WW
WASC Web Hacking Incidents Database
Fri, Apr 15, 2011 5:10 PM
Entry Title: WHID 2011-38: HBGary Federal Hacked by Anonymous
WHID ID: 2011-38
Date Occurred: February 7, 2011
Attack Method: SQL Injection
Application Weakness: Improper Input Handling
Outcome: Leakage of Information
Attacked Entity Field: IT Services
Attacked Entity Geography: USA
Incident Description: In a phone interview late Sunday evening, Hoglund said
that unlike the more traditional Web-site attacking activities of Anonymous,
the hackers who infiltrated HBGary¹s system showed real skills, even social
engineering a network administrator into giving them complete control over
rootkit.com, a security research site Hoglund has long maintained.
³They broke into one of HBGary¹s servers that was used for tech support, and
they got emails through compromising an insecure Web server at HBGary
Federal,² Hoglund said. ³They used that to get the credentials for Aaron,
who happened to be an administrator on our email system, which is how they
got into everything else. So it¹s a case where the hackers break in on a
non-important system, which is very common in hacking situations, and
leveraged lateral movement to get onto systems of interest over time.²
Mass Attack: No
Reference:
http://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous/
Attack Source Geography:
Entry Title: WHID 2011-38: HBGary Federal Hacked by Anonymous
WHID ID: 2011-38
Date Occurred: February 7, 2011
Attack Method: SQL Injection
Application Weakness: Improper Input Handling
Outcome: Leakage of Information
Attacked Entity Field: IT Services
Attacked Entity Geography: USA
Incident Description: In a phone interview late Sunday evening, Hoglund said
that unlike the more traditional Web-site attacking activities of Anonymous,
the hackers who infiltrated HBGary¹s system showed real skills, even social
engineering a network administrator into giving them complete control over
rootkit.com, a security research site Hoglund has long maintained.
³They broke into one of HBGary¹s servers that was used for tech support, and
they got emails through compromising an insecure Web server at HBGary
Federal,² Hoglund said. ³They used that to get the credentials for Aaron,
who happened to be an administrator on our email system, which is how they
got into everything else. So it¹s a case where the hackers break in on a
non-important system, which is very common in hacking situations, and
leveraged lateral movement to get onto systems of interest over time.²
Mass Attack: No
Reference:
http://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous/
Attack Source Geography: