Wednesday, May 11, 2011

Latest Web Hacking Incident Database (WHID) Entries

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) Web Hacking Incident Database (WHID) Project.

WHID 2011-84:Hackers access personal info of Lancaster County students


Entry Title: WHID 2011-84:Hackers access personal info of Lancaster County students
WHID ID: 2011-84
Date Occurred: April 20, 2011
Attack Method: SQL Injection
Application Weakness: Improper Input Handling
Outcome: Leakage of Information
Attacked Entity Field: Education
Attacked Entity Geography: South Carolina
Incident Description: LANCASTER, S.C. -- The Lancaster County School District says hackers may have stolen the personal information of 25,000 students in the district's database.
Schools officials are now trying to contact everyone who might have been affected. Information stored in the database goes back 10 years.
Mass Attack: No
Reference: http://www.wcnc.com/news/local/Personal-Information-of-Thousands-exposed-to-Internet-Hackers-120316064.html
Attack Source Geography:
Number of Records: 25,000



WHID 2011-83: Minn. man accused of hacking Facebook accounts


Entry Title: WHID 2011-83: Minn. man accused of hacking Facebook accounts
WHID ID: 2011-83
Date Occurred: April 21, 2011
Attack Method: Social Engineering
Application Weakness: Insufficient Password Recovery
Outcome: Account Takeover
Attacked Entity Field: Web 2.0
Attacked Entity Geography:
Incident Description: Prosecutors have accused a Minnesota man of hacking into other people's Facebook and other computer accounts and stealing photos of women to post on adult websites.
Prosecutors charged Timothy Peter Noirjean, 26, of Woodbury, with 13 counts of identity theft, alleging that from February 2010 through March 2010 he contacted women online and duped them into providing him with personal information that allowed him to hack their Facebook and other accounts. After hacking a Facebook account, prosecutors say Noirjean would pose as the owner to make contact with that person's friends and try to gain access to more computer accounts.
Read more: http://www.foxnews.com/us/2011/04/20/minn-man-accused-hacking-facebook-accounts/#ixzz1KBSiqxBX
Mass Attack: No
Reference: http://www.foxnews.com/us/2011/04/20/minn-man-accused-hacking-facebook-accounts/
Attack Source Geography:
Attacked System Technology: Facebook



WHID 2011-82: Sony fears Anonymous hack as PSN stays down


Entry Title: WHID 2011-82: Sony fears Anonymous hack as PSN stays down
WHID ID: 2011-82
Date Occurred: April 21, 2011
Attack Method: Denial of Service
Application Weakness: Insufficient Anti-automation
Outcome: Downtime
Attacked Entity Field: Entertainment
Attacked Entity Geography:
Incident Description: It's looking more likely that loose-knit 'hacktivist' collective Anonymous may have pulled off the 'biggest ever' attack on Sony's PlayStation network (PSN), as company engineers are investigating the possibility that the online gaming service has been hacked.
Mass Attack: No
Reference: http://www.thinq.co.uk/2011/4/21/sony-fears-anonymous-hack-psn-stays-down/
Attack Source Geography:



WHID 2011-81: AlArabiya.net Hacked…Again


Entry Title: WHID 2011-81: AlArabiya.net Hacked…Again
WHID ID: 2011-81
Date Occurred: April 21, 2011
Attack Method: Unknown
Application Weakness: Unknown
Outcome: Defacement
Attacked Entity Field: News
Attacked Entity Geography: Saudi Arabia
Incident Description: Being one of the region’s leading news agencies, Al-Arabiya which is part of MBC Group, the largest broadcasting company in the Middle East has been hacked by an unknown group signed only with ‘Crack_Man’ stating it has been ‘powered morocco’.
The hacked website comes in a long lasting tradition of security flaws in the website leading to the recurrent event of the portal being hacked during political instability hits the region usually as an expression of disagreeing with what many consider the news agency’s Western oriented liberal point of view.
Mass Attack: No
Reference: http://thenextweb.com/me/2011/04/21/alarabiya-net-hacked-again/
Attack Source Geography:



WHID 2011-80: Ashampoo server hacked, customer names and e-mail addresses stolen


Entry Title: WHID 2011-80: Ashampoo server hacked, customer names and e-mail addresses stolen
WHID ID: 2011-80
Date Occurred: April 21, 2011
Attack Method: SQL Injection
Application Weakness: Improper Input Handling
Outcome: Leakage of Information
Attacked Entity Field: Retail
Attacked Entity Geography:
Incident Description: Rolf Hilchner, CEO of Ashampoo, has posted on the company’s website explaining exactly what has happened. Apparently hackers managed to break into one of Ashampoo’s servers that held customer data. There was a hole in their security and by using it Ashampoo customer names and e-mail addresses have been taken, but no payment and billing information was accessed.
Mass Attack: No
Reference: http://www.geek.com/articles/geek-pick/ashampoo-server-hacked-customer-names-and-e-mail-addresses-stolen-20110421/
Attack Source Geography:
Additional Link: http://www.ashampoo.com/en/usd/dth



WHID 2011-79: Change.org Victim of DDoS Attack From China


Entry Title: WHID 2011-79: Change.org Victim of DDoS Attack From China
WHID ID: 2011-79
Date Occurred: April 19, 2011
Attack Method: Denial of Service
Application Weakness: Insufficient Anti-automation
Outcome: Downtime
Attacked Entity Field: Politics
Attacked Entity Geography:
Incident Description: Change.org, an online petitioning platform, has come under an ongoing distributed denial of service (DDoS) attack originating from China after the site hosted a call urging Chinese authorities to release artist Ai Weiwei from custody.
Mass Attack: No
Reference: http://www.pcworld.com/printable/article/id,225672/printable.html
Attack Source Geography: China



WHID 2011-78: The Children's Place, popular kid's clothing retailer, hit with database breach


Entry Title: WHID 2011-78: The Children's Place, popular kid's clothing retailer, hit with database breach
WHID ID: 2011-78
Date Occurred: April 19, 2011
Attack Method: Unknown
Application Weakness: Unknown
Outcome: Phishing
Attacked Entity Field: Retail
Attacked Entity Geography:
Incident Description: The Children's Place Retail Stores Inc. said Tuesday that its customer email address database was recently accessed by an unauthorized third party. The database is stored at an external email service provider, according to company officials. The external service provider confirmed that only email addresses were accessed and no other personal information was obtained.
Mass Attack: No
Reference: http://www.csoonline.com/article/679983/the-children-s-place-popular-kid-s-clothing-retailer-hit-with-database-breach
Attack Source Geography:



WHID 2011-77: Scottish news site hit by 'DDoS attack' in run-up to elections


Entry Title: WHID 2011-77: Scottish news site hit by 'DDoS attack' in run-up to elections
WHID ID: 2011-77
Date Occurred: April 19, 2011
Attack Method: Unknown
Application Weakness: Application Misconfiguration
Outcome: Downtime
Attacked Entity Field: Government
Attacked Entity Geography: Scotland
Incident Description: Politically-motivated hackers are thought to be behind a DDoS attack on alternative news site Newsnet Scotland, launched on Monday days before Scotland is due to vote in fiercely contested local elections.
The attack, if that's what it is, left the site unavailable from Monday afternoon into the early hours of Tuesday morning.
Mass Attack: No
Reference: http://www.theregister.co.uk/2011/04/19/scottish_news_site_ddos/
Attack Source Geography:



WHID 2011-76: Auto Trader website attacked


Entry Title: WHID 2011-76: Auto Trader website attacked
WHID ID: 2011-76
Date Occurred: April 19, 2011
Attack Method: Denial of Service
Application Weakness: Insufficient Anti-automation
Outcome: Downtime
Attacked Entity Field: Automotive
Attacked Entity Geography: USA
Incident Description: According to a story released on the Auto Trader blog page, the Auto Trader website was subject to an attack from midday on Apil 19th until the early hours of April 20th.
The attack disrupted access to the sight, causing it to run slowly or not open at all. According to the blog the attack originated from abroad. Such attacks, called denial of service, or DDOS attacks, are desig
Mass Attack: No
Reference: http://www.honestjohn.co.uk/news/buying-and-selling/2011-04/auto-trader-website-attacked/
Attack Source Geography:


WHID 2011-75: Manila Water's website hacked


Entry Title: WHID 2011-75: Manila Water's website hacked
WHID ID: 2011-75
Date Occurred: April 17, 2011
Attack Method: SQL Injection
Application Weakness: Improper Input Handling
Outcome: Defacement
Attacked Entity Field: Energy
Attacked Entity Geography: Manila, Philippines
Incident Description: The website of water concessionaire Manila Water was hacked early Sunday, with visitors to the site seeing a small window indicating the breach.


WHID Analysis - looking at the html in the pages, it appears as though sql injection was the attack vector -


<script type="text/javascript">
function show_alert(){
alert("hacked! pakifix po yung blind sql po sa server nyo :D");}
</script>

Mass Attack: No
Reference: http://www.gmanews.tv/story/218014/nation/manila-waters-website-hacked
Attack Source Geography:



WHID 2011-74: Wind Power Company Hacked


Entry Title: WHID 2011-74: Wind Power Company Hacked
WHID ID: 2011-74
Date Occurred: April 18, 2011
Attack Method: Brute Force
Application Weakness: Insufficient Authentication
Outcome: Leakage of Information
Attacked Entity Field: SCADA
Attacked Entity Geography: New Mexico, USA
Incident Description: In an email interview with the IDG News Service, Bigr R, said he was a former employee of NextEra's parent company, Florida Power & Light. He said he used a bug in the Cisco Security Device Manager software used by NextEra to break into the site. "They gave to it public IP, so it was easy to hack into it through the Web," he said. "They used default passwords, which I got from one of administrators. Then I obtained level 15 priv. (superuser), and understood the topology of SCADA networks. Then it was easily to detect SCADA and turn it off."
Mass Attack: No
Reference: http://www.computerworld.com/s/article/9215881/Wind_power_company_sees_no_evidence_of_reported_hack
Attack Source Geography:



WHID 2011-73: Royal Navy hacker claims to have broken into space agency site


Entry Title: WHID 2011-73: Royal Navy hacker claims to have broken into space agency site
WHID ID: 2011-73
Date Occurred: April 18, 2011
Attack Method: SQL Injection
Application Weakness: Improper Input Handling
Outcome: Leakage of Information
Attacked Entity Field: Government
Attacked Entity Geography:
Incident Description: Login credentials for database, email and other key systems that a poster claims belong to the European Space Agency were posted on a full disclosure mailing list over the weekend.
Mass Attack: No
Reference: http://www.eweekeurope.co.uk/news/european-space-agency-confirms-ftp-server-hack-26976
Attack Source Geography: