Warner Bros, China Telecom and US Navy Hacks

Tuesday, June 05, 2012

Pierluigi Paganini

03b2ceb73723f8b53cd533e4fba898ee

(Translated from the original Italian)

What's happening while the world's attention is on the Flame malware?

Cyberspace is a very turbulent place where groups of hackers daily attack governments and private industry.

Governments, hacktivists, and cyber criminals are opposing forces facing each other on the same board in a game of chess where the outcome is unpredictable and there is no shortage of twists. 

Stuxnet and Flame are striking examples of cyber offensive operations, and let's not forget the numerous 0-day that are being discovered daily, sold, and exploited for money or power.

The moments just after events like the Flame case are dominated by confusion, news hype, and denials which are spread in the press and on the internet while the cyber battle is still continuing.

Well, let’s see what has really happened in the shadow of the Flame, since we have registered a couple of very meaningful attacks that demonstrate that it is possible to let our guard down.

A bombastic news piece was published on the Internet regarding the hacks made by a group that have broken into the networks of Warner Bros. and China Telecom. As usual, there was the publishing of documents and login credentials stolen during the attacks.

The group known as SwaggSec (Swagg Security) announced the hack on Twitter and publishing messages on Pastebin with links to the stolen files on Pirate Bay, following the Anonymous movement's style.

(click image to enlarge)

(click image to enlarge)

The group is not new to similar exploits, as in February they hacked Foxconn stealing usernames, passwords, and other private information. This time the group claims to have stolen more than 900 admin credentials during the hack of China Telecom.

"China Telecom's SQL server had an extremely low processing capacity, and with us being impatient, after about a month straight of downloading, we stopped,"

the Pastebin post said.

"However, a few times we accidentally DDoS'd their SQL server. I guess they thought nothing of it, until we left them a little message signed by SwaggSec."

The group also left a scaring message:

"At any moment, we could have and still could destroy their communication infrastructure leaving millions without communication,"

The situation was different in the case of the hack of Warner Bros., a very simple attack due to a low level of security in the IT infrastructure of the company.

It seems that the company was aware of the principal vulnerabilities in their systems, and lack of patching opened the way to the exploit. The hackers discovered in the Warner Bros network a presentation, prepared by the Technical Operations department, for a security audit.

The group declared:

"When we hacked their intranet, we were surprised to see their IT department's well documented 'confidential' data about the 'critical vulnerabilities' on their servers and sites... However, their IT department's ignorance to fix any of the vulnerabilities they were aware about, granted us complete access to their servers."

According to rumors, it is incredible the long list of vulnerabilities enumerated, mainly the lack of appropriate authentication processes to control the accesses to reserved areas. The main concern is that many of the discovered vulnerabilities could be used in the near future against the company, considering  the size of the company it is quite difficult to fix all the vulnerabilities found before they will be exploited.

In both hacks we have discussed we must consider the future impact on the infrastructure of the victims, information stolen for example could be used to further a phishing attack against the organizations.

And while private industry was under attack, the same fate befell the military sector when a hacker called Comrade (.c0mrade) claimed to have breached the US Navy's official site and stolen a partial list of personal information and data, then publishing them on Pastebin.

(click image to enlarge)

The hacker in this case is apparently motivated by different intents, he desires to demonstrate that the system is not secure:

"I'm going to be gracious here and not release the rest of the database as it features far more updated content," the hacker said. "Yes, we had complete control of the server a couple of summers ago, and yes, this can easily be retained, but frankly, I've got mad respect for anybody serving our country. The sole purpose of this intrusion was to let the government know that nothing is impenetrable."

Many experts are afraid that the hacker could expose in the future the remaining credentials not yet published, and the breach highlighted the weakness of the previously used passwords. Comrade is also responsible for the hack of the Brazilian virtual Habbo Hotel website, an online game that implements a virtual world and a social networking site aimed at teenagers.

The events described demonstrate how much harm could be done by a cyber attack on the private and military sectors, and the scenarios are characterized by inefficient levels of security that could open the doors to future attacks compromising the companies or the security of a governments organization.

Both companies and the US Navy were victims of a data breach with demonstrative intent, but it must considered that similar incidents could allow cyber espionage activities, a terrifying scenario we have already seen.

Cross-posted from Security Affairs

Possibly Related Articles:
9042
Network->General
Information Security
breaches Attacks Network Security Hacktivist hackers Navy Warner China Telecom SwaggSec
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.