News Identity & Access Management
GhostShell Haunts Websites With SQL Injection
Admin and user accounts from websites breached and posted online
A hacker gang claims to have leaked more than a million user accounts from some 100 websites worldwide, and its weapon of choice appears to mainly be good ol' SQL injection.
The GhostShell gang on Saturday posted online what it claims are accounts and records from various financial services, consulting firms, academia, law enforcement, and the CIA. "Team GhostShell's final form of protest this summer against the banks, politicians and for all the fallen hackers this year," the post said in part. "One million accounts/records leaked. We are also letting everyone know that more releases, collaborations with Anonymous and other, plus two more projects are still scheduled for this fall and winter. It's only the beginning."
More Security Insights
- Information Protection: The Impact Of Big Data
- Cloud-based data backup: A buyer's guide - How to choose a third-party provider for development, management of your data backup solution
- Informed CIO: SDN and Server Virtualization on a Collision Course
- InformationWeek 2013 IT Spending Priorities Survey
- The Untapped Potential of Mobile Apps for Commercial Customers
- Using InfoSphere Information Server to Integrate and Manage Big Data
Researchers at Imperva say the attackers appear to have employed mostly SQL injection, but also exploited weak passwords and vulnerable content management systems. The attackers used the popular SQLmap tool, and some of the hacked databases included more than 30,000 records.
The attackers grabbed admin credentials, usernames and passwords, and files. "And the passwords show the usual ‘123456’ problem. However, one law firm implemented an interesting password system where the root password, ‘law321’ was pre-pended with your initials. So if your name is Mickey Mouse, your password is ‘mmlaw321’. Worse, the law firm didn’t require users to change the password," Rob Rachwald, director of security for Imperva said in a blog post last night.
Rachwald says many of the files came from CMS systems. "A very large portion of these files come from content management systems (CMS), which likely indicates that the hackers exploited the same CMS with a vulnerability in it that allowed a hacker to target it. However, a lot of the stolen content did NOT include any sensitive information," he says.
The main targets were banks, consulting firms, government agencies, and manufacturing companies, according to Imperva's findings.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.