We cover your cyber assets.
Founded in 1995.

Default View

WHID 2010-158: National Space Agency of the Republic of Kazakhstan was hacked
Entry Title: WHID 2010-158: National Space Agency of the Republic of Kazakhstan was hacked WHID ID: WHID 2010-158 Date Occured: July 18, 2010 Outcome: Death Incident Description: On the 18th of July the hack-world.org group using an SQL Injection attack obtained access to the administration section of the National Space Agency of the Republic of Kazakhstan. Obtaining access to the administration system of the site was facilitated by the fact that administrators used weak passwords that allowed local recovery using MD5 hash. Currently, the site is under reconstruction. Attack Source Geography: Russia Attacked Entity Field: Government Attacked Entity Geography: Kazahtan Reference: <a href="http://habrahabr.ru/blogs/infosecurity/99736/">http://habrahabr.ru/blogs/infosecurity/99736/</a>

WHID 2010-157: Facebook Full Disclosure
Entry Title: WHID 2010-157: Facebook Full Disclosure WHID ID: WHID 2010-157 Date Occured: July 20, 2010 Outcome: Disclosure Only Incident Description: apps.facebook.com website hacked via SQL Injection. Attack Source Geography: Attacked Entity Field: Internet Attacked Entity Geography: Reference: <a href="http://sla.ckers.org/forum/read.php?16,35138,35138#msg-35138">http://sla.ckers.org/forum/read.php?16,35138,35138#msg-35138</a>

WHID 2010-156: The Russian Railways tickets site was hacked
Entry Title: WHID 2010-156: The Russian Railways tickets site was hacked WHID ID: WHID 2010-156 Date Occured: July 21, 2010 Outcome: Defacement Incident Description: Unknown attackers hack the official site of "Russian Railways" company. As a result, web pages were replaced by hackers’ messages. The site was temporary blocked; now it is resumed but some pages are still unavailable, "Buying Train Tickets" web page is among them (ticket.rzd.ru). No details about personal data leakage is now available. Attack Source Geography: Attacked Entity Field: Transport Attacked Entity Geography: Russia Reference: <a href="http://www.uinc.ru/news/sn14165.html">http://www.uinc.ru/news/sn14165.html</a>

WHID 2010-155: S. Korean Gov't Websites Hit by Hacker Attacks
Entry Title: WHID 2010-155: S. Korean Gov't Websites Hit by Hacker Attacks WHID ID: 2010-155 Date Occured: July 7, 2010 Outcome: Downtime Incident Description: Official websites of South Korean government agencies, including the presidential office and the foreign ministry, came under hacker attacks Wednesday, a national telecom regulator said. According to the state-run Korean Communications Commission ( KCC), the websites of government agencies, such as the presidential office Cheong Wa Dae, the Ministry of Foreign Affairs and Trade, and private firms, including the leading Internet search engine Naver, Nonghyup Bank and the Korean Exchange Bank, were hit by the so-called distributed denial-of-service (DDoS) attacks from around local time 6:00 p.m. (0900 GMT) Wednesday. Attack Source Geography: Attacked Entity Field: Government Attacked Entity Geography: South Korea Reference: <a href="http://english.cri.cn/6966/2010/07/07/1461s581567.htm">http://english.cri.cn/6966/2010/07/07/1461s581567.htm</a>

WHID 2010-154: Justin Bieber My World Tour Contest Hacked
Entry Title: WHID 2010-154: Justin Bieber My World Tour Contest Hacked WHID ID: 2010-154 Date Occured: July 2, 2010 Outcome: Disinformation Incident Description: That was but a preliminary skirmish – they’ve come up with a much more damaging plan – to send Bieber to North Korea. Foolish, foolish Bieber has started a competition for countries to vote for him to come and tour them. Called the Justin Bieber My World Tour Contest, it has now been thoroughly highjacked by Anonymous – at the time of writing, North Korea is in second place by only a few thousand votes. Unless the current leader Israel can get its act together, it should be overtaken by lunchtime. Attack Source Geography: Attacked Entity Field: Entertainment Attacked Entity Geography: USA Reference: <a href="http://blogs.independent.co.uk/2010/07/02/the-plot-to-send-justin-bieber-to-north-korea/">http://blogs.independent.co.uk/2010/07/02/the-plot-to-send-justin-bieber-to-north-korea/</a>

