Hacker Smack Talk Escalates
Pharmaceutical company Shionogi suffered roughly $800,000 in damages after a disgruntled ex-employee deleted the contents of 15 virtual hosts in the IT system. The best way to prevent attacks like this is to have a proper log monitoring system, says HyTrust President Eric Chiu, though he acknowledged it would be difficult to find a back door secretly installed by someone in IT.
Aug 23, 2011 5:00 AM PT
This past week saw considerable hacker activity: AntiSec released to the Internet 1 GB worth of emails and documents stolen from the account of VanGuard Defense Industries Senior Vice President Richard Garcia.
Anonymous also breached the servers of another BART website, releasing data on about 2,000 BART riders.
This past week, a former employee of the U.S. subsidiary of Japanese pharmaceutical company Shionogi pled guilty to United States federal charges that he remotely deleted the contents of 15 virtual hosts on the company's network after he had left the firm's employ.
Finally, security vendors McAfee and Kaspersky are hurling angry exchanges over Operation Shady Rat, which McAfee announced to the world earlier this month.
The AntiSec Hack
The information AntiSec published on the Web after breaking into the account of VanGuard's Garcia includes notes about internal meetings, contracts, schematics and other sensitive information.
AntiSec reportedly exploited two outdated plug-ins in the WordPress blogging platform VanGuard uses.
The hacker community said after the hack that Garcia, who appears to have lots of IT security experience, had not changed several of his passwords.
Garcia is an executive board member of InfraGard, a joint effort between the FBI and private security contractors that remains one of AntiSec's major targets.
Garcia previously served as assistant director of the Los Angeles FBI office, and he is the former global security manager for Shell Oil, AntiSec claims.
VanGuard makes armed unmanned drones used by law enforcement, the military and private corporations in the United States, Latin America and elsewhere.
BART - Doh!
Different servers in the BART IT infrastructure were hit in two separate attacks recently.
That move was driven by the hacker community's desire for publicity, Identity Finder CEO Todd Feinman told TechNewsWorld.
A purported French woman with the online handle "Lamaline" claimed responsibility on behalf of Anonymous for the hack into the servers of the Bart Police Officers Association.
The hacker published the names, email and street addresses and email passwords of 102 association members.
Doing the Shionogi Shuffle
From the courts comes a chilling tale of long-distance retribution in the case of the U.S. subsidiary of Japanese pharmaceutical firm Shionogi.
Jason Cornish, a Georgia man who had resigned from the company, gained unauthorized access to Shionogi's network through a user account and then deleted the contents of 15 virtual hosts in the IT system, according to the U.S. Department of Justice.
The deleted servers housed most of Shionogi's American computer infrastructure, including email and BlackBerry servers, the order tracking system and financial management software. Shionogi sustained about US$800,000 worth of damage.
Cornish launched the attack from a McDonald's in Smyrna, Ga., over the wireless network provided by the fast food outlet to customers. He had secretly installed a VMware management dashboard at some point before leaving the company.
The attack was launched in retaliation for the firing of Cornish's friend and supervisor, who had hired him back as a consultant after he resigned as a full-time employee.
The best way to prevent attacks like this is to have a proper log monitoring system.
"You must ensure that your IT system logs provide adequate detail, including things such as source IP and verified user identity," Eric Chiu, founder and president of HyTrust, told TechNewsWorld. "You also need a granular description of what is actually happening, and must monitor denied actions, which could indicate that someone is fishing for vulnerabilities."
However, it would be difficult to find a back door secretly installed by someone in IT, Chiu warned.
Shady Rat Gnaws at Security Vendors
Remember Operation Shady Rat, the massive years-long campaign of cybersecurity attacks and theft of information McAfee recently announced with much fanfare?
Some security experts decried the announcement as containing nothing new and suggested McAfee was seeking publicity.
Eugene Kaspersky's blog was particularly hard hitting, dismissing McAfee's claims as being "largely unfounded and not a good measure of the real threat level," among other things.
McAfee spokesperson Heather Edell pointed TechNewsWorld to a tweet by Dmitriy Alperovitch, McAfee's vice president of threat research and the person who announced Shady Rat, in response.
Alperovitch is "the only one who can really take the lead" on answering TechNewsWorld's questions, and he was out of the country and unavailable, Edell said.
The slapfest between the two vendors continues.