Hacker Scopes Royal Navy, The Fed

Wednesday, February 22, 2012 @ 05:02 PM gHale

A German hacker breached the official website of the Royal Navy and found holes in the U.S. Federal Reserve after finding an SQL injection vulnerability.

“The admins have been warned immediately before of this post. The vulnerable ‘parameter’ has been obscured to prevent damages from others,” the hacker wrote on Pastebin.

RELATED STORIES
Amnesty for CA Violations
Unintended Man in the Middle
Cyber Report: Bad Guys Winning
Security Best Practices will Cut Downtime

This is not the first time the Royal Navy’s website suffered a breach. A few years back, Romanian hacker TinKode also broke in, but authorities busted him last month.

D35m0nd142 also found a vulnerability on the official website of the U.S. Federal Reserve. In this case, he found 47 blind SQL injection flaws on the site’s pages.

Since university websites are among his specialties, the hacker took a peek at the security measures implemented by Arizona University, Stanford University, and an education institution in Hong Kong. From the U.S. universities he leaked some data to prove they are weak, but the Chinese school’s site ended up defaced.

This wasn’t the only defacement that targeted major Chinese sites. Thirteen Chinese government sites ended up defaced as part of an operation called OpChina.

Another hack in Asia targeted the official website of Iran’s president. On this site, he identified a cross-site scripting (XSS) vulnerability, a type of weakness that allows an attacker to execute arbitrary code.

In most of the cases, the site’s administrators got the news before D35m0nd142 published his proof-of-concepts or screenshots to prove he really did gain access.



Leave a Reply

You must be logged in to post a comment.