Saturday, June 2, 2012

Ongoing Investments Have To Be Made To Protect Corporate And Online Perimeters

Why Hacktivists Attack?

Hacktivists usually attack because they want to embarrass their targets.

This week, Anonymous took credit for hacking a server at the United States Bureau of Justice Statistics, copying 1.76 GB of data and posting it online.

Why? "... to spread information, to allow the people to be heard and to know the corruption in their government. We are releasing it to end the corruption that exists, and truly make those who are being oppressed free," hackers claiming to be part of Anonymous posted on

Another example: this week's takedown of WHMCS, a UK-based online billing platform used by Web hosting providers throughout the world. The hacktivist group known as UGNazi took credit for a breach of WHMCS's database - a breach that likely exposed details on 500,000 payment cards.

The group also launched a denial of service attack on one of WHMCS's servers, which ultimately took the platform's site down for 24 hours and disrupted service to its global client base. Why? UGNazi says it targeted WHMCS because the company refused to address security vulnerabilities.

In a May 23 post on Pastebin, UGNazi hacker Cosmo says WHMCS's database was leaked because the company ignored UGNazi's warnings about security concerns linked to its Web hosting provider, HostGator.

Cosmo writes: "It is now 2 days after the attack from us and the site is back up and it still remains on HostGator after Matt knows it is insecure. ... We laugh at your security."

UGNazi hackers reportedly socially engineered customer service reps at HostGator into coughing up admin credentials to WHMCS's servers.

How could WHMCS have avoided this attack? Perhaps by publicly responding to the threats and admitting it needed to enhance security.

No comments: