Application Security // Database Security
12/13/2012
02:30 AM
Connect Directly
RSS
E-Mail
50%
50%

The Biggest Hacker Busts Of 2012

No love for Lulz as cops crack down on cybercrooks

It's easy enough to focus on the major breaches of 2012 and feel a certain hopelessness. But this year was a banner one for busting black hat bad guys. Several major international operations reaped a harvest of hackers, from big-shot Russian gangsters to bored British teens. This was the year they locked up the world's biggest pirate in Sweden. And the gangly Anonymous guy who probably should have worn the mask but didn't. The thoughtful cybercriminal should be sure to consider some questions in the year ahead. Who can you trust? How long can you run? Is bragging really worth it? And, of course, when a hacker's girl displays her breasts, is she showing more than she knows?

[Which applications and vendor dominated the vulnerability and exploit headlines in 2012? See The Vulnerability 'Usual Suspects' Of 2012.]

Sabu's Lulzsec Pals: Ryan Ackroyd, Jake Davis, Darren Martyn, Jeremy Hammond, and Donncha O'Cearrbhail
Thanks, in large part, to the cooperation of hacker Hector Xavier Monsegur, better known as Sabu, who was arrested last year for his escapades as an Anonymous hacker, authorities in the U.S. and Europe arrested five of his compatriots in an international sting that shook up Lulzsec and Anonymous in both the U.S. and the U.K. The sweep caught up a disparate group of cybercriminals from O'Cerrbhail and his attacks against the Irish government, to Hammond, the self-proclaimed "anarchist-communist" who launched a devastating attack against Stratfor, to large-scale collaborative efforts targeting companies and nation states.

Sony's Revenge: Raynaldo Rivera
After the arrest last year of Rivera's Lulzsec partner in crime, Cody Kretsinger, it was only a matter of time before the law caught up with Rivera. He surrendered to the FBI following an indictment by a grand jury for hacking Sony Pictures using a proxy server to carry out a SQL injection attack in May 2011 that lead to the release of unencrypted passwords of more than 1 million Sony customers. In October Rivera pleaded guilty to the crime and will learn his sentencing in the spring. Originally up for 15 years in jail, he'll be recommended for a reduced sentence in exchange for his guilty plea.

The Hacker Formerly Known As ACK!3STX
Between January and March 2012, an unnamed 15-year-old boy burned the midnight oil in order to hack a remarkable 259 websites both in his home country of Austria and abroad, authorities said. Unlike financially or politically motivated attackers, the boy took a shotgun approach, breaching databases and defacing websites seemingly at random. His industriousness outran his thoroughness and Austrian police were able to take him into custody. His exact identity has been protected due to his age and the fact that Europol has launched a more detailed investigation.

The Higinio O.Ochoa Hacker "Bust"
Is exhibitionism a driving force behind hactivism? After hacking a number of U.S. law enforcement websites, a man calling himself W0rmer and professing an affiliate association with Anonymous posted a racy photo of his girlfriend wearing a sign taunting authorities in l337 speak. The FBI was able to take the image of the woman's scantily clad breasts, examine the (ahem) EXIF data of the photo, and follow GPS coordinates to Australia. From there, the trail lead back to 30-year-old Texas Linux admin Higinio Ochoa. The alleged CabinCr3w hacker was sentenced to 27 months in prison and ordered to pay $14,000 in restitution. No charges were pressed against the girlfriend, later identified as Kyle Gardner.

Pirate Bay Founder Arrg-rested: Gottfrid Svartholm
No stranger to legal dilemmas, Pirate Bay co-founder Gottfrid Svartholm found himself in even deeper waters this year. Swede Svartholm was convicted of a number of different copyright law violations in 2008, but left the country and has been threatened with jail time for failing to appear at hearings. The pressure on Svartholm increased when Swedish prosecutors announced this year that the fugitive is suspected to have participated in a hack against Logica, an IT company that works with the Swedish government. The allegations of "aggravated fraud" lead to Svartholm's arrest in his riverside apartment in Phnom Penh, Cambodia.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5619
Published: 2014-09-29
The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame.

CVE-2012-5621
Published: 2014-09-29
lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings.

CVE-2012-6107
Published: 2014-09-29
Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVE-2012-6110
Published: 2014-09-29
bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor.

CVE-2013-1874
Published: 2014-09-29
Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.