This past week saw considerable hacker activity: AntiSec released to the Internet 1 GB worth of emails and documents stolen from the account ofVanGuard Defense Industries Senior Vice President Richard Garcia.
A related hacker community, Anonymous, hacked into the servers of theBay Area Rapid Transit (BART) Police Officers’ Association.
Anonymous also breached the servers of another BART website, releasing data on about 2,000 BART riders.
This past week, a former employee of theU.S. subsidiary of Japanesepharmaceutical company Shionogipled guilty to United States federalcharges that he remotely deleted the contents of 15 virtual hosts on thecompany’s network after he had left the firm’s employ.
Finally, security vendors McAfeeand Kaspersky are hurling angry exchanges over Operation ShadyRat,which McAfee announced to the world earlier this month.
The AntiSec Hack
The information AntiSec published on the Web after breaking into theaccount of VanGuard’s Garcia includes notes about internal meetings,contracts, schematics and other sensitive information.
AntiSec reportedly exploited two outdated plug-ins in the WordPressblogging platform VanGuard uses.
The hacker community said after the hack that Garcia, who appears tohave lots of IT security experience, had not changed several of hispasswords.
Garcia is an executive board member of InfraGard,a joint effort between the FBI and private security contractors thatremains one of AntiSec’s major targets.
Garcia previously served as assistant director of the Los Angeles FBIoffice, and he is the former global security manager for Shell Oil,AntiSec claims.
VanGuard makes armed unmanned drones used by law enforcement, themilitary and private corporations in the United States, Latin Americaand elsewhere.
BART – Doh!
Different servers in the BART IT infrastructure were hit in twoseparate attacks recently.
One was the MyBart website, where BART riders sign up for offers and gifts. Anonymous stole and published thepersonal information of about 2,000 BARTriders, angering many members of the public.
That move was driven by the hacker community’s desire for publicity, Identity Finder CEO Todd Feinman told TechNewsWorld.
A purported French woman with the online handle “Lamaline” claimed responsibility on behalf of Anonymous for the hack into the servers of the Bart Police Officers Association.
The hacker published the names, email and street addresses and emailpasswords of 102 association members.
Doing the Shionogi Shuffle
From the courts comes a chilling tale of long-distance retribution inthe case of the U.S. subsidiary of Japanese pharmaceutical firmShionogi.
Jason Cornish, aGeorgia man who had resigned from the company, gained unauthorizedaccess to Shionogi’s network through a user account and then deleted thecontents of 15 virtual hosts in the IT system, according to the U.S. Department of Justice.
The deleted servers housed most of Shionogi’s American computerinfrastructure, including email and BlackBerry servers, the ordertracking system and financial management software. Shionogi sustainedabout US$800,000 worth of damage.
Cornish launched the attack from a McDonald’s in Smyrna, Ga., over thewireless network provided by the fast food outlet to customers. He had secretly installed a VMware management dashboard at somepoint before leaving the company.
The attack was launched in retaliation for the firing of Cornish’sfriend and supervisor, who had hired him back as a consultant after heresigned as a full-time employee.
The best way to prevent attacks like this is to have a proper logmonitoring system.
“You must ensure that your IT system logs provide adequate detail,including things such as source IP and verified user identity,” EricChiu, founder and president of HyTrust, told TechNewsWorld. “You alsoneed a granular description of what is actually happening, and mustmonitor denied actions, which could indicate that someone is fishingfor vulnerabilities.”
However, it would be difficult to find a back door secretly installed by someone in IT, Chiu warned.
Shady Rat Gnaws at Security Vendors
Remember Operation Shady Rat, the massive years-long campaign ofcybersecurity attacks and theft of information McAfee recently announced withmuch fanfare?
Some security experts decried the announcement as containing nothingnew and suggested McAfee was seeking publicity.
Eugene Kaspersky’sblog wasparticularly hard hitting, dismissing McAfee’s claims as being”largely unfounded and not a good measure of the real threat level,”among other things.
McAfee spokesperson Heather Edell pointed TechNewsWorld to atweet by Dmitriy Alperovitch,McAfee’s vice president of threat research and the person whoannounced Shady Rat, in response.
Alperovitch is “the only one who can really take the lead” onanswering TechNewsWorld’s questions, and he was out of the country andunavailable, Edell said.
The slapfest between the two vendors continues.