January 24, 2011

Military, University Website Access For Sale By Hacker

Looking for access to dozens of military, government, and university websites? One hacker has been discovered offering just such a doorway for $55 - $499 each. Discovered by security firm Imperva, the hacker advertises varying fees, services, and proofs for cracking into .mil, .gov, and .edu sites around the world, PC Magazine reports.

The priciest, access to the homepage of the U.S. Army, National Guard, and Army Forces, goes for $499 each, followed by access of university and governmental websites. You'll also find passes to the Italian Official Government Website for $99 or a Taiwanese educational center for $88.

According to Imperva, the hacker is also selling personal data at the going price of $20 for 1,000 names, addresses, and telephone numbers. For example, Imperva lists a censored screenshot of University of Connecticut staff members' information.

The hacker probably performed the hack through an SQL injection, Imperva says. Brian Krebs of Krebson Security said he saw the back-end evidence of the hacks and found them legit. "Amid all of the media and public fascination with threats like Stuxnet and weighty terms such as 'cyberwar,' it's easy to overlook the more humdrum and persistent security threats, such as Web site vulnerabilities."

None of these distractions however should excuse US military leaders from making sure their websites aren't trivially hackable by script kiddies," Krebs reports on his blog.

Krebs also raised concern on the nature of the websites that the hacker has managed to take down.

"I find it ironic that one of these sites allegedly for sale is the Department of Defense Pharmacoeconomic Center, which is a DoD site tasked with 'improving the clinical, economic, and humanistic outcomes of drug therapy in support of the...military health system.' In all likelihood, if access to this site is purchased, it will be by someone looking to plant links to rogue online pharmacies of the sort frequently advertised in junk e-mail," he wrote.

Elaborating more on why these websites are favorite target of the "rogues", the blogger explained, people who get paid to promote these rogue pharmacies typically do so by hacking legitimate web sites and including links back to fly-by-night pharma sites, and they particularly like dot-mil, dot-gov and dot-edu sites because search engines tend to treat links coming from those domains with more authority than random .com sites."


On the Net: