Hackers break into a U.S. government contractor's computer
July 30, 2011
Members of the Anonymous Hacking Group say they successfully broke into the networks of Mantech International, and stole sensitive and internal documents belonging to the U.S. government contractor.
As evidence, the hackers posted a 390 MB file download that appeared to contain reports related to NATO, the U.S. Army and even some personnel files. A note that accompanied the Bittorrent file said the hack was intended to defy the FBI, which last week charged fourteen individuals that participated in an Internet attack last December that created many service disruptions for PayPal customers.
“Dear Government and Law Enforcement, we are repeating this message as we have the suspicion you still do not take us seriously,” their 715-word message said, which was titled “F*** FBI FRIDAY.”
“We are not scared anymore and your threats to arrest us are meaningless. We will continue to demonstrate how you fail at about every aspect of cybersecurity while burning hundreds of millions of dollars that you do not even have,” the message continued.
The leaked documents appeared to have little or no connection to the FBI, although press releases appeared to demonstrate that the FBI has outsourced some of its IT security to Mantech. The Washington, DC-based IT company has also signed more contracts to provide services to the departments of Defense, State, Homeland Security, Energy and even the Justice Department.
A statement posted on the Mantech's homepage said the company “takes very seriously, recent reports of a cyber threat, and we responsibly and actively address all sources of information about threats to our information and assets and those of our customers.”
It neither confirmed nor denied the Anonymous claims that Mantech was compromised “utterly and throughly”.
The hacked documents come after Anonymous and its Lulz Security offspring have both claimed responsibility for brazen attacks on the U.S. CIA, the U.S. Senate, and various Arizona law enforcement agencies, among many others.
This successful breach of security comes just a few days after police in the U.K. say they arrested a central LulzSec figure.
Yesterday, investigators with Scotland Yard received an extension giving them three more days to detain the 18-year-old they say was the figure known as Topiary. The extension casts some doubts on speculation the unidentified man was a fall guy who was framed to take the heat off the real attacker.
In other Internet security news
A California resident has been sentenced to more than twelve years in federal prison for his center role in an international phishing and email spamming ring that stole the identities of more than 38,000 people. The investigation ran more than 1 1/2 year before the criminal was arrested. More charges will also be laid against other defendants.
Tien Truong Nguyen, 34, of Long Beach, California, received the 12 1/2 year sentence from U.S. District Judge Morrison England, who called the phisher of men “a one-man wrecking crew when it comes to identity theft.”
According to various court documents, Nguyen and two other suspects used identities stolen from users of PayPal and other financial services to fraudulently obtain merchandise worth about $200,000 from Wal-Mart stores, Target outlets and a few more.
Investigators searching his home found a computer that contained names, dates of birth, and social security numbers for over 38,480 people, prosecutors said.
Investigators also found a Remington 870 Magnum Express shotgun that stood up vertically behind Nguyen's computer stand, some near-by ammunition, and a feed from a complex surveillance system. And with previous convictions for various property crimes and narcotics offenses, Nguyen wasn't even allowed to posses any firearms.
When Nguyen pleaded guilty in 2009, he said his addiction to methamphetamine drove him to live as an identity thief.
In other Internet security news
A few hackers are saying they were successful in compromizing News Corp.'s website about two weeks ago, and they also claim to have extracted an email archive which they plan to release later today.
As a direct result of this, visitors to The Sun's website were redirected towards a fake story on the supposed death of Rupert Murdoch by infamous hacktivist collective LulzSec. The group also redirected visitors of the main News International website to the LulzSec Twitter feed.
But it gets worse-- the hack may have also allowed LulzSec to gain access to News International's email database.
Sabu, a prominent member of LulzSec, said that the group was sitting on emails of News International staffers that it planned to release today.
But in the meantime, Sabu released email login details for former News International chief executive Rebekah Brooks, a central figure in the News of the World voicemail-hacking scandal.
Brooks edited The Sun between 2003 and 2009, and had been using the password 63000 to access her email account at the paper. As IT blogger John Graham-Cumming points out, 63000 is the same number as the text tip-off line used by the Sun.
LulzSec also posted the supposed password hash – but not the password – of Bill Akass, former managing editor of the News of the World.
If this looks like a big mess, it's because it is. The hackers also posted the mobile phone numbers of three News International executives as well. This information seems to have come from an old database. The Telegraph reports that one of the phone numbers belongs to Pete Picton, a former online editor with The Sun who left to work on News Corp's iPad-only publication, The Daily, in late 2010.
Another phone number belongs to Chris Hampartsoumian, an IT worker at News Corp. Hampartsoumian recently announced that he doesn't work for any News Corp company anymore.
LulzSec certainly obtained deep enough access to News International systems during the Monday break-in to pull off a redirection hack on The Sun, but whether it obtained the depth of access it claims to have done still remains unclear at this time.
A News International spokesperson declined to comment when we asked if the organisation was taking the email hack claims seriously or whether it was taking any remedial action.
News Corp said the firm was aware of the website redirection hack on The Sun, adding that all News International websites were now up and running as normal.
But The Guardian reported earlier this morning that News International took its webmail systems and remote access systems offline as a precaution following The Sun website redirection hack.
And passwords were also reset before remote access and other systems were restored this morning, the paper added.
In other Internet security news
Overall infection rates on Vista computers dropped from around 0.11 percent 0.10 percent or even slightly less, for computers running SP2.
As Microsoft points out, Windows 7 PCs have more built-in security protection and are more immune from security attacks than machines running Vista or Windows XP. But this security performance boost is decreasing, possibly as a result in a change of tactics by virus and malware-peddling attackers.
The software giant recorded a massive fourteen-fold rise in Java-based attacks during the third quarter of last year, as miscreants sought to exploit two vulnerabilities prevalent at that time. Those two vulnerabilities (CVE-2008-5353 and CVE-2009-3867) accounted for 85 percent of all Java exploits detected in the second half of 2010.
Operating system exploits, which have declined over recent months, increased significantly in the third quarter of last year, primarily because of exploitation of two Windows security vulnerabilities, Microsoft noted.
The same period also witnessed an enormous increase of 1,200 percent in phishing attacks using social networking as the bait, as social networks become lucrative areas for increased criminal activity as of late.
Overall, phishing attacks using social networking as bait increased from a low of 8.3 percent of all attacks in January 2010 to a high of 84.5 per cent in December of the same year.
Additionally, the Security Intelligence Report also charts a big increase in adware-based attacks as well. Two new strains of adware, JS/Pornpop and Win32/ClickPotato were also major contributors to this increase.
Both strains of virus and malware generate pop-ups on infected computers. In the case of Pornpop, those pop-ups advertise pornographic sites.
Source: The Anonymous Hacking Group.
You can link to the Internet Security web site as much as you like.