WHID ID Entry Title Incident Description Reference Date Occurred

Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
Zee Media Corporation Limited website has been hacked. Bangladeshi hackers
group “SYSTEMADMINBDˮ is behind the cyber hack which accuses the publication
2024-033 of mocking the situation in Bangladesh.
WHID 2024-033: Zee Media website hacked, accused of making ‘fun of the situation’ in Bangladesh https://www.msn.com/en-in/news/world/zee-media-website-hacked-accused-of-making-fun-of-the-situation-in-bangladesh/ar-AA1pdAqp?ocid=BingNewsVerp 8/21/2024 Unknown Unknown Defacement Media SYSTEMADMINBD
Decentralized finance DeFi crypto exchange dYdX announced on Tuesday that the
2024-032 WHID 2024-032: DeFi exchange dYdX v3 website hacked in DNS hijack attack website for its older v3 trading platform has been compromised. https://www.bleepingcomputer.com/news/security/defi-exchange-dydx-v3-website-hacked-in-dns-hijack-attack/? 7/23/2024 DNS Hijacking Insufficient AuthenticationDowntime Finance
Bangladesh Chhatra Leagueʼs official website (https://bsl.org.bd/) has been hacked
amid nationwide protests by students and job seekers calling for reforms to the
2024-031 WHID 2024-031: Bangladesh Chhatra League website hacked amid nationwide unrest quota system for government jobs. https://bdnews24.com/bangladesh/46a284fbc631 7/18/2024 Unknown Unknown Defacement Politics
A short time later, Times of Malta's website was overwhelmed by connection
requests, forcing it offline.

The attack, known as a Distributed Denial of Service, or DDoS, overloaded Times of

Malta servers and breached existing protections in place, causing the website to go
offline for most readers for around 45 minutes at its peak, after the Telegram group
2024-030 WHID 2024-030: Russian hackers claim Times of Malta website attack, threaten others was instructed to "attack". It continued until 10am on Tuesday. https://timesofmalta.com/articles/view/russian-hackers-claim-times-malta-website-attack-threaten-others.1082544 2/8/2024 Denial of Service Insufficient Anti-Automation
Downtime Media
Chinese state-sponsored hackers have breached the Dutch Ministry of Defense
MOD) last year and deployed a new remote access trojan RAT) malware to serve
2024-029 WHID 2024-029: Chinese hackers breached Dutch Ministry of Defense as a backdoor. https://www.helpnetsecurity.com/2024/02/07/chinese-hackers-dutch-mod/ 2/7/2024 Remote Code ExecutionImproper Input Validation Planting of malware Government
CVE202421893, a server-side request forgery SSRF) vulnerability affecting Ivanti
Connect Secure VPN gateways and Policy Secure (a network access control
2024-028 WHID 2025-028: Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893)solution), is being exploited by attackers. https://www.helpnetsecurity.com/2024/02/07/cve-2024-21893-exploited/ 2/7/2024 Server Side Request Forgery
Improper Input Validation Webshells Multiple
CloudFlare Servers Were Hacked on Thanksgiving Day Using Auth Tokens Stolen in
2024-027 WHID 2024-027: Cloudflare Hacked After State Actor Leverages Okta Breach Okta Breach. https://www.hackread.com/cloudflare-hacked-state-actor-okta-breach/ 2/2/2024 Session Hijacking Insufficient AuthenticationAccount takeover Technology
An unexpected outage has downed the countyʼs phone systems and brought certain
online transactions to a halt, including those filing property tax, firearms and
2024-026 WHID 2024-026: Cyberattack hits Georgia county where Trump is charged marriage licenses https://theedgemalaysia.com/node/699040 1/30/2024 Denial of Service Insufficient Anti-Automation
Downtime Government
The network fell victim to a Distributed Denial of Service DDoS) attack, resulting in
prolonged withdrawal times and sluggish network performance. Despite this
WHID 2024-025: Manta Network Faces DDoS Attack Shortly After Token Issuance disruption, Mantaʼs developers have assured users that their funds remain secure,
2024-025 and efforts are underway to resolve the situation. https://www.cryptopolitan.com/manta-network-faces-ddos-attack-shortly/ 1/19/2024 Denial of Service Insufficient Anti-Automation
Downtime Finance
Swiss websites were hit by a wave of distributed denial-of-service DDoS) attacks
2024-024 WHID 2024-024: Swiss websites hit by DDoS attacks during World Economic Forum in Davos this week, likely orchestrated by pro-Russian hackers. https://therecord.media/swiss-websites-targeted-ddos-attacks-davos 1/18/2024 Denial of Service Insufficient Anti-Automation
Downtime Government
Starting in 2021, the suspect infected the servers of “one of the world's largest e-
commerce companiesˮ by hacking 1,500 accounts of a subsidiary, the police said.
