Blog

Websites Hacked in 2011

Websites Hacked in 2011

In its first six months, 2011 has already been a banner year for cybercriminals and “hacktivists,” who’ve managed to hack into or disrupt the websites of several high-profile organizations.

 

Here is a roundup of every cyberattack and data breach that have made headlines in early 2011. As cybercriminals find new targets, expect the list to (unfortunately) grow.

 

June 9: Britain’s National Health Service

 

LulzSec put on the “white hat” for this intrusion. It alerted the NHS that its network security was inadequate and publicized the hack without revealing any compromising information. The group’s @lulzsec Twitter feed also solicited bone-marrow donors in honor of a 15-year-old English girl dying of cancer whose “bucket list” blog had drawn attention.

 

June 9: Citigroup

 

The banking and insurance giant announced that unknown hackers had penetrated its network security and made off with the personal identification information of some 200,000 clients.

 

June 8: Canada’s Conservative Party

 

Hackers apparently upset by Prime Minister Stephen Harper’s moves to regulate the Internet in Canada — and by his re-election — broke into his party’s servers, planting a bogus story about how he had to be rushed to the hospital after choking on hash browns at breakfast.

 

June 6: Nintendo

 

Nintendo became LulzSec’s second major target of the first week of June. On June 6, LulzSec compromised the U.S. servers of the gaming giant Nintendo. The hack, however, was more a prank than anything else. No information was stolen, and LulzSec admitted on its Twitter page that it “didn’t mean any harm.”

 

June 3: InfraGard

 

LulzSec strikes again! On June 3, the hacktivist group defaced the website of InfraGard, an Atlanta-based firm that provides IT security to the FBI. In addition to defacing the site, LulzSec leaked 700 megabytes of emails from InfraGard, as well as the personal information of 180 employees.

 

June 1: L-3 Communications

 

Just days after hackers penetrated the networks of Lockheed Martin, U.S. defense contractor L-3 Communications admitted that it had suffered a network intrusion. Again, compromised authentication tokens from RSA were behind the breach.

 

June 1: Google Gmail

 

Chinese identity thieves used “spear phishing” to take over hundreds of Gmail accounts, including those belonging to senior American officials, Chinese political activists, military personnel and journalists.

 

May 29: PBS

 

LulzSec didn’t waste any time after hitting Fox in early May; on May 29, the hacking group defaced the PBS website with a phony news story claiming that slain rapper Tupac Shakur is alive and living in New Zealand. LulzSec perpetrated the attack in retaliation for the PBS show Frontline airing a WikiLeaks documentary called “WikiSecrets.”

 

May 27: Lockheed Martin

 

Lockheed Martin, the largest provider of IT services to the U.S. government and military, suffered a network intrusion stemming from data stolen pertaining to RSA’s SecurID authentication tokens.

 

May 17: NASA

 

A Romanian hacker calling himself “TinKode” took to Twitter on May 17, boasting that he had breached a computer server at NASA’s Goddard Space Flight Center and gained access to confidential satellite data used to aid in disaster relief.

 

May 17: Massachusetts Executive Office of Labor and Workforce Development

 

Hackers used a Trojan to get into the network of the state labor agency, exposing the names, addresses, email addresses and Social Security numbers of an estimated 210,000 people. Banking information may also have been taken.

 

May 16: Her Majesty’s Treasury

 

Britain’s Chancellor of the Exchequer, George Osborne, announces that the British treasury ministry has been under sustained cyberattack for months. He tells a conference that the ministry was receiving about 20,000 “spear phishing” emails per month, rigged with malware to open backdoors into the organization’s networks, but that none had gotten through.

 

May 13: Fox Broadcasting Company

 

LulzSec breaks into a server hosting Fox.com and publish about 400 email addresses and passwords belong to employees of the Fox Broadcasting Company and local affiliate stations. If LulzSec was aiming at the Fox News Channel, it missed — that’s a separate division of News Corporation.

 

May 9: Anonymous

 

A disgruntled follower of the hacktivist movement turned on the group and took over message boards where Anonymous members chatted and planned attacks.

 

May 5: Sony

 

In what Sony called a third attack on its servers, an Excel spreadsheet showing the names and hometowns of entrants in a 2001 Sony-sponsored prize contest was posted online. But it turned out Sony itself had left the document exposed on a public website for 10 years until two different researchers found it using Google searches.

 

May 4: “The X Factor”

 

The hacking group LulzSec burst onto the scene on May 4 by stealing the names, emails and phone numbers of a quarter-of-a-million contestants of Fox’s Simon Cowell-hosted singing competition “The X Factor.” A week later, LulzSec would admit to hacking Fox Broadcasting Network and stealing the usernames and passwords of nearly 400 Fox employees.

 

May 2: Sony Online Entertainment

 

Sony suddenly disconnects the network linking players of massive multiplayer games. It turns out the network’s back end was breached at the same time as those of the PlayStation Network and Qriocity networks were, bringing the total number compromised accounts to 102 million.

 

April 25: New York Yankees

 

Major League Baseball’s most successful (and sometimes most-hated) team struck out on user privacy when a team employee accidentally emailed an Excel spreadsheet containing the contact information for more than 21,000 season-ticket holders.  The attachment went to about 2,000 business contacts, but the Yankees were quick to state that no birth dates, Social Security numbers or financial information were among the data.

 

April 20: PlayStation Network and Qriocity

 

As a result of possibly the largest data breach ever, Sony suddenly took its PlayStation Network and Qriocity on-demand entertainment services offline on April 20. Two days later, Sony explained that there had been an “external intrusion” that had forced the shutdown of the networks.  On April 26, it announced that intruders had accessed the user records of up to 77 million users, whose real names, email addresses, passwords, home addresses and telephone numbers had all been stored in unencrypted text.  Sony said the associated credit-card numbers had been encrypted, even as hackers offered purported Sony-associated credit-card numbers in online bazaars and anecdotes came in of mounting credit-card fraud among PlayStation Network users.

 

April 17: Oak Ridge National Laboratory

 

One of the main servers at the Department of Energy-run research facility near Knoxville, Tenn., was taken offline after administrators noticed large amounts of data in the process of being stolen.  Officials at the lab suspected a “spear-phishing” campaign had opened backdoors into the servers.  The lab was originally built to process plutonium for nuclear weapons, but now focuses on civilian nuclear, biological, chemical and information-technology research.

 

April 17: European Space Agency

 

A Romanian “gray hat” hacker — one who takes things mainly to embarrass their owners — got into the servers of the European Space Agency outside Paris, then posted user names, account information and passwords on his own website after letting ESA administrators know.

 

April 13: WordPress.com

 

WordPress.com, which makes and distributes the popular WordPress blogging platform, announced on April 13 that hackers had broken into the servers of Automattic, which host WordPress-based blogs. The intruders potentially made off with sensitive information such as source code and user passwords of WordPress’ 25 million bloggers. This is the second major attack on WordPress.com in the past two months. In March 2011, WordPress.com was hit by a massive distributed denial-of-service attack.

 

April 4: Sony

 

Anonymous-affiliated hacktivists use DDoS attacks take down several PlayStation-related websites in retaliation for Sony’s lawsuit against hacker George Hotz, who discovered the internal password to “jailbreak” the PlayStation 3 and posted the password online.  Anonymous calls off the attack after a few days after gamers complain; attacks against other Sony sites fizzle out.  UPDATE: On April 11, Hotz calls for a boycott of all Sony products.  On the same day, Sony announces it had settled the lawsuit against Hotz nearly two weeks earlier — before the Anonymous attacks began.

 

March 30: Epsilon

 

At least 26 companies, including BestBuy, Capitol One Bank, Citi, JPMorgan Chase, TiVo and Walgreens, have their customer email lists stolen during a data breach at Epsilon, which handles e-mail communications for 2,500 companies worldwide. Passwords or other sensitive data was not taken, but security experts warned of an upsurge in spam and phishing attacks in the coming months.

 

March 29: European Parliament

 

In a continuation of the previous week’s attack on the European Commission and the European External Action Service, highly skilled hackers penetrated the network of the European Parliament in Strasbourg, France.

 

March 29: Australian Parliament

 

Sydney’s Daily Telegraph learns that sophisticated hackers, thought to be working for Chinese intelligence, had for nearly two months been intercepting messages sent over the federal parliamentary email system.  Ten members of Parliament, including Prime Minister Julia Gillard and Australia’s foreign and defense ministers, had their parliamentary computers compromised.  The Australian security services were reportedly tipped off to the breach by U.S. CIA and FBI.

 

March 27: MySQL.com

 

MySQL.com, the main website promoting the open-source database-management software suite, is hacked into by two Romanian “gray hat” hackers using, ironically, a SQL injection.  SQL injections are common but powerful Web-based attacks that exploit overlooked “holes” in a website’s database communications.  The hacked caused no damage but did embarrass Oracle Corp., which owns and distributes MySQL.

 

March 25: RIAA.com

 

Anonymous-affiliated hacktivists use a DDoS attack to bring down the website of the Recording Industry Association of America for about five hours. Anonymous said the attack was to protest a new RIAA lawsuit against the shuttered file-sharing service LimeWire, which demanded damages of $150,000 for each download of some 11,000 copyrighted songs — a claim estimated at $75 trillion dollars. The federal judge tossed out the claim, noting that the amount was “more money than the entire music industry has made since Edison’s invention of the phonograph in 1877.”

 

March 24: New Zealand Department of Internal Affairs

 

Anonymous-affiliated hacktivists had promised to punish New Zealand’s civil-service department for a new law that mandated Internet censorship of possible child pornography. The attack was supposed to take place March 28, but someone jumped the gun and took down the DIA’s website for several hours.

 

March 24: TripAdvisor.com

 

The popular travel-planning website revealed that network intruders had made off with part of the membership email list.  No passwords or financial data were compromised, according to the company, but it did warn members to be ready for an uptick in spam.

 

 

March 23: European Commission, European External Action Service

 

On the eve of a major summit of European leaders to discuss the escalating crisis in Libya, the executive and diplomatic bodies of the European Union in Brussels came under sophisticated attack.  Internet access to the bodies was blocked, and staffers were asked to change their passwords.  Officials privately said the attack resembled the network intrusion on the French finance ministry two weeks beforehand.  Once again, Chinese government-sponsored hackers were suspected.

 

March 17: RSA

 

RSA, maker of SecurID authentication tokens, said its networks had been penetrated, and data stolen, by an “advanced persistent threat” (i.e., hackers likely sponsored by the Chinese government).  The company would not say if the breach affected the 40 million SecurID tokens used by employees of large corporations and government agencies to log into secure networks and systems, or the 250 million smartphones that use a similar system.

 

March 17: Hollywood Starlets

 

Up to 50 young female celebrities had nude photos stolen from their email and smartphone accounts.  “High School Musical” star Vanessa Hudgens was said to be talking to the FBI.  The gossip website TMZ said the feds were closing in on the hackers, who were said to be motivated less by money than by the thrill of it.  Others who had nude photos circulating reportedly included Scarlett Johansson, Miley Cyrus, Jessica Alba and Christina Aguilera.

 

March 7: French Finance Ministry

 

Sophisticated hackers used “spear phishing” attacks to penetrate and steal sensitive documents from the French finance ministry. Most of the stolen documents pertained to to France’s presidency of the Group of 20 association of leading-economy finance ministers.  Some of the data was forwarded to Chinese websites, but as an unnamed official told Paris Match, which broke the story, “that doesn’t mean much.”

 

March 4: South Korea

 

Directed denial-of-service (DDoS) attacks hit various websites in South Korea, including the presidential residence the Blue House and the country’s two largest search engines.  Most withstood the onslaught.  Suspicion immediately fell upon North Korea, which was almost certainly behind a similar, though more powerful, attack in July 2009.

 

March 3: WordPress

 

The popular blogging service got taken down for several hours by what company founder Matt Mullenweg called the “largest and most sustained” DDoS attack in its six-year history.  Mullenweg suspected it may have been “politically motivated against one of our non-English blogs.”

 

Feb. 24: Westboro Baptist Church

 

On Feb. 24, Anonymous took down several websites associated with the controversial Westboro Baptist Church. A small but vocal Christian group that loves publicity and hates almost everything else, the Westboro Baptist Church pickets military funerals with signs reading “God Hates Fags” and “Thank God for Dead American Soldiers.”

 

Feb. 22: Voice of America

 

On Feb. 22, pro-Iran hackers went after Voice of America the official news service of the United States government. This one was by a group calling itself the Iranian Cyber Army (ICA). In its hack on www.voanews.com, the ICA denounced what it saw as U.S. involvement in the ongoing revolutions in the Muslim world. The ICA manipulated the VOA homepage to read: “Mrs. Clinton Do you want to hear the voice of oppressed nations from heart of USA? Islamic world doesn’t believe USA trickery. We call on you to stop interfering in Islamic countries.”

 

Feb. 18: Canada

 

In mid-February, it was revealed that the Treasury Board, Finance Department and Defence Research and Development — Defence Research and Development Canada is a civilian military agency — were all breached in January by hackers believed to be operating in China. The hackers were seeking confidential information pertaining to financial and weapons information and data about oil and gas resources.

 

Feb 11: Iran

 

As antigovernment protests spread throughout the Middle East, so did cyberattacks aimed at crippling oppressive government regimes. On Feb. 11, Anonymous took action against several Iranian government websites, standing in solidarity against what it called in a press release “the chains of oppression, tyranny and torture.” The distributed denial-of-service (DDoS) attacks were levied against the websites of IRNA, Iranian’s semi-official news agency, President Mahmoud Ahmedinejad and Ayotollah Ali Khomenei, but none were entirely successful.

 

Feb 6: HBGary Federal

 

Anonymous was involved in this next hack, and this one added a bit of intrigue and espionage to the mix. On Feb. 5, Aaron Barr, chief executive of the Washington, D.C.-based security firm HBGary Federal, announced that he had unmasked the members of Anonymous, and would reveal their identities at a security conference later in the month. Wasting no time, Anonymous the following day took down the website of Barr’s company, hijacked Barr’s personal Twitter account and his boss’s LinkedIn profile, and posted more than 70,000 of Barr’s personal e-mails. In a brazen show of defiance, Anonymous even posted the dossier of secret Anonymous identities Barr was planning to make public. While Anonymous was just flexing its muscles, it turned out those 70,000 e-mails told a scandalous story of espionage and dastardly closed-door dealings. Barr’s leaked e-mails revealed that his company was planning to launch cyberattacks and public smear campaigns of its own against WikiLeaks.

 

Feb. 5: Nasdaq

 

Next up to go down: the Nasdaq. As reported in a Feb. 5 Wall Street Journal article, hackers for the past year had been targeting computer networks belonging to the Nasdaq stock exchange. But these online crooks weren’t after money. The hackers’ real target was Directors Desk, a cloud application owned by Nasdaq that stores financial records and reports for hundreds of Fortune 500 companies and more than 10,000 corporate board members.

 

Jan. 26: Utah, Michigan, Albania, Italy, the U.S. Army, etc.

 

A few weeks passed before another high-profile organization was targeted, but when the next hit came, it was a big one. In late January, a hacker hijacked more than a dozen top military, government and education websites. Among the hacker’s haul were the websites of the states of Utah and Michigan, the Italian government, the Albanian military, Singhania University in India and the U.S. Army’s Communications-Electronic Command (CECOM). The hacked websites were being sold for $55-$499 each on an underground market.

 

Jan 26: Egypt

 

On Jan. 26, Anonymous struck again, this time against Egypt’s official government websites. The attacks on the websites of the cabinet, Ministry of the Interior and Ministry of Communications and Information Technology were carried out after then-President Hosni Mubarak blocked citizens’ access to Twitter. Following Egypt’s five-day Internet blackout, Anonymous launched a second wave of digital protests, taking down sites in Egypt as well as in Yemen.

 

Jan 2: Tunisia

 

The first notable digital disruption of the year occurred just two days in, when the hacktivist group Anonymous launched massive DDoS attacks against at least eight Tunisian government websites. The DDoS takedowns were in response to the Tunisian government’s decision to block its citizens from accessing WikiLeaks. Protests in Tunisia kicked off a surge of antigovernment opposition that spread quickly throughout the Middle East.

 

What’s next?

 

Unfortunately for prominent organizations — and even worse for controversial ones — the year is only half over, and if the first six months are any indication, there are most certainly plenty of cyberattacks still to come

Facebook Twitter Linkedin Digg Stumbleupon Email
1

Discussion

  1. Higor  June 16, 2012

    In the past, hacktivists have comearpd their activities to legitimate civil disobedience – but such a view is not a defence if suspected hackers are brought to court. In a way I do have to agree with these groups on that respect. I would like someone to explain how a DDoS attack is really different then say a sit in? In the past groups would get people together to protest by physically going to a business and just block entry to the business by the number of people there sitting around. It seems to me that a DDoS is just a modern form of this. I’m not saying I agree with these hacking groups nor am I saying it should be without repercussions. I just think that the laws should look at these things for what they are. DDoS attacks are an annoyance for a business just like a sit in. It is not a damaging attack like a true hacking of their servers can be. DDoS is like people protesting at your business location where actual hacking is like someone throwing rocks through your windows and looting the business. They are two totally different levels and should be treated as such.

    (reply)

Υποβολή Σχολίου