About these ads

Archive

Posts Tagged ‘Syria’

16-28 February 2013 Cyber Attacks Timeline

It is time for the summary of the second half of February, two weeks of remarkable cyber attacks against high-tech giants, massive breaches and Twitter Account Hijackings.

Probably the most resounding events of this period (maybe more for the high profile of the victims than for the actual effects) are the two attacks, allegedly originating from China, (with a common root cause, the compromising of an iPhone developer forum) carried on against Apple and Microsoft.

But not only the two high-tech giants, other illustrious victims have fallen under the blows of hacktivists and cyber criminals. The list is quite long and includes Bank of America, American Express, Casio, ZenDesk, cPanel, Central Hudson Gas & Electric Corporation, etc.).

Last but not least, the unprecedented trail of Cyber attack against Twitter Profile belonging to single individuals (see Donald Trump) or Corporations (Burger King and Jeep). Maybe it is time to change the passwords…

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

A special thanks to Kim Guldberg AKA @bufferzone for continuously advising me about significant cyber events through the Submit Form! Much Appreciated!

16-28 February 2013 Cyber Attacks Timeline

Read more…

About these ads

16-30 November 2012 Cyber Attacks Timeline

December 4, 2012 1 comment

November has gone and it’s time to review this month’s cyber landscape.

From a Cyber Crime perspective, November 2012 will be probably remembered for the breach to Nationwide, one of the largest insurance and financial services providers in the US, a breach that has potentially left up to 1 million users exposed. Unfortunately, in terms of massive breaches, this is not the only remarkable event of the month, just at the end Acer India has suffered a massive cyber attack culminated in the leak of nearly 15,000 records. Not comparable with the breach that affected Nationwide, but for sure of big impact.

Also on the cyber-espionage front this month has been interesting: JAXA, the Japan Space agency has been targeted by yet another targeted attack (after January 2012) and Symantec has discovered W32.Narilam, a new destructive malware targeting several nations in Middle East.

The hacktivist front has been characterized by the dramatic events in Gaza, the attacks have reached a peak around the first half of the month (as in the first part, I did not take into consideration the attacks carried on in name of OpIsrael for which I wrote a dedicated timeline), in any case the Anonymous have found another way to mark this month, leaking 1 Gb of documents from the Syrian Ministry of Foreign Affairs.

Last but not least, this month has seen three large-scale DNS Poisoning attacks (against the Pakistani Registrar PKNIC, Inc., GoDaddy, and the Romanian Registrar). A very rare occurrence!

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-30 November 2012 Cyber Attacks Timeline

Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

16-30 September 2012 Cyber Attacks Timeline

October 4, 2012 2 comments

Part One with 1-15 September 201 Timeline Here.

September is over and it’s time to analyze this month from an Information Security perspective with the second part of the Cyber Attack Timeline.

Probably this month will be remembered for the massive outage of six  U.S. Banks (Bank of America, JPMorgan Chase, Citigroup, U.S. Bank, Wells Fargo and PNC ) caused by a wave of DDoS attack carried on by alleged Muslim hackers in retaliation for the infamous movie (maybe this term is exaggerated) “The Innocence of Muslims”.

China has confirmed its intense activity inside the Cyber space. Alleged (state-sponsored?) Chinese hackers were allegedly behind the attack to Telvent, whose project files of its core product OASyS SCADA were stolen after a breach, and also behind a thwarted spear-phishing cyber attack against the White House.

Adobe suffered a high-profile breach which caused a build server to be compromised with the consequent theft of a certificate key used to sign two malware strains found on the wild (with the consequent necessary revoke of the compromised key affecting approximately 1,100 files).

Last but not least, the Hacktivism fever has apparently dropped. September has offered some attacks on the wake of the #OpFreeAssange campaign, and a new wave of attacks at the end of the month after the global protests set for September, the 29th, under the hashtag of #29s.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

February 2012 Cyber Attacks Timeline

March 5, 2012 1 comment

Find here February 2012 Cyber Attacks Timelime Part I.

With a small  delay (my apologies but the end of February has been very busy for me and not only for Cybercrooks as you will soon see), here it is the second part of my compilation with the main Cyber Attacks for February 2012.

Easily Predictable, the Hacktivism is still the main concern for System Administrators, in particular for the ones of Stratfor who suffered a huge leak of 5 million of emails.

On the same front, the threats of the Anonymous for the Friday actions have come true and as a matter of fact Law Enforcement Agencies suffered other remarkable breaches in this month: Infragard for the second time and also Interpol (a new entry) that was taken down after the arrest of 25 members of the collective. Anti ACTA protest also continue to shake Europe as also the delicate economical and social situation in Greece.

Last but not least, this month has also seen an unforgettable leak, affecting potentially more than 1.000.000 Youporn users.

As usual, the chart does not include the events related to Middle East Cyber War Timeline, that you may find at this link, as they “deserve” a dedicated timeline.

After the jump you find all the references, follows @paulsparrows for the latest updates on a regular basis and also have a look to the 2012 Cyber Attacks Timeline Master Index.

Read more…

February 2012 Cyber Attacks Timeline (Part I)

February 16, 2012 1 comment

February 2012 brings a new domain for my blog (it’s just a hackmaggedon) and confirms the trend of January with a constant and unprecedented increase in number and complexity of the events. Driven by the echo of the ACTA movement, the Anonymous have performed a massive wave of attacks, resuming the old habits of targeting Law Enforcement agencies. From this point of view, this month has registered several remarkable events among which the hacking of a conf call between the FBI and Scotland Yard and the takedown of the Homeland Security and the CIA Web sites.

The Hacktivism front has been very hot as well, with attacks in Europe and Syria (with the presidential e-mail hacked) and even against United Nations (once again) and NASDAQ Stock Exchange.

Scroll down the list and enjoy to discover the (too) many illustrious victims including Intel, Microsoft, Foxconn and Philips. After the jump you find all the references and do not forget to follow @paulsparrows for the latest updates. Also have a look to the Middle East Cyberwar Timeline, and the master indexes for 2011 and 2012 Cyber Attacks.

Addendum: of course it is impossible to keep count of the huge amount of sites attacked or defaced as an aftermath of the Anti ACTA movements. In any case I suggest you a couple of links that mat be really helpful:

Read more…

Categories: Cyber Attacks Timeline, Cyberwar, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

October 2011 Cyber Attacks Timeline (Part I)

October 16, 2011 2 comments

October has come and here it is, also for this month, the first part of my Cyber Attacks Timeline covering the cyber events occurred in the first half of the current month.

Three events in particular have marked this month: The German Trojan R2-D2 (that is raising many questions and concerns inside the infosec community), the keylogger hitting U.S. Drones and a new cyber attack to Sony involving this time “only” 93,000 accounts (oops! They did it again).

Except for a couple of isolated occurrences (in Austria and UK), the Cyber Attacks by Anonymous and Antisec had a break, maybe because hacktivism efforts are being focused on the #OccupyWallStreet operation that is rapidly spreading all over the World (I wonder why in here in Rome yesterday it has not been possible to have peaceful protests as happened in all the other Capitals). Besides, albeit not directly related with Anonymous, several Syrian log files were leaked showing the control of the Government on the Internet.

Other events of the month: a couple of fashion related websites were hacked, the Cyber-Guerrilla between India and Pakistan was particularly active with the cyber armies of the two nations facing themselves in the cyber space with continual mutual defacements, @SwichSmoke was also particularly active against Venezuela Government Web Sites. Other “minor” leaks were performed by @FailRoot and @ThEhAcKeR12 but one of the victims of the latter was Camber Corporation, an U.S. Contractor.

Anyway, Camber Corporation was not the only targeted Contractor, also Raytheon Corporation (a survivor of the RSA Breach) was targeted with a cloud based spear-phishing campaign, again the attack was thwarted but, in my opinion, has deserved a mention as well. Chronicles also reports of a claimed hack to Infragard (again).

