SpiderLabs Blog

Latest Web Hacking Incident Database (WHID) Entries (3)

Written by Ryan Barnett | Apr 25, 2011 6:27:00 AM

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) Web Hacking Incident Database (WHID) Project.

 

WHID 2011-84: Hackers access personal info of Lancaster County students

  • Entry Title: WHID 2011-84:Hackers access personal info of Lancaster County students
  • WHID ID: 2011-84
  • Date Occurred: April 20, 2011
  • Attack Method: SQL Injection
  • Application Weakness: Improper Input Handling
  • Outcome: Leakage of Information
  • Attacked Entity Field: Education
  • Attacked Entity Geography: South Carolina
  • Incident Description: LANCASTER, S.C. -- The Lancaster County School District says hackers may have stolen the personal information of 25,000 students in the district's database.
    Schools officials are now trying to contact everyone who might have been affected. Information stored in the database goes back 10 years.
  • Mass Attack: No
  • Reference: http://www.wcnc.com/news/local/Personal-Information-of-Thousands-exposed-to-Internet-Hackers-120316064.html
  • Number of Records: 25,000
 

WHID 2011-83: Minn. man accused of hacking Facebook accounts

  • Entry Title: WHID 2011-83: Minn. man accused of hacking Facebook accounts
  • WHID ID: 2011-83
  • Date Occurred: April 21, 2011
  • Attack Method: Social Engineering
  • Application Weakness: Insufficient Password Recovery
  • Outcome: Account Takeover
  • Attacked Entity Field: Web 2.0
  • Incident Description: Prosecutors have accused a Minnesota man of hacking into other people's Facebook and other computer accounts and stealing photos of women to post on adult websites.
    Prosecutors charged Timothy Peter Noirjean, 26, of Woodbury, with 13 counts of identity theft, alleging that from February 2010 through March 2010 he contacted women online and duped them into providing him with personal information that allowed him to hack their Facebook and other accounts. After hacking a Facebook account, prosecutors say Noirjean would pose as the owner to make contact with that person's friends and try to gain access to more computer accounts.
    Read more: http://www.foxnews.com/us/2011/04/20/minn-man-accused-hacking-facebook-accounts/#ixzz1KBSiqxBX
  • Mass Attack: No
  • Reference: http://www.foxnews.com/us/2011/04/20/minn-man-accused-hacking-facebook-accounts/
  • Attack Source Geography:
  • Attacked System Technology: Facebook
 

WHID 2011-82: Sony fears Anonymous hack as PSN stays down

  • Entry Title: WHID 2011-82: Sony fears Anonymous hack as PSN stays down
  • WHID ID: 2011-82
  • Date Occurred: April 21, 2011
  • Attack Method: Denial of Service
  • Application Weakness: Insufficient Anti-automation
  • Outcome: Downtime
  • Attacked Entity Field: Entertainment
  • Attacked Entity Geography:
  • Incident Description: It's looking more likely that loose-knit 'hacktivist' collective Anonymous may have pulled off the "biggest ever" attack on Sony's PlayStation network (PSN), as company engineers are investigating the possibility that the online gaming service has been hacked.
  • Mass Attack: No
  • Reference: http://www.thinq.co.uk/2011/4/21/sony-fears-anonymous-hack-psn-stays-down/
 

WHID 2011-81: AlArabiya.net Hacked…Again

  • Entry Title: WHID 2011-81: AlArabiya.net Hacked…Again
  • WHID ID: 2011-81
  • Date Occurred: April 21, 2011
  • Attack Method: Unknown
  • Application Weakness: Unknown
  • Outcome: Defacement
  • Attacked Entity Field: News
  • Attacked Entity Geography: Saudi Arabia
  • Incident Description: Being one of the region's leading news agencies, Al-Arabiya which is part of MBC Group, the largest broadcasting company in the Middle East has been hacked by an unknown group signed only with 'Crack_Man' stating it has been 'powered morocco'.
    The hacked website comes in a long lasting tradition of security flaws in the website leading to the recurrent event of the portal being hacked during political instability hits the region usually as an expression of disagreeing with what many consider the news agency's Western oriented liberal point of view.
  • Mass Attack: No
  • Reference: http://thenextweb.com/me/2011/04/21/alarabiya-net-hacked-again/
 

WHID 2011-80: Ashampoo server hacked, customer names and e-mail addresses stolen

  • Entry Title: WHID 2011-80: Ashampoo server hacked, customer names and e-mail addresses stolen
  • WHID ID: 2011-80
  • Date Occurred: April 21, 2011
  • Attack Method: SQL Injection
  • Application Weakness: Improper Input Handling
  • Outcome: Leakage of Information
  • Attacked Entity Field: Retail
  • Attacked Entity Geography:
  • Incident Description: Rolf Hilchner, CEO of Ashampoo, has posted on the company's website explaining exactly what has happened. Apparently hackers managed to break into one of Ashampoo's servers that held customer data. There was a hole in their security and by using it Ashampoo customer names and e-mail addresses have been taken, but no payment and billing information was accessed.
  • Mass Attack: No
  • Reference: http://www.geek.com/articles/geek-pick/ashampoo-server-hacked-customer-names-and-e-mail-addresses-stolen-20110421/
  • Additional Link: http://www.ashampoo.com/en/usd/dth
 

WHID 2011-79: Change.org Victim of DDoS Attack From China

  • Entry Title: WHID 2011-79: Change.org Victim of DDoS Attack From China
  • WHID ID: 2011-79
  • Date Occurred: April 19, 2011
  • Attack Method: Denial of Service
  • Application Weakness: Insufficient Anti-automation
  • Outcome: Downtime
  • Attacked Entity Field: Politics
  • Attacked Entity Geography:
  • Incident Description: Change.org, an online petitioning platform, has come under an ongoing distributed denial of service (DDoS) attack originating from China after the site hosted a call urging Chinese authorities to release artist Ai Weiwei from custody.
  • Mass Attack: No
  • Reference: http://www.pcworld.com/printable/article/id,225672/printable.html
  • Attack Source Geography: China
 

WHID 2011-78: The Children's Place, popular kid's clothing retailer, hit with database breach

  • Entry Title: WHID 2011-78: The Children's Place, popular kid's clothing retailer, hit with database breach
  • WHID ID: 2011-78
  • Date Occurred: April 19, 2011
  • Attack Method: Unknown
  • Application Weakness: Unknown
  • Outcome: Phishing
  • Attacked Entity Field: Retail
  • Attacked Entity Geography:
  • Incident Description: The Children's Place Retail Stores Inc. said Tuesday that its customer email address database was recently accessed by an unauthorized third party. The database is stored at an external email service provider, according to company officials. The external service provider confirmed that only email addresses were accessed and no other personal information was obtained.
  • Mass Attack: No
  • Reference: http://www.csoonline.com/article/679983/the-children-s-place-popular-kid-s-clothing-retailer-hit-with-database-breach
 

WHID 2011-77: Scottish news site hit by 'DDoS attack' in run-up to elections

  • Entry Title: WHID 2011-77: Scottish news site hit by 'DDoS attack' in run-up to elections
  • WHID ID: 2011-77
  • Date Occurred: April 19, 2011
  • Attack Method: Unknown
  • Application Weakness: Application Misconfiguration
  • Outcome: Downtime
  • Attacked Entity Field: Government
  • Attacked Entity Geography: Scotland
  • Incident Description: Politically-motivated hackers are thought to be behind a DDoS attack on alternative news site Newsnet Scotland, launched on Monday days before Scotland is due to vote in fiercely contested local elections.
    The attack, if that's what it is, left the site unavailable from Monday afternoon into the early hours of Tuesday morning.
  • Mass Attack: No
  • Reference: http://www.theregister.co.uk/2011/04/19/scottish_news_site_ddos/
 

WHID 2011-76: Auto Trader website attacked

  • Entry Title: WHID 2011-76: Auto Trader website attacked
  • WHID ID: 2011-76
  • Date Occurred: April 19, 2011
  • Attack Method: Denial of Service
  • Application Weakness: Insufficient Anti-automation
  • Outcome: Downtime
  • Attacked Entity Field: Automotive
  • Attacked Entity Geography: USA
  • Incident Description: According to a story released on the Auto Trader blog page, the Auto Trader website was subject to an attack from midday on Apil 19th until the early hours of April 20th.
    The attack disrupted access to the sight, causing it to run slowly or not open at all. According to the blog the attack originated from abroad. Such attacks, called denial of service, or DDOS attacks, are desig
  • Mass Attack: No
  • Reference: http://www.honestjohn.co.uk/news/buying-and-selling/2011-04/auto-trader-website-attacked/

WHID 2011-75: Manila Water's website hacked

  • Entry Title: WHID 2011-75: Manila Water's website hacked
  • WHID ID: 2011-75
  • Date Occurred: April 17, 2011
  • Attack Method: SQL Injection
  • Application Weakness: Improper Input Handling
  • Outcome: Defacement
  • Attacked Entity Field: Energy
  • Attacked Entity Geography: Manila, Philippines
  • Incident Description: The website of water concessionaire Manila Water was hacked early Sunday, with visitors to the site seeing a small window indicating the breach.

WHID Analysis - looking at the html in the pages, it appears as though sql injection was the attack vector -

<script type="text/javascript">function show_alert(){alert("hacked! pakifix po yung blind sql po sa server nyo :D");}</script>
 

WHID 2011-74: Wind Power Company Hacked

  • Entry Title: WHID 2011-74: Wind Power Company Hacked
  • WHID ID: 2011-74
  • Date Occurred: April 18, 2011
  • Attack Method: Brute Force
  • Application Weakness: Insufficient Authentication
  • Outcome: Leakage of Information
  • Attacked Entity Field: SCADA
  • Attacked Entity Geography: New Mexico, USA
  • Incident Description: In an email interview with the IDG News Service, Bigr R, said he was a former employee of NextEra's parent company, Florida Power & Light. He said he used a bug in the Cisco Security Device Manager software used by NextEra to break into the site. "They gave to it public IP, so it was easy to hack into it through the Web," he said. "They used default passwords, which I got from one of administrators. Then I obtained level 15 priv. (superuser), and understood the topology of SCADA networks. Then it was easily to detect SCADA and turn it off."
  • Mass Attack: No
  • Reference: http://www.computerworld.com/s/article/9215881/Wind_power_company_sees_no_evidence_of_reported_hack
 

WHID 2011-73: Royal Navy hacker claims to have broken into space agency site

  • Entry Title: WHID 2011-73: Royal Navy hacker claims to have broken into space agency site
  • WHID ID: 2011-73
  • Date Occurred: April 18, 2011
  • Attack Method: SQL Injection
  • Application Weakness: Improper Input Handling
  • Outcome: Leakage of Information
  • Attacked Entity Field: Government
  • Attacked Entity Geography:
  • Incident Description: Login credentials for database, email and other key systems that a poster claims belong to the European Space Agency were posted on a full disclosure mailing list over the weekend.
  • Mass Attack: No
  • Reference: http://www.eweekeurope.co.uk/news/european-space-agency-confirms-ftp-server-hack-26976