Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Hackers Hit Symantec, ImageShack, But Not PayPal

Despite threats, Anonymous did not take down Facebook or Zynga on Monday. But other hackers detailed their own exploits, releasing employee credentials and source code.

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
November 5 came and went without Facebook or mobile game developer Zynga seeing their websites get taken down by promised online attacks executed by the Anonymous hacktivist collective.

In the run-up to the Guy Fawkes Night holiday -- celebrated annually in Britain and featured in the 2005 film "V for Vendetta," from which Anonymous borrows its trademark mask -- multiple Anonymous factions had promised to take down various websites, presumably via distributed denial of service (DDoS) attacks. They also threatened to release a broad swatch of Zynga's mobile games for free. None of that came to pass.

Monday was, however, a notable day for hacking attacks that didn't involve Anonymous. In particular, hacking group Hack The Planet Monday released a Pastebin post with data that the group claimed to have stolen from ImageShack, Symantec, and ZPanel. As part of the hacking "zine" the group released, it said there was also "a heap of personal information that is claimed to belong to some people that are close to the infosec and anonymous scene," which the group said it hadn't had time to fully review.

[ For more on Anonymous's threatened Guy Fawkes Day takedowns, see Anonymous Threatens Zynga, Facebook Takedowns. ]

The leaked Symantec data appears to have involved a breached database containing email addresses and apparent password hashes for 3,195 employees.

A Symantec spokesman, reached via email, said the company is investigating the alleged breach. "Symantec is aware of the claims being made online," he said. "We take each and every claim very seriously and have a process in place for investigating each incident. Our first priority is to make sure that any customer information remains protected. We are investigating these claims and have no further information to provide at this time."

Meanwhile, Hack The Planet claimed that its ImageShack hack was much more extensive than the Symantec breach: "ImageShack has been completely owned, from the ground up. We have had root and physical control of every server and router they own. For years." The group also listed, tongue in cheek, nine factors it found that illustrated "the hardened security on all of ImageShack's equipment." Among them: running "all MySQL instances as root," having outdated kernels from 2008 or earlier, hard-coding passwords into numerous files, and having "a firewall that allows outgoing backconnects." The hacking group also released a large amount of data supposedly stolen from ImageShack, including lists of file permissions and source code.

ImageShack didn't immediately respond to an emailed request for comment about whether the leaked data was genuine, or whether attackers had also deleted the site's blog, which now resolves to a page with a "not found" error.

According to Hack The Planet, its Pastebin post also includes zero-day exploit code for ZPanel, which is a free, open source Web hosting control panel for Windows, Unix, and Linux. "We have a Zero Bug attacking all the login and overlay files," Hack The Planet said, noting that the exploit code can be used to reset root passwords in the system remotely and without authentication. Interestingly, the code's author is listed as "joepie91," which is the handle of a hacker previously associated with LulzSec.

Tuesday, however, ZPanel's head developer and project leader, Bobby Allen, said in a ZPanel forum post that the exploited flaw was patched almost three months ago. "We was (sic) made aware of this bug several months back by our professional security firm 'WebSec' and we have already released a fix of which is implemented in version 10.0.1 of ZPanel," he said. "We can therefore only assume that 'Anonymous' was 'hacking' version 10.0.0 of ZPanel of which we have already released a fix for." (Again, Hack The Planet, not Anonymous, has claimed credit for the attack.) That fix was issued on August 14, 2012.

What about PayPal? Cyber War News had originally reported that the list of sites exploited by Hack The Planet included PayPal, but it later corrected that report to note that PayPal hadn't been targeted. Similarly, a PayPal spokeswoman said via email, "It appears that the exploit was not directed at PayPal after all, it was directed at a company called ZPanel." PayPal said it's found no evidence that it was hacked, or that any of its employees' data was obtained or released, as was originally reported.

That's contrary to this Monday statement issued via the Anonymous Press Twitter channel: "Paypal hacked by Anonymous as part of our November 5th protest." That post linked to a PrivatePaste file, which has since been removed, but according to news reports, Anonymous claimed to have breached 18,000 PayPal usernames and passwords. By Tuesday, however, the consensus was that the breached data belonged to another organization -- perhaps ImageShack. Was the Cyber War News report responsible for Anonymous channels getting their own news wrong?

Still, all wasn't quiet Monday on the bona fide Anonymous data breach front. Notably, the Anonymous Intelligence Agency (aka Par:AnoIA) released what it said was a preview of a "dump of internal files from the Organization for Security and Cooperation in Europe," which it said highlighted attempted election manipulation in last week's Ukrainian elections.

But the failure of so many threatened Anonymous attacks to materialize led Cult of the Dead Cow official "Oxblood Ruffin" to dub Guy Fawkes Day as "the Anonymous version of April Fools."

Attackers are increasingly using a simple method for finding flaws in websites and applications: They Google them. Using Google code search, hackers can identify crucial vulnerabilities in application code strings, providing the entry point they need to break through application security. In our report, Using Google To Find Vulnerabilities In Your IT Environment, we outline methods for using search engines such as Google and Bing to identify vulnerabilities in your applications, systems and services--and to fix them before they can be exploited. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
11/14/2012 | 11:27:12 PM
re: Hackers Hit Symantec, ImageShack, But Not PayPal
Paypal is lying. They have limited my account and are demanding to know why someone in Iran accessed my account. I have provided them with a photo ID, proof of address, confirmed my accounts and reset my password this week at their request. And they still haven't fixed it. I live in Wisconsin, my paypal account is 10 years old, I've had the same address for the last 7 years and my billing addresses all match that same address. Quite obviously, someone got a hold of my information. And it just happened to occur right after anonymous claimed to have stolen passwords. Coincidence? Ha. They are lying and just don't want people to know.
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-18
Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service
PUBLISHED: 2021-05-18
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
PUBLISHED: 2021-05-18
In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files.
PUBLISHED: 2021-05-18
A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file.
PUBLISHED: 2021-05-18
An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage