It’s been another active week in the hacking world. At least 237,234 records were obtained by hackers from the Stevens Institute of Technology, German Federal Police, Kiplinger Washington Editors Inc., Toshiba Corporation, the National Assembly of Pakistan, Booz Allen Hamilton, and Monstanto Company. The hacking movement has not lost momentum.
|237,234 Records Breached: Operation AntiSec Continues, Operation Green Rights Begins|
Last Thursday, the Stevens Institute of Technology was hacked by @p0keu. At least part of its database leaked on PasteBin containing 31 records with the full names of users, email addresses, and plain text passwords. As a side note, never ever ever store passwords in plain text in a database. There is absolutely no need.
Last Friday, the Geman Federal Police (Bundespolizei) was hacked by the group NN-Crew. Information of GPS location coordinates, license plate numbers, suspects’ telephone numbers, and the usernames and passwords of police officers was collected and on their website. The Bundespolizei stated that no investigation data was published and that the data obtained was from a server for customs officials that is used with the PATRAS tracking system, which has now been temporarily shut down.
Last Saturday, Kiplinger Washington Editors revealed that 142,000 records of usernames, emails, passwords, and encrypted credit card numbers were obtained by hackers, as a Bloomberg article notes. Doug Harbrecht, a director at the company, said that the two-week delay was due to an investigation run by a third party organization in coordination with the FBI. The director stated, “‘Part of the problem is we still don’t know exactly what the hackers got’,” but they don’t believe it poses any threat.
This past Monday was a particularly exciting day. The Toshiba America Consumer Products (TACP) website (tacp.com or tacp.toshiba.com) was hacked by a hacker named V0iD. According to the DataLossDB there were 11 admin emails and plain text passwords, 784 user emails and plain text passwords, and the names, emails, and plain text passwords of more than two dozen resellers. According to an article by Softpedia, there were 14 user tables, one containing 5,203 records, though he only pasted a total of 800 accounts on PasteBin. V0iD also hacked the National Assembly of Pakistan posting the usernames and passwords of 7 admin accounts and the phone numbers of 13 accounts on PasteBin.
Perhaps the most significant breach was Booz Allen Hamilton, a government defense contractor. According to one article there were 90,000 accounts leaked of people involved in anything from “US CENTCOM, SOCOM, the Marine Corps, various Air Force facilities, Homeland Security, State Department staff, and what looks like private sector contractors.” The group Anonymous posted on Twitter a link to download the 130.5 MB torrent of data. The company released a statement Tuesday on their website confirming the breached data, that they are investigating the issue, and do not believe the breach extended beyond information used by a learning management system for a government agency.
And, perhaps the most interesting, is the recent attack on Monsanto, which supposedly is the beginning of Operation Green Rights, Project Tarmageddon. The project is to target companies responsible for global environmental issues like “Exxon Mobil, ConocoPhillips, Canadian Oil Sands Ltd., Imperial Oil, the Royal Bank of Scotland, and many others,” according to their press release and a video posted on YouTube. According to a CNET article the names, addresses, phone numbers, and place of work of 2,5000 individuals were posted on PasteBin. Their post states they are attacking Monstanto ecause of their “downright evil business practices.” According to the CNET article this act was specifically “to protest lawsuits the company filed against organic dairy farmers for stating on labels that their products don’t contain growth hormones.”
Apart from data breaches, there were an number of websites taken down as well, including ircfederal.com, hbgaryfederal.com, and rootkit.com through DDoS attacks by Anonymous. There were 265 Brazilian websites hacked by tota-x who posted the list on PasteBin, and 808 Indian websites hacked by ZHC MongOse & ZHC Toshiro who also posted a list on PasteBin.
Though we had previously mentioned LulzSec has quit operating, a tweet from them yesterday states, “If @pastebin reaches 75,000 followers we’ll engage in a mystery operation that will cause mayhem.” PasteBin posted on Twitter that they have noticed such a change that they have made a followers graph on their site. One tweet exclaims, “@pastebin now has 10.000+ followers. That is 7000 more than this morning when I woke up!” It is a very vibrant hacking climate, the Jester is chasing Sabu from Anonymous, CNET has made a Google Spreadsheet to keep up with the hacks, and Rupert Murdoch has shut down the 168-year-old paper and abandoned his bid on British Sky Broadcasting (BSkyB) because of his involvement with an extensive phone hacking scandal.