In the shadow of the Flame, Warner Bros, China Telecom & US Navy hacks

What’s happening while the world’s attention is on Flame malware?

The cyberspace is a very turbulent place where groups of hackers daily attack governments and private industries. Governments, hacktivist, cybercrime opposing forces facing each other on the same board, a game of chess where the outcome is unpredictable and no shortage of twists. Stuxnet, Flame are striking examples of how much offensive can be a cyber operation, but let’s not forget the numerous 0-day that are daily discovered, sold, exploited for money or power.

Moment just after events like Flame case are dominated by confusion, news and denies are spread on the press and internet while the cyber battle is still continuing.

Well let’s seen what is really happened in the shadow of the Flame attacks, we have registered a couple of attacks very meaningful that demonstrate that is impossible let the guard down.

A bombastic news has been published yesterday internet regarding the hacks made by a group that have broken into the networks of Warner Bros. and China Telecom, as usually publishing documents and login credentials stolen during the attacks.

The group known as SwaggSec (Swagg Security) has announced the hack on Twitter and publishing messages on Pastebin and links to the stolen files on Pirate Bay, following the Anonymous style.

The group is not new to similar exploit, in February it hacked Foxconn firm stealing usernames, passwords, and other private information. This time the group claims to have stolen more than 900 admin credential during the hack of China Telecom.

“China Telecom’s SQL server had an extremely low processing capacity, and with us being impatient, after about a month straight of downloading, we stopped,”

the Pastebin post said.

“However, a few times we accidentally DDoS’d their SQL server. I guess they thought nothing of it, until we left them a little message signed by SwaggSec.”

The group also left a scaring message

“At any moment, we could have and still could destroy their communication infrastructure leaving millions without communication,”

The situation was different in the case of the hack of Warner Bros., an attack very simple standing to the announcement of the group due a low level of security of IT infrastructures of the company. Seems that the company was aware of the principal vulnerabilities of their system but lack of patching opened the way to the exploit. The hackers have discovered in the Warner Bros network a presentation, prepared by the Technical Operations department, for a security audit.

The group declared:

“When we hacked their intranet, we were surprised to see their IT department’s well documented ‘confidential’ data about the ‘critical vulnerabilities’ on their servers and sites,”

“However, their IT department’s ignorance to fix any of the vulnerabilities they were aware about, granted us complete access to their servers.”

According to rumors it is incredible the long list of vulnerabilities enumerated, mainly the lack of appropriate authentication processes to controll the accesses to reserved areas. The main concern is the many of the discovered vulnerabilities could be used in the next future agaist the company, considering  the dimention of the company it is quite difficult to fix all the vulnerabilities found before they will be exploited.

In both hacks we have discussed we must consider the future impacts on the infrastructure of the victims, information stolen for example could be used to further a phishing attack against the organizations.

Meanwhile private industry was under attack, same fate is reserved for military environment, a hacker called Comrade (.c0mrade) claimed to have breached the US Navy’s official site and he has stolen a partial list of personal information and data publishing them on Pastebin.

The hacker in this case is apparently motivated by different intents, he desire to demonstrate that the system of its country is not secure:

“I’m going to be gracious here and not release the rest of the database as it features far more updated content,” the hacker said

“Yes, we had complete control of the server a couple of summers ago, and yes, this can easily be retained, but frankly, I’ve got mad respect for anybody serving our country. The sole purpose of this intrusion was to let the government know that nothing is impenetrable.”

Many experts are afraid that the hacker could expose in the future the remaining credential not yet published, anyway the breach highlighted the weakness of the used passwords. Comrade is also responsible for the hack of the Brazilian virtual Habbo Hotel website an online games that implements a virtual world and a social networking site aimed at teenagers.

The events described demonstrate how much harmful could be a cyber attack in private sector and in the military one, the scenarios showed are characterized by inefficient level of security that could open the doors to future attacks compromising the business of a companies or the security of a governments organization.

Both companies and the US Navy corp. were victims of data breach with demonstrative intent, but it must considered that similar incidents could allow cyber espionage activities along the years, a terrifying scenario already seen.

Pierluigi Paganini