile Defense Association (imda.org.il) and dumps 2161 usernames and hashed passwords SQLi Org: Military H IL http://pastebin.com/qaqADFTH 5 03/11/2015 Smitt3nz AKA Rubber chromeplay.com Smitt3nz AKA Rubber hacks chromeplay.com and dumps the records of 9000 users. SQLi Online Services CC UK http://siph0n.in/exploits.php?id=4159 6 03/11/2015 Armada Collective Protonmail A collective called Armada Collective takes down Protonmail, a Swiss provider of end-to-end encrypted email. The company pays a ransom of 15 BTC (6000 USD) but is taken down again after paying. DDoS Industry: Email Service Provider CC CH http://arstechnica.com/security/2015/11/crypto-e-mail-service-pays-6000-ransom-gets-taken-out-by-ddos-anyway/ 7 03/11/2015 Pro-Palestine Activists Ha'aretz Twitter Account Pro-Palestine activists Hacked Ha’aretz Newspaper’s Twitter Account and Posted: “Our martyrs’ mothers will drink your soldier’s blood.” Account Hijacking News H IL https://www.hackread.com/pro-palestinian-hackers-hack-haaretz-twitter/ 8 03/11/2015 Smitt3nz AKA Rubber http://library.killersites.com Smitt3nz AKA Rubber hacks library.killersites.com and dumps the records of 1596 users. SQLi Online Services CC US http://siph0n.in/exploits.php?id=4173 9 04/11/2015 Islamic Revolutionary Guards Corp Obama Administration Officials The Wall Street Journal reveals that the email and social media accounts of Obama administration officials were recently hacked by members of Iran's Revolutionary Guard. Targeted Attack Government CE US http://www.esecurityplanet.com/network-security/u.s.-government-officials-hacked-by-iranian-revolutionary-guard.html 10 04/11/2015 Armada Collective VFEmail VFEmail is taken down by a DDoS attack. The attackers demand a ransom of 5 BTC
DDoS Industry: Email Service Provider CC US http://havokmon.blogspot.co.uk/2015/11/teenage-script-kiddies-armada.html 11 04/11/2015 ? Zoho Zoho is subject to a DDoS attack. The attack starts on November the 4th and affects the company for one week. DDoS Industry: Email Service Provider CC US https://www.zoho.com/service-updates/blog/zoho-services-under-criminal-attack.html 12 04/11/2015 ? Touchnote The U.K.-based app for photo postcard service Touchnote notifies its registered customers that the company has been hacked and some personal information has possibly been compromised. Unknown Industry: Software CC UK http://www.scmagazine.com/touchnote-photo-site-breached-names-addresses-taken/article/452401/ 13 04/11/2015 ? ShowTix4U ShowTix4U, a Nevada based online ticket sales service used heavily in Central Wisconsin says it has had a data breach. Unknown Online Services CC US http://www.wsaw.com/home/headlines/ShowTix4U-ticket-website-customers-warned-following-data-breach--340023262.html 14 05/11/2015 ? Hushmail Hushmail experiences two unscheduled service outages resulting from distributed denial-of-service (DDoS) attacks. DDoS Industry: Email Service Provider CC CA https://help.hushmail.com/entries/107539976 15 05/11/2015 ? Runbox Runbox is subject to Distributed Denial of Service (DDoS) attacks. Even in this case the attackers demand a ransom to stop the waves of attack. DDoS Industry: Email Service Provider CC NO https://blog.runbox.com/2015/11/ddos-attacks-on-runbox/ 16 05/11/2015 ? Four Winds Casino Resort Four Winds Casino Resort reveals to have discovered a bank-card-stealing malware in its payment systems. Four properties are affected between October 2014 and October 21, 2015. PoS Malware Industry: Hotel and Resort CC US http://www.theregister.co.uk/2015/11/05/michigan_casino_credit_card_hack/ 17 05/11/2015 Crackas With Attitude
FBI Deputy Director Mark Giuliano The same teen hackers who infiltrated the email account of CIA Director John Brennan claim to have hacked an email account of FBI Deputy Director Mark Giuliano. Account Hijacking Single Individuals CC US http://www.scmagazine.com/crackas-with-attitude-say-theyre-at-it-again-claim-hack-of-fbi-deputys-email/article/452037/ 18 06/11/2015 CocaineSecurity Swedbank Swedbank is taken down by a DDoS attack A hacker called CocaineSecurity claims to have received a ransom. DDoS Finance CC SE http://www.theregister.co.uk/2015/11/06/swedbank_hit_by_ddos_attack/
19 06/11/2015 Armada Collective Neomailbox Neomailbox is taken down by a DDoS attack carried on by the Armada Collective, who also asks for a ransom. DDoS Industry: Email Service Provider CC CH http://www.neomailbox.com/about/news/305-ddos-attack 20 06/11/2015 Anonymous Ku Klux Klan Hacking collective Anonymous has released the identities of 1000 KKK members online. Unknown Organization: Politics H US http://www.zdnet.com/article/anonymous-exposes-identities-of-1000-kkk-members/ 21 06/11/2015 ? XAT
The UK social networking Xat (xat.com) is hacked and notifies the users that its database has been acquired by the attackers. Account Hijacking Social Network CC UK http://www.databreaches.net/uk-social-networking-site-xat-hacked-user-database-acquired-by-hackers/ 22 06/11/2015 Eggfather http://www.islandermania.com Eggfather hacks islandermania.com and dumps 8,525 usernames and hashed passwords. SQLi Online Forum CC US http://siph0n.in/exploits.php?id=4182 23 Eggfather http://www.lonestarspeedzone.com Eggfather hacks lonestarspeedzone.com and dumps 1,939 usernames and hashed passwords. SQLi Online Forum CC US http://siph0n.in/exploits.php?id=4181 24 Eggfather http://pixarra.com/ Eggfather hacks pixarra.com and dumps 8,525 usernames and hashed passwords. SQLi Industry: Software CC US http://siph0n.in/exploits.php?id=4180 25 Eggfather http://www.sikhawareness.com/ Eggfather hacks pixarra.com and dumps 4,520 usernames and hashed passwords. SQLi Online Forum CC US http://siph0n.in/exploits.php?id=4178 26 08/11/2015 ? Fastmail FastMail is hit by a DDoS attack that briefly make some services unavailable. A further attack is executed on Monday, 9 Nov. Both attacks are accompanied by an extortion demand that threaten further attacks if the company does not pay the attacker 20 Bitcoin (approximately US$7500). DDoS Industry: Email Service Provider CC AU http://blog.fastmail.com/2015/11/11/ddos-attack-may-lead-to-potential-service-disruption-this-week/ 27 08/11/2015 ? Brazilian Army The Brazilian Army's servers are hacked, resulting in personal details (National Insurance Numbers and passwords) of about 7,000 officers getting leaked. The attack appears to have been prompted as retaliation against the supposedly inappropriate conduct of an Army team during a "capture the flag" (CTF) cybersecurity competition at the government's Center for Cyber Defence. Unknown Military CC BR http://www.zdnet.com/article/brazilian-army-gets-hacked/ 28 08/11/2015 Crackas With Attitude
Joint Automated Booking System
Crackas With Attitude (CWA), the hackers who breached CIA director John Brennan's personal email account claims to have gained access to a law enforcement arrest database, known as the Joint Automated Booking System (JABS). Unknown Law Enforcement H US http://www.wired.com/2015/11/cia-email-hackers-return-with-major-law-enforcement-breach/#slide-1 29 08/11/2015 KelvinSecTeam http://aviacion.mil.ve KelvinSecTeam hacks the website of the Aviacion Militar Bolivariana (aviacion.mil.ve) and dumps 1,997 records. Unknown Military H VE http://pastebin.com/RzuxwLxF 30 09/11/2015 ? UK Parliament Computer Network The Times reveal that, in May, cybercriminals were able to break into parliament’s computer network, hijacked computers holding sensitive information and presented a ransom demand to Chi Onwurah, MP and shadow digital minister. Malware Government CC UK http://www.thetimes.co.uk/tto/news/uk/article4608292.ece 31 09/11/2015 HRG (His Royal Gingerness) Norwich International Airport
A hacker calling himself HRG (or His Royal Gingerness) hacks the Norwich International Airport's website (norwichairport.co.uk) and obtains the details of people registered on the website's media centre. SQLi Airport CC UK http://www.bbc.co.uk/news/uk-england-norfolk-34769924 32 10/11/2015 Orion Comcast Comcast resets 200k cleartext passwords, after a hacker known as Orion claims to have stolen the database and puts it on sale on the dark web. Nearly 590,000 users could have been compromised. Zimbra 0-day Industry: Telco CC US http://www.theregister.co.uk/2015/11/11/comcast_passwords_leak/ 33 10/11/2015 ? Spotify Newsweek reveals that over one thousand email addresses and passwords from the musing streaming app Spotify were leaked following a hack. Unknown Industry: Music CC SE http://www.newsweek.com/hundreds-spotify-accounts-leaked-apparent-hack-last-week-392696 34 10/11/2015 TAFE Queensland TAFE Queensland has experienced a breach that has seen the personal details of thousands of the state's TAFE students exposed. Unknown Education CC AU http://www.zdnet.com/article/queensland-tafe-student-data-exposed-in-hack/ 35 10/11/2015 ? http://fantasy.premierleague.com Malwarebytes reveals the details of a malvertising campaign targeting the website of fantasy.premierleague.com, potentially redirecting the users to a page hosting the Nuclear Exploit Kit. Malvertising Online Gaming CC UK https://blog.malwarebytes.org/malvertising-2/2015/11/official-premier-league-fantasy-website-site-pushes-malvertising/ 36 10/11/2015 ? Korea Advanced Institute of Science Technology
More than a dozen students and faculty at the Korea Advanced Institute of Science Technology (KAIST) have their credit card information stolen by a hacker who attempted to make payments in Japan. Unknown Education CC KR https://www.koreatimes.co.kr/www/news/nation/2015/11/116_190866.html 37 10/11/2015 Bravewanderer Brigham Young University
A hacker called bravewanderer hacks the Brigham Young University (byu.edu) and dumps 11,894 records. Unknown Education CC US http://pastebin.com/ctusqA92 38 10/11/2015 Eggfather http://engineerboards.com Eggfather hacks engineerboards.com and dumps 21,304 usernames and hashed passwords. SQLi Online Forum CC US http://siph0n.in/exploits.php?id=4195 39 10/11/2015 Eggfather http://www.c4forums.com Eggfather hacks c4forums.com and dumps 15,276 usernames and hashed passwords. SQLi Online Forum CC US http://siph0n.in/exploits.php?id=4194 40 10/11/2015 Eggfather http://forum.chumpcar.com Eggfather hacks forum.chumpcar.com and dumps 15,276 usernames and hashed passwords. SQLi Online Forum CC US http://siph0n.in/exploits.php?id=4193 41 10/11/2015 Eggfather http://www.mwcboard.com/ Eggfather hacks mwcboard.com and dumps 15,276 usernames and hashed passwords. SQLi Online Forum CC US http://siph0n.in/exploits.php?id=4192 42 11/11/2015 ? Securus Technologies An anonymous hacker leaks a vast collection containing metadata of over 70 million records of phone calls placed by prisoners to at least 37 US states and links to actual recordings for each call. The calls, allegedly leaked from Securus Technologies, span a nearly two-and-a-half year period, beginning in December 2011 and ending in the spring of 2014. Unknown Industry: Technology CC US https://theintercept.com/2015/11/11/securus-hack-prison-phone-company-exposes-thousands-of-calls-lawyers-and-clients/ 43 11/11/2015 ? Ammyy The installer of the remote desktop software Ammyy is compromised and distributes the tools used by the Buhtrap gang to spy on and control their victims’ computers. Malware Industry: Software CC RU http://www.welivesecurity.com/2015/11/11/operation-buhtrap-malware-distributed-via-ammyy-com/ 44 11/11/2015 Fallaga Team Jewish Free School
The Tunisian Fallaga Team defaces the website of Europe’s largest Jewish school, JFS, posting a message that calls for an end to Islamophobia and aggression against Muslims. Defacement Education H UK https://www.rt.com/uk/321597-islamist-hackers-jewish-school/ 45 11/11/2015 Fruityhax http://laptopmania.co.uk/ A hacker called Fruityhax hacks laptopmania.co.uk and dumps 1500 usernames and hashed passwords. SQLi Industry: E-Commerce CC UK http://siph0n.in/exploits.php?id=4197 46 11/11/2015 ? The Training Room
An unknown hacker hacks thetrainingroom.com and dumps 1,141 records with usernames and hashed passwords. SQLi Education CC US http://pastebin.com/sWa06kV0 47 12/11/2015 Anonymous Unknown Individual Halifax police forced to re-open investigation in a sexual assault case after Anonymous exposes the identity of the alleged culprit. Unknown Single Individual H CA https://www.hackread.com/anonymous-exposes-identity-of-alleged-halifax-rapist/ 48 13/11/2015 ? https://grahamcluley.com The website of the security blogger Graham Cluley (https://grahamcluley.com) is taken down by a DDoS attack. DDoS News CC UK https://grahamcluley.com/2015/11/cluley-ddos-attack/ 49 14/11/2015 ? Tor Network Reports emerge of possible DDOS attacks being directed at Tor exit nodes DDoS Tor Network CC N/A https://www.deepdotweb.com/2015/11/14/possible-large-scale-ddos-attacks-on-tor-exit-nodes 50 15/11/2015 ? Fashion to Figure
Fashion to Figure notifies customers of a breach involving malware inserted on their web host’s server Malware Industry: Retail CC US http://www.databreaches.net/fashion-to-figure-notifying-customers-of-payment-card-compromise/ 51 15/11/2015 ? Noble House Hotels and Resorts Luxury hotel chain Noble House Hotels and Resorts notifies customers of a breach in six properties they uncovered in the wake of reports by customers of fraudulent charges on payment cards. Malware Industry: Hotel and Resort CC US http://www.databreaches.net/noble-house-hotels-and-resorts-notifies-customers-at-six-luxury-hotels-of-payment-card-breach/