Attacks/Breaches
11/8/2011
03:45 PM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous Hacks Wal-Mart, CapitalOne, Finland, El Salvador

Releases troves of stolen data, some of unknown origin, and issues call for mass disruptions of the Iowa caucuses.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
It's been a busy few days for the hacktivist collective known as Anonymous.

On Saturday, Anonymous released data it had stolen after hacking the websites of CapitalOne and Wal-Mart. According to Anonymous, its data dump includes information on everyone from Warren Buffet and Michael Bloomberg to Monsanto CEO Hugh Grant and embattled ex-Harvard president and former Obama financial advisor Lawrence Summers.

Also on Saturday, the group released a YouTube video calling for people to occupy "campaign offices of presidential headquarters in Des Moines, Iowa," come December, in a bid to disrupt the Iowa caucuses in January. The Anonymous communication accused both the Democratic and Republican parties of "committing crimes against humanity on behalf of American people" and destroying "the American democracy." As a result, the group said that it was extending "Operation Empire State Rebellion"--a nod to the Occupy Wall Street movement, which it has been supporting with hack attacks--to Iowa.

Meanwhile, on Monday, officials in El Salvador disclosed that Anonymous had launched a cyber attack against government websites there, two weeks ago. All told, the distributed denial of service (DDoS) attack flooded government websites with a total of 30 million hits, reported AFP. The government said it took the websites offline until the attack had subsided.

[A former Anonymous hacker offers security tips. See 14 Enterprise Security Tips From Anonymous Hacker.]

On Saturday in Finland, officials discovered that Anonymous had released a data dump involving information on 16,000 Finns, but from an unknown website or websites. "We still do not know if the data has been collected by breaking into the services, or if some other method of obtaining information has been used. In the related Internet conversations there is a rumor circulating, according to which this would be a list for adult education marketing purposes," Mikko Hypponen, chief research officer at Finland's F-Secure, told the Finnish newspaper Helsingin Sanomat on Tuesday.

The newspaper said that the released data includes "the names, full social security numbers, addresses, telephone numbers, street addresses, and email addresses of the victims." Government officials said the list seems to combine information from multiple higher-education institutions, including the country's police college.

Again in Finland, Anonymous claimed on Monday to have hacked a database that stores requests for joining the mailing list for the website of a far-right political party in Finland. The Suomen Kansallinen Vastarinta (SKV) party, according to one Finland commentator, Enrique Tessieri, espouses the position of "many neo-Nazi organizations in Europe, who live in a delusionary views about racial purity that date back to Germany and Europe of the 1930s."

The Anonymous exploits in El Salvador, Finland, and the United States follow recent, claimed attacks against numerous Israeli government websites, as well as a campaign--later called off--against Mexico's Zetas drug cartel.

In other words, various parts of Anonymous have been busy lately, quite possibly due to it having been Guy Fawkes Day on November 5. The day holds special significance for the collective, which has incorporated graphic novelist Alan Moore's V For Vendetta take on the day, which transformed Fawkes, a religious zealot bent on exploding the British Parliament, into a modern crusader against a corrupt, totalitarian government, sporting what's now become the trademark Anonymous mask. (As also featured in the film version.) However, as noted in a recent Guardian story, there's no small irony in the fact that a portion of the sale of every mask goes to Warner Brothers, which is part of TimeWarner, which is part of the Motion Picture Association of America, which promotes an anti-online-piracy ethos that's decidedly not part of the Anonymous philosophy.

[Update: Capital One has contacted InformationWeek with a correction to this story: "Capital One's site was under a scheduled routine maintenance on Saturday evening. This was something we controlled and our customers were still able to access online account servicing and complete their transactions. The news that our website was hacked is inaccurate and at no time were our customers unable to transact," the spokesman said.]

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-2595
Published: 2014-08-31
The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which all...

CVE-2013-2597
Published: 2014-08-31
Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that lever...

CVE-2013-2598
Published: 2014-08-31
app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory ...

CVE-2013-2599
Published: 2014-08-31
A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption pas...

CVE-2013-6124
Published: 2014-08-31
The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary fil...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.