Moreover the aftermaths of the RSA breach are not completely over: this month the security firm’s CEO claimed that a couple of different Cyber Crews, under the flag of an enemy nation (and the suspects were immediately directed to China), are behind the Cyber Attack in March and acted to perform it.

But a very special mention for this month (and the consequent lowly desiderable prize), is undoubtedly deserved by Mr. Oliver Letwin, Her Majesty’s Cabinet Minister, who was caught by The Daily Mirror  in the habit of dumping private correspondence and sensitive documents detailing Al-Qaeda activities and secret service operations into park bins in St James’s Park, Westminster, close to Downing Street. Security, logical and physical, may have many unpredictable implications…

From a technical point of view SQLi and defacements were the most used lethal weapons for this month, even if a massive ASP.NET based attack, targeting 300,000 web sites,  is also worth mentioning.

This Timeline was compiled with Useful Resources by:

And my inclusion criteria do not take into consideration simple defacement attacks (unless they are particularly resounding) or small data leaks.

Last but not least: you may find all the timelines for 2011 in my Master Index. Enjoy the list(s) and share and retweet to encourage me to keep it up2date!

Date Author Description Organization Attack
Oct 1 Neatstuffs

Filmradar.com

NeatStuffs hacks filmradar.com a movie review and information site/community and releases on Mediafire a 6mb txt file containing 95167 accounts with hashed passwords. Estimated cost of the breach is $ 20,365,738.


SQLi?
Oct 2
Venezuela National Statistics Institute

SwichSmoke crew hacks the Venezuela National Statistics Insitute during the 2011 Census.


SQLi?
Oct 2

Camber Corporation (US Contractor)

Once again a US Government contractor is target of cyber crime. This time is the turn of Camber Corporation, targeted by a small hack by @ThEhAcKeR12, which releases 3 admin accounts with encrypted passwords. and admin full name.

  ?
Oct 2

wrestlegame.co.uk

Again @ThEhAcKeR12, this time the crew dumps 1500+ accounts (in encrypted format) and a database from wrestlegame.co.uk. Estimated cost of the breach is around $321,000.

wrestlegame SQLi?
Oct 2
A student arrested few days later
Thailand Prime Minister

Thailand’s Prime Minister, Yingluck Shinawatra, had her Twitter account hacked flooding her followers with a stream of messages criticising her leadership with statements like this: The final post read: “If she can’t even protect her own Twitter account, how can she protect the country?

Account Hacking
Oct 4 Austrian Economy Chamber (WKO)

WKO confirms that its webserver was infiltrated by unidentified cyber criminals. More than 6,000 data sets of customers of the chamber were published on the internet. Although Anonymous Austria leaked the data, they stressed they had not carried out the attack on WKO themselves, but had been provided with the records by someone else, adding that the security leak was exposed by using online search engine Google. Estimated cost of the Breach is around $1,284,000.

  Vulnerability on The Target Platform
Oct 5

funniestvideosonline.com

@ThEhAcKeR12 does not stop here and dumps 3300 accounts from funniestvideosonline.com and are all encrypted passwords. Estimated cost of the Breach is around $706,200.

SQLi?
Oct 5 www.xvidonline.com

@FailRoot hacks and leaks  several accounts from www.xvidonline.com putting the websits offline.

xvidonline.com SQLi?
Oct 5 Optik Fiber Gmail (Claimed)

Optik Fiber releases several gmail accounts claimed to have been hacked via a known security flaw in gmail. It is not sure if this is real or not but it is meaningful as well of the global level of (in)security, real or psychological.

Known Security Flaw in Gmail (N/A)
Oct 5 ? Fashion TV India

Unknown hackers hacks Fashion TV India with the injection tool havij and obtain a list of accounts dumping usernames and passwords in clear text.

SQLi via havij
Oct 6
Syrian Internet Log Files

Internet activists from Telecomix release 54 GB of log files allegedly created by Syrian internet censors between 22 July and 5 August 2011. The data were found on a third party server.

?
Oct 7

unijobs.com.au

An Australian University website that lists jobs is hacked by @BlackHatGhosts and has data dumped, included user logins and passwords.

SQLi?
Oct 7 Several Hackers

Department of Public Enterprises South Africa

Department of Public Enterprises, south Africa is hacked and had its database dumped

SQLi
Oct 7 Same authors above

Ministry of Culture and Tourism, Republic of Indonesia

Another day, another government website hacked, (and its data leaked).

Indonesia SQLi
Oct 7  ? University Of Georgia

The University of Georgia discovers a data file on a publicly available Web server that contained sensitive personnel information on 18,931 members of the faculty and staff employed at the institution in 2002. The file included the social security number, name, date of birth, date of employment, sex, race, home phone number and home address of individuals employed at UGA in 2002. Estimatec Cost of the Breach is around $4,051,234.


Internal Accidental Error
Oct 8 ?
U.S. Military Drones

Wired reports that a computer virus has infected Predator drones and Reaper drones, logging pilots’ keystroke during their fly missions over Afghanistan and other warzones. The virus was detected nearly two weeks ago at the Ground Control System (GCS) at Creech Air Force Base in Nevada and has not prevented drones from flying their missions, showing an unexpected strength so that multiple efforts were necessary to remove it from Creech’s computers.


USB Stick?
Oct 8 German law Author. and Customs Dep.
German Citizens

A very strange (un)lawful Cyber Attack, against German Citizens. Chaos Computer Club discloses a “state malware”: a backdoor Trojan horse capable of spying on online activity and recording Skype internet calls. They declare the malware is used by the German police force. The malware was allegedly installed onto the computer as it passed through customs control at Munich Airport.

Germany Flag
Troian Horse
Oct 9 Turkish Energy Team
Several Government Websites

Turkish Energy Team performs (and keeps on to perform) a massive defacement against several governments websites (in certain cases some sub domains). The list (in continuous growth) is published on Zone-H.

Defacement
Oct 9 MCA-CRB
Other Government Websites

Different Crew, same result: a massive defacement against several governments websites. Also in this case the list (in continuous growth) is published on Zone-H.

Defaced Domains 2 Defacement
Oct 9
justonehost.com

Another Web site hosting company defaced: this time it is the turn of justonehost.com that is hacked by @FailRoot, that also dumps its Database online. The leak contains all users informations, emails, paypals and much more is 11.86mb and has been uploaded to megaupload.


Defacement SQLi
Oct 10
 

Congress of the State of Chihuahua

Another government website hit and leaked by @FailRoot: Congress of the state of Chihuahua Mexico. The leak contains administration usernames and (easy guessable) passwords.

Congreso del Estado de Chihuahua SQLi?
Oct 10 Q!sR QaTaR

Turkish Government Websites

A cybercriminal from Quatar defaces a large number of websites belonging to the Ankara government, leaving them non-operational.

Margent
Oct 10

40 Zimbabwe Government Websites

A crew called ISCN hacks and defaces 40 Zimbabwe government based websites leaving a polical message.

Zimbabwe Defacement
Oct 10
UKGraffiti.com

UKGraffiti is hacked by Anonymous_DR (Anonymous Dominicana) who also dumps usernames, emails and encrypted passwords.


SQLi?
Oct 11 ?
RSA

RSA reveals that it believes two groups, working on behalf of a single nation state, hacked into its servers during the infamous Breach of March and stole information related to the company’s SecurID two-factor authentication products used to attack some defense contractors. Although people are likely to assume that China might have been involved in the attack, they did not reveal the name of the nation involved.

RSA
APT
Oct 11 ?
Sony (Playstation Network, Sony Entertainment Network and Sony Online Entertainment)

Back tho the future! Sony under cyber attack… Again! The Company reports of unauthorized attempts to verify valid user accounts on Playstation Network, Sony Entertainment Network and Sony Online Entertainment. A total of 93,000 accounts have been affected (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000). In these cases the attempts succeeded in verifying valid sign-in IDs and passwords, so the accounts were temporalily locked.


SQLi?
Oct 11 ?
blueHOMES.com

Unknown Hackers hack the European property Dealers website blueHOMES.com . About 500,000 Users data claim to be hacked including database with customer passwords in plaintext, full addresses, skype account, and mailboxes of bluehomes. Specified data leaked on pastebin with sample data of some users.


SQLi
Oct 11 ?
Find2Trade.com

Another website hit by Havij. This time is the turn of Find2Trade, an internet portal whose goal is to help small and medium enterprises to reach much higher profits while reducing costs. UserID, email and passwords, which are encrypted, were leaked.


Havij
Oct 12 ?
Raytheon

The U.S. Defense Contractor reveals that it was the victim of a cloud-based attack for the first time, with the incident occurring one week before. Nothing new but the fact that this was the first cloud based attack. The firm usually blocks 1.2 billion attacks a day in addition to four million spam emails each day.


N/A
Oct 12 ? WineHQ

Another Linux Project hacked! Jeremy White, Codeweavers Founder announces that access to the WineHQ database has been compromised. It looks like attackers have used phpMyAdmin to access the WineHQ project’s database and harvest users’ appdb and bugzilla access credentials.

WineHQ SQLi
Oct 13 ?
300,000 Websites

Google reveals another mass infection which affected hundreds of thousands of sites that relied on ASP or ASP.NET: A malicious script got injected into several locations targeting English, German, French and other language speakers surfers.

Asp.Net ASP Vulnerability
Oct 13 ?
Genentech

The biotechnology company suffered a data breach on August, 17 which may have resulted in the theft of information belonging to 3,500 of the million patients who utilize the company’s support programs. Estimated Cost of The Breach is around $750,000

Unlegitimate Access
Oct 14 ?
Chili’s Grill & Bar Restaurant

Ok a Chili Breach is not a big deal, except the fact that the computer server Hackers broke into, is placed at Yokosuka Naval Base. According to Navy officials, hackers stole credit card information and run up erroneous charges.

Credit Card Thieft
Oct 14 ?
Fedora Project

This is not a direct cyber attack but a consequence of the hacks to Linux projects (Kernel.org and Linux). ThreatPost reveals that Fedora Project contacted users to change their password and SSH public key before November 30 to avoid having their accounts marked as inactive.

Fedora Logo N/A
Oct 14
Barinas State, Venezuela

Another dump of sites from @SwichSmoke coming from the state “Barinas” and the government for that state. The release note, in Spanish states that the original password is 123456, fairly lame for a government website.

Barinas SQLi
Oct 14 Vicky Singh
Pakistan Embassy in China

Another episode of the Cyberware between Pakistan and Indian Crew: Vicky Singh defaces the Pakistan Embassy in China.

?
Oct 14 Team Dexter
Contrexx.com

An European Content Management System provider is hacked and has a dump of administration details leaked online.

  N/A
Oct 14 Oct 15 Several Authors
Club Music CPPS

Club Music CPPS is hacked: the leak contains account emails, usernames and decrypted passwords. Note: on Oct 16 the site is still defaced :(

SQLi Defacement
Oct 14
Venezuela National Graduate Advisory Council

Another cyber attack by @SwichSmoke, this time they leak the Venezuela National Graduate Advisory Council and release the leaked data on pastebin.

SQLi
Oct 14 ?
Infragard Atlanta (claimed)

It seems that Infragrad has been hacked again and had a dump of accounts leaked and decrypted even if there is no source or reason or even proof that this is 100% real in anyway. Anyway it still shows that Infragard is still in the eyes of some people. The alleged leak contains emails, usernames, encrypted passwords and the decryption of the password as well.

Infragard N/A
Oct 14 ?
NSEC (Netaji Subhash Engineering College)

The Netaji Subhash Engineering College NSEC is hacked and has a fair amount of member accounts dumped on pastebin. This comes from an unknown source and unknown reasons. The leak contains full user information, emails and passwords in clear text.

SQLi
Oct 14

Chinese Government

Barbaros-DZ hacks over 1,700 sites belonging to the Chinese Government defacing them and leaving a message against the Goverment itself. THe list of the sites is available on Zone-H.

 Defacement
Oct 14

UK Government

Special mention this month for Her Mayesty’s Cabinet Minister Oliver Letwin, who has got himself into hot water, after The Daily Mirror reported him in the habit of dumping private correspondence and sensitive documents detailing Al-Qaeda activities and secret service operations into park bins in St James’s Park, Westminster, close to Downing Street. The documents contained the personal details of the minister’s constituents, including names, phone numbers, email contacts and postal addresses.

UK Flag Defacement
Oct 15 SA3D HaCk3D
16,000+ websites

SA3D HaCk3D shows on Zone-H the results of his work of the past years: a total of 16,000+ websites defaced.

SA3D HaCk3D Defacement
Oct 15 p0xy
iCPPS

For an alleged personal revenge, a hacker called p0xy leaks usernames, emails and hashed passwords from the iCPPS online platform.

icpps SQLi
Oct 15 iolaka
World Miss Photogenic

This time is the turn of a fashion/model based website, which is attacked and suffers a dump of accounts leaked containing 1000+ accounts including usernames, emails and encrypted passwords by iolaka.

SQLi
Oct 15
India Cyber Crime Investigation Cell

Another episode of the Cyber-Guerrilla between India and Pakistan: Pakistani hacker Shadow008 hacks and defaces India’s Most Important website of Cyber cell located at Mumbai.

Defacement
Categories: Cyber Attacks Timeline, Cyberwar, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

September 2011 Cyber Attacks Timeline (Part II)

October 2, 2011 5 comments

Here it is the second part of my traditional monthly Cyber Attacks Timeline (Part I available here). From an information Security Perspective the main events of this month were the infamous Diginotar breach which led to Bankrupt for the Dutch Company and also the BEAST attack to SSL, two events which, together, thumbed the Infosec Community in its stomach.

Of course these events did not divert the attention of hackers who kept on to carry on attacks against different targets.

The Anonymous continued their campaign: although mainly focused on the #OccupyWallStreet Operation (in which a Senior Officer who used pepper spray against protestors was “doxed”, they targeted several governments including Mexico, Austria, (where they also performed an unconfirmed hack against an health insurance Firm targeting 600,000 dumped users) and Syria. In particular the latter attack triggered a retaliation by Syrian Electronic Soldiers against the prestigious Harvard University.

Chronicles also report a Japan defense contractor hit by hackers, Mitsubishi Heavy Industries, (China denied its involvement on the attack), another Twitter Account hacked by The Script Kiddies (this time against USA Today), an indirect attack perpetrated against (through) Oracle by infecting its MySQL.com domain with downloadable malware and, last but not least a massive defacement of 700,000 sites hosted by Inmotion.

US Navy was also victim of defacement.

As far as the prize for the “Most Expensive Breach of the Month” is concerned, the laurel wreath is undoubtedly for SAIC (Science Applications International Corp.) which lost a tape database backup containing data of 4,900.000 users with an estimated cost of approximately 1 billion of bucks…

As usual, useful Resources for compiling the table include:

My inclusion criteria do not take into consideration simple defacement attacks (unless they are particularly resounding) or small data leaks.

Update: On 09/30/2011, Betfair reported a 3.15 million records breach with a total estimated cost of 1.3 billion USD winning the laurel wreath of the most expensive breach of the month.

Date Author Description Organization Attack
Sep 16


Websites of several Mexican government ministries

As part of OpIndipendencia, websites of several Mexican government ministries, including Defense and Public Security, are teared down in the same day of the symbolic beginning of Mexico’s independence from Spain.


DDoS
Sep 16 Mikster
Clubmusic.com

Clubmusic.com, a worldwide dj website. is hacked and the leak dumped on pastebin.


SQLi
Sep 16 Sec Indi Security Team
Official Website of The United States Navy

An hacker crew called Sec Indi Security Team Hacker uploads a custom message on the server to warn a WebDav vulnerability.

WebDav Vulnerabilty
Sep 16 ? California State Assembly

More than 50 employees of the California State Assemby, including some lawmakers, have been warned that their personal information might have been obtained by a computer hacker.


?
Sep 17 ?
Intelligence And National Security Alliance

Names and email addresses of hundreds of U.S. intelligence officials have been posted on an anti-secrecy website. On Monday Sep 10 INSA published a major report warning of an urgent need for cyberdefenses. Within a couple of days, in apparent retaliation, INSA’s “secure” computer system was hacked and the entire 3,000-person membership posted on the Cryptome.org website

  N/A
Sep 17 ?
Fake FBI Anonymous Report

A Fake FBI Psychological profile of the Anonymous group is published. Although not a direct cyber attack, this event can be considered an example of psychological hacking and a “sign of the times” of how information and counter information may play a crucial role in hacking.

  SQLi?
Sep 18
Texas Police

Anonymous/Anti-sec releases a document containing a list of about 3300 members of the Texas Police Association

  N/A
Sep 19

?

Mitsubishi Heavy Industries

Mitsubishi Heavy Industries, Japan’s biggest defense contractor, has revealed that it suffered a hacker attack in August that caused some of its networks to be infected by malware. According to the firm,  45 network servers and 38 PCs became infected with malware at ten facilities across Japan. The infected sites included its submarine manufacturing plant in Kobe and the Nagoya Guidance & Propulsion System Works, which makes engine parts for missiles.


APT
Sep 19
City Of Rennes

TeaMp0isoN takes responsibly to hack the official website of The City Of Rennes (France) via a tweet. They also publish the reason of hack on the defacement page.

Defacement
Sep 19
?

Hana SK

Hana SK Card Co., a South Korean credit card firm, announces that Sep 17, some 200 of its customers’ personal information has been leaked. Total cost of the breach is $42,800.

Hana SK Card
SQLi?
Sep 20
? Former USSR Region

Source report that at least 50 victim organizations ranging from government ministries and agencies, diplomatic missions, research institutions, and commercial entities have been hit in the former Soviet Union region and other countries in an apparent industrial espionage campaign that has been going on at least since August 2010.The advanced persistent threat (APT)-type attacks — dubbed “Lurid” after the Trojan malware family being used in it — has infected some 1,465 computers in 61 countries with more than 300 targeted attacks.


APT
Sep 20
 Shad0w Fox Sports Website

Fox Sports website, on of the most visited Websites in the world (rank 590 in Alexa) gets hacked. An Hacker named “Shad0w” releases SQL injection Vulnerability on one of the sub domain of Fox Sports and exploit it to extract the database. Leaked database info posted on pastebin. Vulnerable link is also posted together admin password hashes.


SQLi?
Sep 22
Core Security Technologies

Another security Firm target of hacking: Core Security Technologies is hacked by an hacker called Snc0pe, who defaces some websites belonging to the firm. Mirror of the hack can be seen here.


N/A
Sep 24 ?
UKChatterbox

Popular IRC service UKChatterbox advises users to change their passwords following a series of hacks which culminated in an attack that may have compromised user details. The password reset follows on from a succession of outages previously attributed to maintenance upgrades, back to the start of the summer. In a notice to users, UKChatterbox advises users to change their passwords and not to re-use them on other sites. The number of hacked account is unknown.


N/A
Sep 25

Seven Major Syrian Cities and Government Web Sites

The Anonymous unleash a chain of defacement actions against the Syrian Government, hacking and defacing the official sites of seven major Syrian cities, which stayed up in their defaced version for more than 16 hours. The defacement actions kept on the following day in which 11 Syrian Government Sites were defaced as part of the same operation.


Defacement
Sep 25 ?
Indira Gandhi International Airport

Although happened three months ago, it turns out that a ‘technical snag’ hittinh operations at the Indira Gandhi International Airport (IGIA) T3 Terminal was caused by a “malicious code” sent from a remote location to breach the security at the airport.


APT
Sep 26
Inmotion Hosting Server

700,000 websites hosted on InMotion Hosting network are hacked by TiGER-M@TE. The hackers copied over the index.php in many directories (public_html, wp-admin), deleted images directory and added index.php files where not needed. List of all hacked 700,000 sites here.

Defacement
 Sep 26
Austrian Police

The Austrian Anonymous branch publishes the names and addresses of nearly 25,000 police officials, raising fears for officers’ personal security. An Austrian Interior ministry spokesman said the information came from an “association closely related with the police”. Estimated cost of the breach is around $ 5,400,000.


SQLi?
Sep 26
USA Today Twitter Account

The USA Today Twitter account is hacked and starts to tweet false messages mentioning the other accounts hacked by the authors of the action: the Script Kiddies (already in the spotlight for hacking the FoxNews Twitter Account at the Eve of 9/11 anniversary)


Account Hacking
Sep 26
?
MySQL.com

MySQL.com website is struck by cybercriminals, who hacked their way in to serve up malicious code to visiting computers with a Java exploit that downloaded and executed malicious code on visiting Windows computers. Brian Krebs reports that just few days before, he noticed on a Russian underground website that a hacker was offering to sell admin rights to MySQL.com for $3000. MySQL.com receives almost 12 million visitors a month (nearly 400,000 a day).


Java Exploit to install malware
Sep 26
Harvard University

In retaliation for the defacements performed by the Anonymous targeting Syria, Syrian Electronic Soldiers deface the website of the prestigious Harvard University. The same group came in the spotlight during July and August for defacing Anonoplus engaging a “de facto” cyberwar against The Anonymous.


Defacement
Sep 26 ?
#Occupywallstreet

The month of September is characterized by the OccupyWallStreet Operation, started on September, the 17th and still ongoing. Although not directly configurable as an hacking action, it may rely on the support of the Anonymous who “doxed” a senior police who controversially usec pepper spray against a group of female protesters.


N/A
Sep 27
COGEL, Council On Governmental Ethical Law

Once again in this month,Snc0pe claims another resounding action. This time the alleged target is the official website of The Council on Governmental Ethics Laws (COGEL). He posts a message on pastebin, along with the database download link.


SQLi?
Sep 28
Tiroler Gebietskrankenkasse (TGKK)

AnonAustria in the spotlight again after the resounding hack against Austrian Police. This time the victim is an health insurance firm Tiroler Gebietskrankenkasse (TGKK) whose database of some 600,475 medical records AnonAustria claims to have hacked. The databse includes some celebrities. The total cost of the breach is around $128,500,000.00.


SQLi?
Sep 29 ?
SAIC (Science Applications International Corp.)

SAIC, one of the Pentagon‘s largest contractors reveals to have discovered a data breach occurred a couple of weeks before, affecting as many as 4.9 million patients who have received care from military facilities in San Antonio since 1992. The breach involved backup computer tapes from an electronic health care record. Some of the information included Social Security numbers, addresses, phone numbers and private health information for patients in 10 states. Statement of the data breach here Estimated cost of the breach is around $ 1 billion.


Car Burglary
Sep 30 ?
Laptop Virus Repair

Although not resounding as the one which targeted MySQL.com, here it is another example of a website infected with malicious code targeting a free antivirus cloud based service.

Laptop Virus Repair
Malicious Code
Sep 30 ?
Betfair

Betfair reports a leak including not only the payment card details of most of its customers but also “3.15m account usernames with encrypted security questions”, “2.9m usernames with one or more addresses” and “89,744 account usernames with bank account details”. The incident occurred on 14 March 2011 but was announced only 18 months later. Estimated cost of the breach is around $1.3 billion.


?
Follow

Get every new post delivered to your Inbox.

Join 2,944 other followers