WHID 2010-153: App Store, Hacked.
Entry Title: WHID 2010-153: App Store, Hacked. WHID ID: 2010-153 Date Occured: July 4, 2010 Outcome: Monetary Loss Incident Description: This article began with details of one specific app developer hacking iTunes users accounts and purchasing their own apps using those accounts – making it to the top of the iTunes charts. As the story has developed it appears to be far more widespread than just that one particular developer and his apps…the Apple App store is filled with App Farms being used to steal. We’ve put together a complete list of all the facts and updates to this story here which we high recommend you read instead of this article. Apple has also now released a statement about the matter. Attack Source Geography: Attacked Entity Field: Retail Attacked Entity Geography: USA Reference: <a href="http://thenextweb.com/apple/2010/07/04/app-store-hacked/">http://thenextweb.com/apple/2010/07/04/app-store-hacked/</a>

WHID 2010-152: The Pirate Bay hacked
Entry Title: WHID 2010-152: The Pirate Bay hacked WHID ID: 2010-152 Date Occured: July 5, 2010 Outcome: Disclosure Only Incident Description: According to an advisory posted on the web site of Argentinian group of security researchers, they were able to obtain access to the Pirate Bay’s administration panel, by discovering multiple SQL injections, leading to the exposure of emails, MD5 hashes for passwords, and the IP address for any particular Pirate Bay user. Attack Source Geography: Argentina Attacked Entity Field: Internet Attacked Entity Geography: Sweden Reference: <a href="http://krebsonsecurity.com/2010/07/pirate-bay-hack-exposes-user-booty/">KrebsOnSecurity.com</a>

WHID 2010-151: YouTube Hacked
Entry Title: WHID 2010-151: YouTube Hacked WHID ID: 2010-151 Date Occured: July 4, 2010 Outcome: Defacement Incident Description: Today, members of the Internet communities 4chan and other enterprising computer whizzes hacked YouTube using a vulnerability in the site’s comment system. While the hack was used on a variety of videos, striking music videos featuring teen pop idol Justin Bieber was the most popular activity. Twitter lit up with complaints about the problem, Google support got some concerned posts on its forum, and we received tips in our inbox. The event caused quite a Sunday-morning stir. The bug allowed users to inject HTML (the code that most websites are built with) that could be executed on the site, whereas HTML within comments is supposed to be restricted. The hackers did everything from force pop-up messages to appear over the site declaring that it had been hacked to redirecting Bieber video pages to sites hosting pornography and malware. Attack Source Geography: Attacked Entity Field: Web 2.0 Attacked Entity Geography: USA Reference: <a href="http://www.acunetix.com/blog/web-security-zone/articles/dangerous-xss-vulnerability-found-on-youtube-the-vulnerability-explained/">http://www.acunetix.com/blog/web-security-zone/articles/dangerous-xss-vulnerability-found-on-youtube-the-vulnerability-explained/</a>

WHID 2010-150: At least four Armenian websites were attacked by Azerbaijani hackers
Entry Title: WHID 2010-150: At least four Armenian websites were attacked by Azerbaijani hackers WHID ID: 2010-150 Date Occured: July 3, 2010 Outcome: Defacement Incident Description: At least four Armenian websites were attacked by Azerbaijani hackers during a week. On July 2, the websites of Henaran.am press club (Henaran.am) and Armenia's Sambo Federation (sambo.am) were hacked to place Azerbaijan's flag and references to Azerbaijani media on them. Meanwhile, the websites' operation has already been resumed. Besides, on June 29, hackers attacked Azdagir.am site of announcements again to place the Azerbaijani flag on it, as well as information on the January 20, 1990, events in Baku. On June 30, the owner of psyarmenia.com website told PanARMENIAN.Net that the site on psychology was hacked and a poster on "Armenian terror" was placed on it. Currently, the two websites do not operate. Attack Source Geography: Attacked Entity Field: Government Attacked Entity Geography: Armenia Reference: <a href="http://www.panarmenian.net/eng/it_telecom/news/50897/At_least_four_Armenian_websites_were_attacked_by_Azerbaijani_hackers">http://www.panarmenian.net/eng/it_telecom/news/50897/At_least_four_Armenian_websites_were_attacked_by_Azerbaijani_hackers</a>

