News Identity & Access Management

GhostShell Haunts Websites With SQL Injection

Kelly Jackson Higgins

See more from Kelly
Connect directly with Kelly: Bio  |  Contact

Admin and user accounts from websites breached and posted online

Kelly Jackson Higgins August 28, 2012

A hacker gang claims to have leaked more than a million user accounts from some 100 websites worldwide, and its weapon of choice appears to mainly be good ol' SQL injection.

The GhostShell gang on Saturday posted online what it claims are accounts and records from various financial services, consulting firms, academia, law enforcement, and the CIA. "Team GhostShell's final form of protest this summer against the banks, politicians and for all the fallen hackers this year," the post said in part. "One million accounts/records leaked. We are also letting everyone know that more releases, collaborations with Anonymous and other, plus two more projects are still scheduled for this fall and winter. It's only the beginning."

More Security Insights

White Papers
More >>
Reports
More >>
Webcasts
More >>

Researchers at Imperva say the attackers appear to have employed mostly SQL injection, but also exploited weak passwords and vulnerable content management systems. The attackers used the popular SQLmap tool, and some of the hacked databases included more than 30,000 records.

The attackers grabbed admin credentials, usernames and passwords, and files. "And the passwords show the usual ‘123456’ problem. However, one law firm implemented an interesting password system where the root password, ‘law321’ was pre-pended with your initials. So if your name is Mickey Mouse, your password is ‘mmlaw321’. Worse, the law firm didn’t require users to change the password," Rob Rachwald, director of security for Imperva said in a blog post last night.

Rachwald says many of the files came from CMS systems. "A very large portion of these files come from content management systems (CMS), which likely indicates that the hackers exploited the same CMS with a vulnerability in it that allowed a hacker to target it. However, a lot of the stolen content did NOT include any sensitive information," he says.

The main targets were banks, consulting firms, government agencies, and manufacturing companies, according to Imperva's findings.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins

See more from Kelly
Connect directly with Kelly: Bio  |  Contact

Related Reading

News

Commentary

Most Popular

On the Web

More On the Web»

Slideshow

Dark Reading Discussions

Start the Discussion


InformationWeek encourages readers to engage in spirited, healthy debate, including taking us to task. However, InformationWeek moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. InformationWeek further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.