Attackers Breach Servers Of Security Firm

By Author: Peter Martin
Total Articles: 211
Comment this article

Recently, attackers intruded into the networks of a security firm and extracted loads of confidential information. The attack was launched on security firm HBGary Federal. The Anonymous group, which has been in the news off late for initiating distributed denial-of-service (DDoS) attacks on websites of Amazon, MasterCard, Visa, PayPal has claimed responsibility for the intrusion. The attack was carried out after reports that HBGary Federal has uncovered the hierarchy of the group and is planning to share the details later in a conference.

The members of the infamous group exploited the vulnerabilities on a weak web server and extracted over 60,000 business e-mail accounts. The details were posted on file sharing networks. The attackers also took control of the twitter account of security firm's CEO, Aaron Barr and compromised LinKedin accounts of senior executives of the company. Attackers also posted several offensive messages on the compromised twitter account and revealed confidential information such as social security number, home address and contact number. The attackers have also allegedly deleted the backups ...
... of the company. The attackers also took control of a security research site rootkit.com by using social engineering techniques to extract information from a security administrator. The site is operated by the CEO of HBGary, Greg Hoglund. HBGary co-owns the security firm.

The group also exposed a 23-page document, which allegedly contained details regarding the Anonymous group. The attackers asserted that most of the information contained in the document is available on the IRC networks and pose no harm to the group. The website of the company has been defaced.

The Anonymous group has been repeatedly making headlines ever since they launched DDoS attacks on several websites for withdrawing their support for WikiLeaks. In the recent days, the Anonymous group attacked the government websites of Egypt, Tunisia and Italy.

Information security is critical for continuous business operations. The members of the infamous group have not only exposed the vulnerabilities of the security firm's IT infrastructure, but have also showcased their attacking skills.

Organizations must regularly test the strength of the information infrastructure through ethical hacking techniques and eradicate the weaknesses before their exploitation by attackers.

The vibrant threats in the IT environment require proactive action. Information security professionals must enlighten and train the employees on latest security threats to prevent inadvertent disclosures to cybercriminals.