WHID 2010-149: Identity Stolen Through X-Box Live
Entry Title: WHID 2010-149: Identity Stolen Through X-Box Live WHID ID: 2010-149 Date Occured: July 3, 2010 Outcome: Monetary Loss Incident Description: Rosalinda Gonzalez's bought the X-Box 360 console for her sons. They enjoy playing the video games and using the live service where they can connect with players from around the world. In order to purchase the monthly live membership, Gonzalez entered her credit card information to her son's online profile. It is suppose to be kept private but Gonzalez says her son's profile was hacked by a computer whiz. The man changed her son's password, stole game points and started making purchases using her credit card information. She says her boys actually spoke to the hacker through X-Box live. The man admitted to stealing other people's personal information too. Attack Source Geography: Attacked Entity Field: Entertainment Attacked Entity Geography: USA Reference: <a href="http://www.krgv.com/content/news/story/Identity-Stolen-Through-X-Box-Live/vKZIV1Rboki6lngI78Qf_w.cspx">http://www.krgv.com/content/news/story/Identity-Stolen-Through-X-Box-Live/vKZIV1Rboki6lngI78Qf_w.cspx</a>

WHID 2010-148: AsSeenOnTV SQL injection into corporate web server exposed credit card information of customers
Entry Title: WHID 2010-148: AsSeenOnTV SQL injection into corporate web server exposed credit card information of customers WHID ID: 2010-148 Date Occured: June 29, 2010 Outcome: Planting of Malware Incident Description: AsSeenOnTV website hacked via SQL Injection and planted malware. Attack Source Geography: Attacked Entity Field: Retail Attacked Entity Geography: USA Reference: <a href="http://datalossdb.org/incidents/2953">http://datalossdb.org/incidents/2953</a>

WHID 2010-147: Biggest blog company Skyblog hacked 32,000,000 accounts stolen
Entry Title: WHID 2010-147: Biggest blog company Skyblog hacked 32,000,000 accounts stolen WHID ID: 2010-147 Date Occured: May 19, 2010 Outcome: Leakage of Information Incident Description: Earlier this week, IT staff Skyrock / Skyblog audit its servers, an old classic that can trace bugs and small technical malfunctions. Except this time, the "bug" seems to be much more serious. A filenamed "hello"and some scripts are discovered on a server. Neither one, nor two, the alert is triggered. A more complete audit is implemented. It is then discovered that an intrusion has been orchestrated from a backdoor downloaded via a service misconfigured (Waka) "Download". From this facility, malicious, or the pirates have certainly got their hands on more than 32 million accounts skyblogueurs. It seems that the intruder will be difficult to trace. He crushed the logs after its passage. A ip appears, however, it resulted in a proxy, based in England. The drafting of ZATAZ.COM could know the exact date of the intrusion. Attack Source Geography: Attacked Entity Field: Blogs Attacked Entity Geography: France Reference: <a href="http://datalossdb.org/incidents/2948">http://datalossdb.org/incidents/2948</a>

WHID 2010-146: Hacking ring busted over test scores
Entry Title: WHID 2010-146: Hacking ring busted over test scores WHID ID: 2010-146 Date Occured: June 29, 2010 Outcome: Disinformation Incident Description: Police in Jinan, Shandong Province arrested several members of a ring that hacked into education websites to change test scores and forge credentials for cash. Attack Source Geography: China Attacked Entity Field: Education Attacked Entity Geography: China Reference: <a href="http://english.people.com.cn/90001/90776/90882/7044956.html">http://english.people.com.cn/90001/90776/90882/7044956.html</a>

WHID 2010-145: Hacker tries to manipulate Maine's legislative website
Entry Title: WHID 2010-145: Hacker tries to manipulate Maine's legislative website WHID ID: 2010-145 Date Occured: June 29, 2010 Outcome: Planting of Malware Incident Description: The state's online database of legislative activity has been taken offline because of an attempt by an unknown hacker to manipulate the website's coding. On Thursday, the Legislature's information technology officials shut down the website's bill status function, which allows users to follow legislation such as roll calls, committee votes, amendments and fiscal notes. The manipulated code inserted the addresses of extraneous websites that could have exposed users' computers to harm if they clicked on the links, said Scott Clark, director of information technology for the Legislature. Attack Source Geography: Attacked Entity Field: Government Attacked Entity Geography: Maine Reference: <a href="http://www.pressherald.com/news/hacker-tries-to-manipulate-legislative-website-_2010-06-29.html">http://www.pressherald.com/news/hacker-tries-to-manipulate-legislative-website-_2010-06-29.html</a>

WHID 2010-144: Hackers Steal $465,000 from Escrow Firm
Entry Title: WHID 2010-144: Hackers Steal $465,000 from Escrow Firm WHID ID: 2010-144 Date Occured: June 29, 2010 Outcome: Monetary Loss Incident Description: A total of $465,000 was recently stolen from California-based Village View Escrow via 26 consecutive wire transfers. "Owner Michelle Marisco said her financial institution at the time -- Professional Business Bank of Pasadena, Calif. -- normally notified her by e-mail each time a new wire was sent out of the company’s escrow account," writes Krebs on Security's Brian Krebs. "But the attackers apparently disabled that feature before initiating the fraudulent wires." "Marisco said that a few days before the theft, she opened an e-mail informing her that a UPS package she had been sent was lost, and urging her to open the attached invoice," Krebs writes. "Nothing happened when she opened the attached file, so she forwarded it on to her assistant who also tried to view it. The invoice was in fact a Trojan horse program that let the thieves break in and set up shop and plant a password-stealing virus on Marisco’s computer, and on the PC belonging to her assistant -- the second person needed to approve transfers." Attack Source Geography: Attacked Entity Field: Finance Attacked Entity Geography: California Reference: <a href="http://www.esecurityplanet.com/headlines/article.php/3890291/article.htm">http://www.esecurityplanet.com/headlines/article.php/3890291/article.htm</a>

WHID 2010-143: Whirlpool Repeatedly Hit by DDoS Attacks
Entry Title: WHID 2010-143: Whirlpool Repeatedly Hit by DDoS Attacks WHID ID: 2010-143 Date Occured: June 29, 2010 Outcome: Downtime Incident Description: Australian broadband news website Whirlpool.net.au was the target of several Distributed Denial of Service (DDoS) attacks this morning. The hosting provider moved quickly to mitigate, but attackers evaded the restrictions, causing an aggregated downtime of around ten hours. Whirlpool.net.au is one of the most trafficked Australian websites, housing a community of over 350,000 registered users. It was started twelve years ago as a place to discuss Internet broadband services in the country, but has since evolved into a full-blown news website covering the telecommunications industry. "Bulletproof received monitoring alerts of packet loss at 12:45 am. We identified it as a classic denial-of-service attack being targeted at Whirlpool. We immediately blocked Whirlpool IP addresses to observe it better and then we were able to track down that it was originating from Denmark and the United States," Lorenzo Modesto, chief operating officer at Bulletproof Networks, the company hosting Whirlpool, commented for ZDNet Australia. Attack Source Geography: Denmark Attacked Entity Field: Media Attacked Entity Geography: Australia Reference: <a href="http://news.softpedia.com/news/Whirlpool-Repeatedly-Hit-by-DDoS-Attacks-145629.shtml">http://news.softpedia.com/news/Whirlpool-Repeatedly-Hit-by-DDoS-Attacks-145629.shtml</a>

WHID 2010-142: Hackers vandalise 200 web sites, cripple 150
Entry Title: WHID 2010-142: Hackers vandalise 200 web sites, cripple 150 WHID ID: 2010-142 Date Occured: June 28, 2010 Outcome: Downtime Incident Description: The web sites of more than a whopping 200 Australian organisations were hijacked and vandalised in a spate of hacks last week. In the largest single attack, a hacker gained administrative access to the Direct Admin server management system used by a hosting provider, who Computerworld Australia will not name, and suspended 159 accounts rendering their web sites inaccessible to the public. The suspension notification page was then defaced with the hackers’ moniker and religious propaganda. The hack was launched through a flaw created after an automatic patch of the admin system failed to complete. Attack Source Geography: Attacked Entity Field: Hosting Providers Attacked Entity Geography: Australia Reference: <a href="http://www.computerworld.com.au/article/351360/hackers_vandalise_200_web_sites_cripple_150/">http://www.computerworld.com.au/article/351360/hackers_vandalise_200_web_sites_cripple_150/</a>

WHID 2010-141: Virginia Right! Under Fire Yesterday With DDOS Attack
Entry Title: WHID 2010-141: Virginia Right! Under Fire Yesterday With DDOS Attack WHID ID: 2010-141 Date Occured: June 27, 2010 Outcome: Downtime Incident Description: Sorry for the outage yesterday between 8:00 AM and 7:00 PM. Virginia Right! was under attack with a Distributed Denial of Service. Part of the problem in resolving the issue is the fact that Virginia Right! is on a shared hosting server with many hosts using the same IP address. The first thing that has to be determined is which domain is under attack. They do this by temporarily assigning a static IP address to each site hosted on the server (as opposed to all of us sharing the same address). When they were done, everyone came back up except – Virginia Right!. So the attacks were specifically directed at us! Attack Source Geography: Attacked Entity Field: Blogs Attacked Entity Geography: Virginia, USA Reference: <a href="http://beforeitsnews.com/news/87/162/Virginia_Right_Under_Fire_Yesterday_With_DDOS_Attack.html">http://beforeitsnews.com/news/87/162/Virginia_Right_Under_Fire_Yesterday_With_DDOS_Attack.html</a>

WHID 2010-140: Hackers fleece online poker players
Entry Title: WHID 2010-140: Hackers fleece online poker players WHID ID: 2010-140 Date Occured: June 28, 2010 Outcome: Monetary Loss Incident Description: Police arrested 33 hackers who used a “distribution of denial of service” program to cheat online poker players out of 55 million won ($45,265) from last November through May. The hackers, led by 30-year-old Yu and 29-year-old Kim, were booked without detention on charges of gaining illegal profits. The Cyber Terror Response Center in Gyeonggi said the gang used a DDOS attack to infect 11,000 computers at 700 PC rooms across the country. Police said Yu bought the “Netbot Attacker” program from a Chinese hacker last November, then sold copies online to Kim and others. The gang broke into the administrative systems of the PC rooms and installed the virus in their computers to allow them to see the hands of poker opponents. Attack Source Geography: Attacked Entity Field: Entertainment Attacked Entity Geography: Korea Reference: <a href="http://joongangdaily.joins.com/article/view.asp?aid=2922391">http://joongangdaily.joins.com/article/view.asp?aid=2922391</a>

WHID 2010-139: Twitter XSS Vulnerability Possibly Exploited by Turkish Hackers
Entry Title: WHID 2010-139: Twitter XSS Vulnerability Possibly Exploited by Turkish Hackers WHID ID: 2010-139 Date Occured: June 28, 2010 Outcome: Defacement Incident Description: Dimitris Pagkalos, one of the founders of the XSSed, a project that maintains an archive of XSS flaws and raises awareness about this type of Web vulnerability, notes that Twitter's security team promptly addressed the bug. However, he suggests the vulnerability might have been used in an earlier attack that made a rogue status reading "Hacked By Turkish Hackers" appear on almost one thousand Twitter profiles. Attack Source Geography: Turkey Attacked Entity Field: Web 2.0 Attacked Entity Geography: USA Attacked System Technology: Twitter Reference: <a href="http://news.softpedia.com/news/Twitter-XSS-Vulnerability-Possibly-Exploited-by-Turkish-Hackers-145594.shtml">http://news.softpedia.com/news/Twitter-XSS-Vulnerability-Possibly-Exploited-by-Turkish-Hackers-145594.shtml</a>

WHID 2010-138: Personal data accessed on Blue Cross website
Entry Title: WHID 2010-138: Personal data accessed on Blue Cross website WHID ID: 2010-138 Date Occured: June 23, 2010 Outcome: Leakage of Information Incident Description: In a written statement, Anthem Blue Cross explained how the breach occurred: "The ability to manipulate the web address (URL) was available for a relatively short period of time following an upgrade to the system. After the upgrade was completed, a third party vendor validated that all security measures were in place, when in fact they were not. As soon as the situation was discovered, we made the necessary security changes to prevent it from happening again." Attack Source Geography: Attacked Entity Field: Health Attacked Entity Geography: Reference: <a href="http://www.ocregister.com/articles/information-254735-security-anthem.html">http://www.ocregister.com/articles/information-254735-security-anthem.html</a>

WHID 2010-137: Persistent XSS on Twitter.com
Entry Title: WHID 2010-137: Persistent XSS on Twitter.com WHID ID: 2010-137 Date Occured: June 24, 2010 Outcome: Defacement Incident Description: Twitter user 0wn3d_5ys has demonstrated a persistent cross site scripting (XSS) vulnerability on Twitter he found on June 21st using his own Twitter account (visit at your own risk) that appears to be due to a lack of input validation of the application name field when accepting new requests for Twitter applications. Visiting his account on Twitter results in a pair of classic cross site scripting alert boxes, then your browser is manipulated, finally you enter the matrix (see below), and get messages from the researcher who found the vulnerability. Attack Source Geography: Attacked Entity Field: Web 2.0 Attacked Entity Geography: USA Attacked System Technology: Twitter Reference: <a href="http://praetorianprefect.com/archives/2010/06/persistent-xss-on-twitter-com/">http://praetorianprefect.com/archives/2010/06/persistent-xss-on-twitter-com/</a>

WHID 2010-136: Hotel account hacked, card info stolen
Entry Title: WHID 2010-136: Hotel account hacked, card info stolen WHID ID: 2010-136 Date Occured: June 23, 2010 Outcome: Credit Card Leakage Incident Description: Dozens of Driskill Hotel customers' credit card information has been stolen. Hackers in Europe were able to break into the hotel's parent company's website and steal the information. There are more than 700 victims nationwide. Attack Source Geography: Attacked Entity Field: Hospitality Attacked Entity Geography: Austin, TX Reference: <a href="http://www.kxan.com/dpp/news/hotel-account-hacked,-card-info-stolen">http://www.kxan.com/dpp/news/hotel-account-hacked,-card-info-stolen</a>

WHID 2010-135: Another round of Asprox SQL injection attacks
Entry Title: WHID 2010-135: Another round of Asprox SQL injection attacks WHID ID: 2010-135 Date Occured: June 23, 2010 Outcome: Planting of Malware Incident Description: Earlier this month, we reported on a new variant of Asprox malware which was being spammed out by the Pushdo botnet. At that time, the Asprox executables we analyzed were purely sending spam. However, a few days after our post, we noticed reports of mass infections of IIS/ASP websites. The nature of these attacks reminded us of SQL injection attacks back in 2008 where Asprox was clearly involved. We suspected that the re-emergence of Asprox and these new mass website infections were not merely a coincidence. Well, this week our suspicions were confirmed when we came across another version of Asprox which started to launch both spam and SQL injection attacks. Attack Source Geography: Attacked Entity Geography: Reference: <a href="http://www.m86security.com/labs/i/Another-round-of-Asprox-SQL-injection-attacks,trace.1366~.asp">http://www.m86security.com/labs/i/Another-round-of-Asprox-SQL-injection-attacks,trace.1366~.asp</a>

WHID 2010-134: Major hack of Israeli Twitter accounts
Entry Title: WHID 2010-134: Major hack of Israeli Twitter accounts WHID ID: 2010-134 Date Occured: June 22, 2010 Outcome: Defacement Incident Description: According to Mikko Hyponnen, chief research officer with F-Secure, more than 1000 accounts on the microblogging social networking service were hacked within the space of 12 hours, each of them broadcasting the message: "Hacked by Turkish Hackers." In a security blog posting made last night, Hyponnen said that, although the exploit mechanism is unclear, most of the compromised accounts "seem to seem to belong to Israeli Twitter users." Attack Source Geography: Turkey Attacked Entity Field: Web 2.0 Attacked Entity Geography: Israel Attacked System Technology: Twitter Reference: <a href="http://www.infosecurity-magazine.com/view/10426/major-hack-of-israeli-twitter-accounts-/">http://www.infosecurity-magazine.com/view/10426/major-hack-of-israeli-twitter-accounts-/</a>