This infamous 2011 is nearly gone and here it is the last post for this year concerning the 2011 Cyber Attacks Timeline. As you will soon see from an infosec perspective this month has been characterized by two main events: the LulzXmas with its terrible Stratfor hack (whose effects are still ongoing with the recent release of 860,000 accounts), and an unprecented wave of breaches in China which led to the dump of nearly 88 million of users for a theoretical cost of nearly $19 million (yes the Sony brech is close). For the rest an endless cyberwar between India and Pakistan, some hactivism and (unfortunately) the usual amounts of “minor” breaches and defacement. After the page break you find all the references.
Last but not least… This post is my very personal way to wish you a happy new infosec year.
Hard Times for Police Corps all over the world, after the U.S. Law Enforcement Agencies, today it is Brazilian’s Police turn, hacked by LulzSec Brazil, who has disclosed 8 gb of data from what they defined the Pandora’s Box…
August has just begun, but my sixth sense and half tells me this will be another hot month for Information Security…
Oops, they did it again! After the first attack to Law Enforcement Institutions, the AnonLulzSec (that is the Antisec campaign led by Anonymous and LulzSec), inside what they defined the ShootingSheriffsSaturday, leaked again 10 Gb of Data from the same Law Enforcement Agencies, releasing over 10gb of private police emails, training files, snitch info and personal info. The attack was made in retaliation for anonymous arrests (and for the declarations stating that no critical data had been compromised during the previous hack).
- Over 300 mail accounts from 56 law enforcement domains;
- Missouri Sheriff account dump (mosheriffs.com);
- 7000+ usernames, passwords, home addresses, phones and SSNs;
- Online Police Training Academy files PDFs, videos, HTML files;
- “Report a Crime” snitch list compilation (60+ entries);
- Plesk plaintext server passwords (ftp/ssh, email, cpanel, protected dirs);
I found particularly interesting this quote from their statement:
A recent DHS bulletin has called us “script kiddies” that lack “any capability to inflict damage to critical infrastructure” yet we continue to get in and out of any system we please, destroying and dropping dox on the mightiest of government systems that are supposed to be protecting their sick nightmare of “law and order”. GIVE UP. You are losing the cyberwar, and the attacks against the governments, militaries, and corporations of the world will continue to escalate.
The DHS bulletin was released several days ago to provide some information to sysadmin in order to correctly face the Anonymous and LulzSec attacks, but what really looks interesting is the mention to Cyberwar. Hard Times for Department of Security, really busy to face attacks in the fifth domain from external (read other countries) and internal enemies (read Antisec).