The attacker used self-developed software for an automatic password-testing
2024-023 WHID 2024-023: Ukrainian arrested for infecting US cloud provider with cryptomining malware method known as a brute force attack. https://therecord.media/ukraine-arrests-suspect-cryptojacking-cloud-resources 1/15/2024 Brute Force Insufficient Anti-Automation
Account takeover Technology
Several prominent organizations in Lithuania, including Compensa Vienna Insurance
Group, If Insurance, Lithuanian Roads Association, AD REM, INIT, and Balticum, have
allegedly fallen victim to the NoName attack. The threat actors, identified as the NoName
ransomware group, have been actively sharing posts detailing the impact of the
2024-022 WHID 2024-022: NoName Targets Multiple Websites in Lithuania, Blames it for Aiding Ukraine cyberattack on Lithuania websites. https://thecyberexpress.com/cyberattack-on-lithuania-websites/ 1/15/2024 Denial of Service Insufficient Anti-Automation
Downtime Health
Over 6,700 WordPress websites fell victim to a sophisticated cyber campaign deploying
2024-021 WHID 2024-021: Over 6,700 WordPress Sites Spotted Using Plugin Infected by New Balada Injector
the notorious
Malware Balada Injector malware. https://www.techtimes.com/articles/300560/20240112/over-6-700-wordpress-sites-spotted-using-plugin-infected-new.htm 1/12/2024 Cross-site Scripting (XSS)
Improper Output HandlingPlanting of Malware CMS
The non-password protected documents were in three separate cloud storage buckets
and totaled 4,024,001 records. Upon further research, the documents indicated the
database belonged to a Texas-based school security company called Raptor
2024-020 WHID 2024-020: Raptor School Safety Software Breach Exposed 4 Million Records Including Highly
Technologies.
Sensitive Data https://www.vpnmentor.com/news/report-raptortech-breach/ 1/11/2024 Forceful Browsing Insufficient AuthenticationData breach Education

Ivanti confirms active zero-day exploits, ships pre-patch mitigations, but says Ivanti CVEs CVE-2023-46805
2024-019 WHID 2024-019: Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days comprehensive fixes won’t be available until January 22. https://www.securityweek.com/volexity-catches-chinese-hackers-exploiting-ivanti-vpn-zero-days/ 1/10/2024 RCE Improper Input Handling Webshell Education CVE-2024-21887
The Securities and Exchange Commission said Tuesday an “unknown party” had hacked
its official account on the social media platform X to promote bitcoin, the latest of multiple
2024-018 WHID 2024-018: Hackers seize control of SEC’s X account to promote crypto hacks used to push cryptocurrencies. https://www.washingtonpost.com/technology/2024/01/09/sec-hack-x-crypto/ 1/10/2024 Brute Force Insufficient AuthenticationAccount takeover Social
Online retailer The Iconic has pledged to issue full refunds to customers who have been
left out of pocket following a rise in hackers using stolen login details to access their
accounts.

The company confirmed it had seen a spike in “credential stuffing” – a method of attack in
which hackers use lists of compromised user credentials, such as email and password
2024-017 WHID 2024-017: The Iconic promises to issue refunds to hacked customers combinations exposed in separate data breaches, to breach other systems. https://www.smh.com.au/business/companies/the-iconic-promises-to-issue-refunds-to-hacked-customers-20240109-p5ew1c.html 1/9/2024 Brute Force Insufficient Anti-Automation
Account takeover Retail
LoanDepot, a major player in the mortgage lending industry, has fallen victim to a cyber
incident, marking the fourth cyberattack on a real estate industry organization in recent
months.

The company issued a statement to its customers on its official website, acknowledging
the cyberattack on loanDepot and revealing that specific systems have been taken offline
2024-016 WHID 2024-016: loanDepot Cyberattack: Critical Systems Offline as Rapid Response Unfolds as part of their efforts to address the situation promptly. https://thecyberexpress.com/cyberattack-on-loandepot-system-goes-offline/ 1/9/2024 Unknown Unknown Downtime Finance
Over the weekend, the Maldives faced a cyberattack, resulting in the temporary
unavailability of the official websites of the President’s office, Foreign Ministry, and
Tourism Ministry. Users attempting to access these sites encountered disruptions for
2024-015 WHID 2024-015: Cyberattack Hits Maldives Government: Websites Recover Amid Diplomatic Tensions several hours on Saturday night. https://thecyberexpress.com/cyberattack-on-maldives-government/ 1/8/2024 Denial of Service Insufficient Anti-Automation
Downtime Government
An official at the Bangladesh Election Commission has claimed that a cyberattack “from
Ukraine and Germany” caused an election information app to crash as voters went to the
2024-014 WHID 2024-014: Bangladesh official alleges cyberattack ‘from Ukraine and Germany’ targeted election
polls on Sunday. https://therecord.media/bangladesh-election-information-app-alleged-cyberattack 1/8/2024 Denial of Service Insufficient Anti-Automation
Downtime Government
The most common targets of the sellers of gold X accounts are organizational accounts
that have remained dormant since before 2022. One of the techniques they try is to brute
force the credentials of these accounts using credential stuffing tools like Open Bullet,
SilverBullet, and SentryMBA. Once a complete account takeover is done through changing
recovery email and contact details, the thieves pay to convert the account to gold status,
and put it up for sale.
2024-013 WHID 2024-013: Hacked X accounts with gold checkmarks are for sale on the dark web, says study https://www.csoonline.com/article/1287695/hacked-x-accounts-with-gold-checkmarks-are-for-sale-on-the-dark-web-says-study.html 1/5/2024 Brute Force Insufficient Anti-Automation
Account takeover Social
Orange Spain has suffered a major outage earlier this week after a threat actor going by
the alias “Snow” obtained a “ridiculously weak” password for an account that manages the
2024-012 WHID 2024-012: Orange Spain taken offline following massive cyberattack caused by "ridiculously weak"
global password
routing table and controls the networks that deliver the company’s internet traffic. https://www.techradar.com/pro/security/orange-spain-taken-offline-following-massive-cyberattack-caused-by-ridiculously-weak-password 1/5/2024 Stolen Credentials Insufficient AuthenticationDowntime Technology
The hacking group Phoenix has claimed responsibility for a Distributed Denial of Service
(DDoS) attack on the website of the US Congress. The hacker group posted a message
asserting that the congressional website had been disabled, specifically targeting pages
2024-011 WHID 2024-011: Alleged Phoenix Group DDoS Attack Disrupts US Congress Website related to lobbying and online reporting in the United States. https://thecyberexpress.com/phoenix-hit-us-congress-website-in-ddos-attack/ 1/5/2024 Denial of Service Insufficient Anti-Automation
Downtime Government Pheonix
The data breach started with hackers accessing only around 14,000 user accounts. The
hackers broke into this first set of victims by brute-forcing accounts with passwords that
were known to be associated with the targeted customers, a technique known as
2024-010 WHID 2024-010: 23andMe tells victims it’s their fault that their data was breached credential stuffing. https://techcrunch.com/2024/01/03/23andme-tells-victims-its-their-fault-that-their-data-was-breached/ 1/3/2024 Brute Force Insufficient Anti-Automation
Account takeover Health
A few days later, DoorDash said it confirmed Rivas' account had been taken over by a
hacker and that it believed the vulnerability may have caused by her personal email
2024-009 WHID 2024-009: DoorDash hacker took hundreds of dollars from her account account. https://www.nbcsandiego.com/nbc-7-responds-2/doordash-hacker-took-hundred-from-her-account-says-oceanside-mom/3394218/ 1/3/2024 Unknown Insufficient AuthenticationAccount takeover Technology
Google-owned security firm Mandiant spent several hours trying to regain control of its
account on X (formerly known as Twitter) on Wednesday after an unknown scammer
hijacked it and used it to spread a link that attempted to steal cryptocurrency from people
2024-008 WHID 2024-008: Mandiant, the security firm Google bought for $5.4 billion, gets its X account hacked
who clicked on it. https://arstechnica.com/security/2024/01/hacked-x-account-for-google-owned-security-firm-mandiant-pushes-cryptocurrency-scam/ 1/3/2024 Unknown Unknown Account takeover Social
A threat actor has come forward claiming to have leaked a database and executed SQL
2024-007 WHID 2024-007: Hacker Threatens Colima State Congress with Database Leak injection for the H. Congress of the State of Colima in Mexico https://thecyberexpress.com/h-congress-of-the-state-of-colima-data-breach/ 1/4/2024 SQL Injection Improper Input Handling Data breach Government
A serious exploit affecting Google services that is being used to grant threat actors access
2024-006 WHID 2024-006: This dangerous malware is able to hijack your Google Account by reviving cookies to Google Accounts has been uncovered by cybersecurity company CloudSEK. https://www.techradar.com/pro/security/this-dangerous-malware-is-able-to-hijack-your-google-account-by-reviving-cookies 1/1/2024 Cookie Stealing Insufficient AuthenticationAccount takeover Technology
Hudson Researchers reported that on December 20th, a hacker using the moniker ‘irleaks’
announced the availability for sale of over 160,000,000 records allegedly stolen from 23
2024-005 WHID 2024-005: MULTIPLE ORGANIZATIONS IN IRAN WERE BREACHED BY A MYSTERIOUS HACKER
leading insurance companies in Iran. https://securityaffairs.com/156761/hacking/multiple-organizations-iran-hacked.html 1/1/2024 Unknown Unknown Data breach Technology
Victoria's court system has been hit by a ransomware attack, which an independent expert
believes was orchestrated by Russian hackers.

A spokesperson for Court Services Victoria (CSV) said hackers accessed an area of the
court system's audio-visual archive. That would mean recordings of hearings including
2024-004 WHID 2024-004: Cyber attack on Victoria's court system may have exposed recordings of sensitive
witness
casestestimony from highly sensitive cases may have been accessed or stolen. https://www.abc.net.au/news/2024-01-02/victoria-court-system-targeted-in-cyber-attack-russian-hackers/103272118 1/1/2024 Unknown Unknown Data breach Government
Nepal government’s main server has faced cyberattacks leading to disruptions of
2024-003 WHID 2024-003: Government’s main server faces cyberattacks hundreds of government websites across the country on Monday. https://kathmandupost.com/national/2024/01/01/government-s-main-server-faces-cyberattacks 1/1/2024 Denial of Service Insufficient Anti-Automation
Downtime Government
Users of the live streaming app might encounter service disruptions, rendering it
inaccessible for watching live streams.
2024-002 WHID 2024-002: Anonymous Sudan Allegedly Attacks Twitch, But Is It Real? https://thecyberexpress.com/cyberattack-on-twitch/ 1/1/2024 Denial of Service Insufficient Anti-Automation
Downtime Technology Anonymous Sudan
The notorious NoName ransomware group, believed to have Russian connections, has
reportedly launched a series of cyberattacks targeting several Finnish government
organizations in its latest spree. As a consequence of these alleged NoName cyberattacks
on Finland-based entities, the websites of multiple victims experienced temporary
2024-001 WHID 2024-001: Alleged DDoS Rampage: NoName Targets Multiple Finnish Organizations inaccessibility. https://thecyberexpress.com/noname-cyberattacks-on-finland/ 1/1/2024 Denial of Service Insufficient Anti-Automation
Downtime Government NoName
An hours-long disruption that affected the websites of Singapore's public healthcare
WHID 2023-015: Hours-long disruption to Singapore public hospitals' websites caused by DDoS institutions
attack on Wednesday (Nov 1) was caused by a distributed denial-of-service (DDoS)
2023-015 attack. https://www.channelnewsasia.com/singapore/hospital-websites-hours-long-disruption-synapxe-ddos-attacks-3894866 11/1/2023 Denial of Service Insuffucient Anti-Automation
Downtime Medical
Okta says attackers who breached its customer support system last month gained access
to files belonging to 134 customers, five of them later being targeted in session hijacking
2023-014 WHID 2023-014: Okta breach: 134 customers exposed in October support system hack attacks with the help of stolen session tokens. https://www.bleepingcomputer.com/news/security/okta-breach-134-customers-exposed-in-october-support-system-hack/ 9/28/2023 Unknown Unknown Data breach Technology Files on 134 customers
The Associated Press reports that its news website was impacted by an outage believed
2023-013 WHID 2023-013: Suspected DDoS attack impacts AP news site to be caused by a distributed denial-of-service attack. https://www.scmagazine.com/brief/suspected-ddos-attack-impacts-ap-news-site 10/31/2023 Denial of Service Insufficient Anti-Automation
Downtime Media Anonymous Sudan
A known ransomware gang has taken credit for the highly disruptive cyberattack on MGM
Resorts, and the hospitality and entertainment giant has yet to restore many of the
2023-012 WHID 2023-012: RANSOMWARERansomware Gang Takes Credit for Disruptive MGM Resorts Cyberattackimpacted systems. https://www.securityweek.com/ransomware-gang-takes-credit-for-highly-disruptive-mgm-resorts-attack/ 9/10/2023 Social Engineering Insufficient employee training
Downtime Hospitality ALPHV (aka BlackCat)
Falzon says Haider, and other Tesla owners, should set up multi-factor authentication
which could have prevented the hack. It requires users to go through additional steps to
access their accounts.

“This is really a cybersecurity issue related to authentication. Not so much specific to the
vehicle itself,” Falzon said, noting as more vehicles move to app-based access, this won’t
2023-011 WHID 2023-011: Tesla owner warning others after being locked out of car, account hacked be a problem for just Tesla owners. https://toronto.citynews.ca/2023/08/23/tesla-owner-car-account-hacked/ 8/23/2023 Unknown Insufficient AuthenticationAccount takeover Automotive
“Since publishing, Daily Maverick has been subjected to a distributed denial of service
(DDoS) attack,” the publication said on X (formerly Twitter).

” A DDoS attack is described as a malicious attempt to disrupt the normal traffic of a

targeted server, network or website by overwhelming the target or its surrounding
infrastructure with a flood of internet traffic,” it explained.

“Several hours ago, the site suddenly went down. We picked it up very quickly and started
identifying a massive distributed denial of service (DDoS) attack. We investigated and
found it was coming from a whole host of Indian servers,” said Daily Maverick’s security
2023-010 WHID 2023-010: South African News Website Says it Faced Cyber Attack After Publishing Report
coordinator
on Modi at 11:30 pm IST on Wednesday. https://thewire.in/media/south-african-news-website-says-it-faced-cyber-attack-after-publishing-report-on-modi 8/23/2023 Denial of Service Insufficient Anti-Automation
Downtime Media
Fraudsters have used hacked credentials to claim more than half a billion dollars from the
tax office, by creating false myGov accounts and linking them to the files of genuine
2023-009 WHID 2023-009: Scammers steal $500m from tax office taxpayers. https://www.thesaturdaypaper.com.au/post/max-opray/2023/07/26/scammers-steal-500m-tax-office 7/26/2023 Stolen Credentials Insufficient AuthenticationMonetary Loss Government
2023-008 WHID 2023-008:Outlook.com hit by outages as hacktivists claim DDoS attacks Outlook.com hit by outages as hacktivists claim DDoS attacks https://www.bleepingcomputer.com/news/microsoft/outlookcom-hit-by-outages-as-hacktivists-claim-ddos-attacks/ 6/5/2023 Denial of Service Insufficient Anti-Automation
Downtime Technology Anonymous Sudan
In a bid to safeguard its users from ongoing phishing attacks, Terra.money has taken the
proactive step of freezing its website temporarily. The attackers managed to compromise
the Terra website and exploited it for phishing scams, endangering the platform’s users. In
response, Terra swiftly froze its domains associated with the platform, halting the
2023-007 WHID 2023-007: Terra.money Freezes Website Amid Phishing Scam Concerns proliferation of user-targeted phishing scams. https://coinwire.com/terramoney-freezes-website-amid-phishing-scam-concern/ 8/19/2023 Unknown Unknown Phishing Finance
Cleaning product giant Clorox announced a cybersecurity incident this week that forced it
to take several systems offline.

The company – which reported more than $7 billion in earnings in 2022 through its
namesake cleaning product and several others like Pine Sol, Burt’s Bees and more –
reported the incident in regulatory filings with the U.S. Securities and Exchange
2023-006 WHID 2023-006: Clorox takes servers offline, notifies law enforcement after ‘unauthorized activity’
Commission (SEC) Monday. https://therecord.media/clorox-takes-servers-offline-after-cyber-incident 8/15/2023 Unknown Unknown Downtime Retail
The prime minister's official website on Tuesday morning showed a "service is
unavailable" error when checked by Reuters. Trudeau said the cyber attacks were an
"unsurprising" act by Russian hackers.

"We are aware of reports that some Government of Canada websites have been offline," a
spokesperson for Canada's Communications Security Establishment (CSE) said in a
statement, and echoed Trudeau's comment that it not an uncommon occurrence in
2023-005 WHID 2023-005: Canada vows more military aid for Ukraine as PM's website hacked countries hosting visits by Ukrainian government officials. https://www.reuters.com/world/canada-pledges-fresh-military-aid-ukraine-sanctions-russia-2023-04-11/ 4/11/2023 Unknown Unknown Downtime Government
Cybersecurity researchers disclosed on Friday that a group of hackers had aimed their
sights at more than 1,000 Indian websites as part of a campaign aligned with
Independence Day, tagged as OpIndia. The orchestrated effort involved hacktivist
collectives from diverse nations and employed a variety of techniques, including
Distributed Denial of Service (DDoS) attacks, defacement assaults, and takeovers of user
2023-004 WHID 2023-004: Hackers target over 1,000 Indian websites as part of malicious Independence Day
accounts,
campaignas detailed by the CloudSEK team. https://www.businesstoday.in/technology/news/story/hackers-target-over-1000-indian-websites-as-part-of-malicious-independence-day-campaign-394740-2023-08-19 8/18/2023 Unknown Unknown Account takeover Finance OpIndia
Cybersecurity researchers disclosed on Friday that a group of hackers had aimed their
sights at more than 1,000 Indian websites as part of a campaign aligned with
Independence Day, tagged as OpIndia. The orchestrated effort involved hacktivist
collectives from diverse nations and employed a variety of techniques, including
Distributed Denial of Service (DDoS) attacks, defacement assaults, and takeovers of user
2023-003 WHID 2023-003: Hackers target over 1,000 Indian websites as part of malicious Independence Day
accounts,
campaignas detailed by the CloudSEK team. https://www.businesstoday.in/technology/news/story/hackers-target-over-1000-indian-websites-as-part-of-malicious-independence-day-campaign-394740-2023-08-19 8/18/2023 Unknown Unknown Defacement Education OpIndia
Cybersecurity researchers disclosed on Friday that a group of hackers had aimed their
sights at more than 1,000 Indian websites as part of a campaign aligned with
Independence Day, tagged as OpIndia. The orchestrated effort involved hacktivist
collectives from diverse nations and employed a variety of techniques, including
Distributed Denial of Service (DDoS) attacks, defacement assaults, and takeovers of user
2023-002 WHID 2023-002: Hackers target over 1,000 Indian websites as part of malicious Independence Day
accounts,
campaignas detailed by the CloudSEK team. https://www.businesstoday.in/technology/news/story/hackers-target-over-1000-indian-websites-as-part-of-malicious-independence-day-campaign-394740-2023-08-19 8/18/2023 Denial of Service Insufficient Anti-Automation
Downtime Government OpIndia
The Patriot Legal Defense Fund website, seemingly established to support aides and
employees of former President Donald Trump with their rapidly increasing legal expenses,
has been hacked. The home page has been defaced to strike through Trump’s name and
add an “America Is Already Great!” strapline. But the hacker has altered far more than just
2023-001 WHID 2023-001: Has Trump’s Patriot Defense Legal Fund Website Been Hacked? the banner. https://www.forbes.com/sites/daveywinder/2023/08/20/has-trumps-patriot-defense-legal-fund-website-been-hacked/?sh=1702ea002332 8/18/2023 Unknown Unknown Defacement Politics
Well, it appears that the hate for Epic Games’ recent decisions has led to some individual
2019-003 WHID 2019-003: Official Fortnite Twitter account has been hacked taking inappropriate measures against the official Fortnite Twitter account. https://fortniteintel.com/official-fortnite-twitter-account-has-been-hacked/15266/ 4/3/2019 Unknown Unknown Account Takeover Social
Threat actor Magecart has infiltrated over 800 e-commerce sites with card skimming
2019-002 WHID 2019-002: Ticketmaster Breach Part of Massive Payment Card Hacking Campaign software installed on third-party software components, RiskIQ says. https://www.darkreading.com/attacks-breaches/ticketmaster-breach-part-of-massive-payment-card-hacking-campaign/d/d-id/1332266 7/10/2018 Unknown Unknown Planting of Malware Magecart
MyPillow and Amerisleep are both popular mattresses and bedding merchants in the
United States. While their websites boast the best deals around for a proper night's sleep,
what is lacking is an acknowledgment of two separate security incidents potentially
2019-001 WHID 2019-001: MyPillow and Amerisleep wake up to Magecart card theft nightmare impacting their customers -- incidents which RiskIQ says took place as far back as 2017. https://www.zdnet.com/article/mypillow-and-amerisleep-wake-up-to-magecart-card-theft-nightmare/ 3/21/2019 Unknown Unknown Planting of Malware Retail Magecart
A hacker who’s spent the last two weeks hijacking Reddit moderator accounts and
defacing their subreddit pages appears to be doing it partly to make a point about Reddit’s
2016-014 WHID 2016-014:Reddit doesn’t support 2FA – a hacker just proved why it should security, and also just because he can. https://nakedsecurity.sophos.com/2016/05/12/reddit-doesnt-support-2fa-a-hacker-just-proved-why-it-should/ 5/12/2016 Brute Force Insufficient AuthenticationAccount Takeover Social
The then-18-year old used a SQL database command attack, known as SQL injection, to
2016-013 WHID 2016-013: Hacker convicted for infiltrating Country Liberals' website unlawfully access the online membership application section of the site. http://www.itnews.com.au/news/hacker-charged-for-infiltrating-country-liberals-website-419516 5/13/2016 SQL Injection Improper Input Handling Leakage of Information Politics
A hardcore fetish web forum has been hacked, with more than 100,000 accounts exposed,
2016-012 WHID 2016-012: Traceable data 'stolen from fetish forum' according to a prominent security researcher. http://www.bbc.com/news/technology-36275547 5/12/2016 SQL Injection Improper Input Handling Leakage of Information Entertainment
Kiddicare, the nursery supplies retailer acquired and discarded by supermarket Morrisons,
has admitted that almost 800,000 customers' details were stolen in a data breach dating
2016-011 WHID 2016-011: Customer data hacked from Kiddicare 'test' website back to November 2015. http://www.computing.co.uk/ctg/news/2457541/customer-data-hacked-from-kiddicare-test-website 5/10/2016 Unknown Unknown Leakage of Information Retail
The official website of Odisha’s oldest university, Utkal University, was Tuesday hacked
for the second time in a week forcing officials to shut down the e-admission process.
Although it wasn’t clear if the hackers stole any information, the website was defaced and
the page showed a group called ‘Pak Cyber Attackers’ to be responsible for the attack. -
See more at: http://indianexpress.com/article/india/india-news-india/hackers-halt-utkal-
2016-010 WHID 2016-010: Hackers halt Utkal varsity’s e-admissions varsitys-e-admissions-2794346/#sthash.UYkwpg8k.dpuf http://indianexpress.com/article/india/india-news-india/hackers-halt-utkal-varsitys-e-admissions-2794346/ 5/11/2016 Unknown Unknown Defacement Education
It couldn't have been scripted any better. The new promotional website for season two of
the USA Network's computer hacking drama Mr. Robotrequired an emergency patch after
a white-hat hacker discovered a cross-site scripting (XSS) vulnerability, according to a
2016-009 WHID 2016-009: Domo Arigato: White hat reports vulnerability on Mr. Robot website report from Forbes.com. http://www.scmagazine.com/domo-arigato-white-hat-reports-vulnerability-on-mr-robot-website/article/495684/ 5/11/2016 Cross-site Scripting (XSS)
Improper Output HandlingAccount Takeover Entertainment
Homeland Security has warned that hackers are exploiting a security vulnerability in SAP
2016-008 WHID 2016-008: Homeland Security warns of hackers exploiting SAP security flaw business software -- a flaw that dates back to 2010. http://www.zdnet.com/article/homeland-security-warns-of-hackers-exploiting-sap-security-flaw/ 5/12/2016 Forceful Browsing Insufficient AuthenticationAccount Takeover
Anonymous has joined forces with GhostSquad to launch successful cyberattacks on eight
international banks that were forced to shut down their websites. The hacktivist collective
alongside the hacker group GhostSquad have launched a new operation called Op Icarus
2016-007 WHID 2016-007: Anonymous teams up with GhostSquad to attack major banks which aims to punish corrupt banks and individuals in the financial sector. http://betanews.com/2016/05/12/anonymous-op-icarus/ 5/12/2016 Denial of Service Insufficient Anti-Automation
Downtime Finance
Kaziranga National Park authorities on Monday said the official website of the park had
2016-006 WHID 2016-006: Kaziranga website hacked by Pak youth been hacked by a Pakistan-based hacker. http://www.nagalandpost.com/ChannelNews/Regional/RegionalNews.aspx?news=TkVXUzEwMDA5NzAxNg%3D%3D 5/12/2016 Unknown Unknown Defacement Government
IRCTC, Indian railway’s official website has been hacked today. All the transaction and
ticket booking are usually done through this portal. The hack has been confirmed by the
2016-005 WHID 2016-005: IRCTC Website Hacked- Over 10 Million Accounts Hacked government and news portals. http://www.groundreport.com/irctc-website-hacked-10-million-accounts-hacked/ 5/12/2016 Unknown Unknown Leakage of Information Transportation
After the campaign website for Republican presidential hopeful Donald Trump went down
Saturday morning, an online hacker collective – which has said it focuses on targeting
online activity of the Islamic State group, also known as ISIS – claimed responsibility, CBS
2016-004 WHID 2016-004: Donald Trump Campaign Website Down For An Hour, Hackers Claim Responsibility News reported http://www.ibtimes.com/donald-trump-campaign-website-down-hour-hackers-claim-responsibility-2246934 1/2/2016 Denial of Service Insufficient Anti-Automation
Downtime Politics
VPS cloud hosting provider Linode has been experiencing outages due to distributed
denial-of-service (DDoS) attacks for the past few days, with the first attacks starting on
2016-003 WHID 2016-003: Linode Is Under a Barrage of DDoS Attacks Since Christmas Christmas Eve. http://news.softpedia.com/news/linode-is-under-a-barrage-of-ddos-attacks-since-christmas-498329.shtml 1/2/2016 Denial of Service Insufficient Anti-Automation
Downtime Hosting Providers
The official website of Palembang District Court (http://pn-palembang.go.id) was reportedly
hacked as a show of protest by the hacker against the ruling made the court that rejected
the lawsuit filed by the government against PT Bumi Mekar Hijau, which was allegedly
2016-002 WHID 2016-002: Palembang District Court Website Hacked as a Show of Protest involved in the case of forest fire in South Sumatera province. http://en.tempo.co/read/news/2016/01/02/055732482/Palembang-District-Court-Website-Hacked-as-a-Show-of-Protest 1/2/2016 Unknown Insufficient Outbound Handling
Defacement Government
A Moroccan hacker that calls himself ElSurveillance has defaced and stolen data from 79
escort websites, as part of a larger campaign he started last summer, a campaign against
2016-001 WHID 2016-001: Religiously Motivated Hacker Defaces 79 Escort Sites adult and escort portals. http://news.softpedia.com/news/religiously-motivated-hacker-defaces-79-escort-sites-498311.shtml 1/1/2016 Unknown Insufficient Outbound Handling
Defacement Entertainment
Hong Kong Free Press, an independent news website set up to counter falling press
freedom in the territory, has been hit by a denial-of-service attack before the platform has
2015-063 WHID 2015-063: Hong Kong Free Press hit by denial-of-service attack weeks before launch launched http://www.mumbrella.asia/2015/06/hong-kong-free-press-hit-by-denial-of-service-attack-before-launch/ 6/3/2015 Denial of Service Insufficient Anti-Automation
Downtime Media
A targeted attack on a businessman from Mahwah, New Jersey, caused the victim a
financial loss of $240,000 / €215,000, through a bank transfer request that appeared
2015-062 WHID 2015-062: Businessman Loses $240,000 to Hackers legitimate to the financial institution. http://news.softpedia.com/news/Businessman-Loses-240-000-to-Hackers-483098.shtml 6/2/2015 Banking Trojan Insufficient AuthenticationMonetary Loss Finance
Web Design 309, a local web design firm, says the hackers used a brute force attack to
break into a local server, using millions of password combinations at the same time until
2015-061 WHID 2015-061: Local websites hacked after a brute force attack one of them worked. http://www.cinewsnow.com/news/local/Local-websites-hacked-after-a-brute-force-attack-305933091.html 6/2/2015 Brute Force Insufficient Anti-Automation
Account Takeover Technology
The Huffington Post and several major websites displayed malware-laced advertisements
2015-060 WHID 2015-060: Hackers attack Huffington Post, other sites, with malware-laced ads that infected computers and locked them down. http://www.reviewjournal.com/life/technology/hackers-attack-huffington-post-other-sites-malware-laced-ads 1/8/2015 Unknown Unknown Malvertising Media
A flaw discovered in Microsoft's Dynamics CRM could allow remote hackers to trick a
2015-059 WHID 2015-059: 'Self-XSS' flaw in found Microsoft Dynamics CRM logged-in user into inserting malicious code within input fields on vulnerable websites. http://www.zdnet.com/article/self-xss-flaw-in-microsoft-dynamics-crm-discovered/ 1/8/2015 Cross-site Scripting (XSS)
Improper Output HandlingAccount Takeover Technology
A newly discovered trojan is infecting Linux systems and possibly building up an arsenal of
2015-058 WHID 2015-058: Stealthy 'XOR.DDoS' trojan infects Linux systems, installs rootkit devices to be used in distributed denial-of-service (DDoS) attacks http://www.scmagazine.com/malware-targets-linux-and-arm-architecture/article/391497/ 1/7/2015 Brute Force Insufficient Anti-Automation
Botnet Recruitment Multiple
Giving Children Hope, a nonprofit that delivers aid to children and families in need around
the world, had its website hacked by a group identifying itself as Team System Dz, an
2015-057 WHID 2015-057: Hackers with ties to Islamic State group take over Buena Park nonprofit's website
Islamic State sympathizer. http://www.ocregister.com/articles/children-647453-hope-isis.html 1/8/2015 Unknown Unknown Defacement Non-Profit
Initially the cyberattack had only affected the homepage of www.dker.bg, with access to
2015-056 WHID 2015-056: Bulgarian Energy Regulator’s Website Hacked the site being restricted completely at around 9.30 AM CET on Thursday http://www.publics.bg/en/news/11993/Bulgarian_Energy_Regulator%E2%80%99s_Website_Hacked.html 1/8/2015 Unknown Unknown Defacement Government
A German official says Chancellor Angela Merkel's website and several other German
government sites have been blocked, and a pro-Russian organization has claimed
2015-055 WHID 2015-055: Merkel website hacked ahead of visit by Ukrainian premier responsibility. http://www.utsandiego.com/news/2015/jan/07/merkel-website-hacked-ahead-of-visit-by-ukrainian/ 1/7/2015 Denial of Service Insufficient Anti-Automation
Downtime Government
The Twitter account for WBOC, a Salisbury-based television station, was hijacked
2015-054 WHID 2015-054: Md. station's Twitter, website hacked by ISIS supporters Tuesday by a hacker claiming to be sympathetic to the Islamic State terrorist group. http://www.11alive.com/story/news/nation-now/2015/01/07/tv-station-site-hacked/21375453/ 1/7/2015 Unknown Unknown Defacement Media
The homepage of Sowerby Community Primary School in Yorkshire was taken over by
2015-053 WHID 2015-053: Primary school website hacked by Islamic extremists messages of hate against America and Israel http://www.mirror.co.uk/news/uk-news/primary-school-website-hacked-islamic-4928628 1/6/2015 Unknown Unknown Defacement Education
A hole in iCloud's security allowed attackers to access any iCloud account via a brute
2015-052 WHID 2015-052: iCloud hole closed following brute force attack force attack that side-stepped blocks - but it is now reported to have been patched. http://www.scmagazineuk.com/icloud-hole-closed-following-brute-force-attack/article/390822/ 1/5/2015 Brute Force Insufficient Anti-Automation
Leakage of Information Technology
2015-051 WHID 2015-051: Weasel Zippers attacked, taken down for 12 hours DDoS attack for 12 hours. http://www.americanthinker.com/blog/2015/01/weasel_zippers_attacked_taken_down_for_12_hours.html 1/6/2015 Denial of Service Insufficient Anti-Automation
Downtime Politics
2015-050 WHID 2015-050: University Of Cape CoastOfficial Website Hacked The official website of the University Of Cape Coast has been taken down http://pulse.com.gh/news/university-of-cape-coast-official-website-hacked-id3386384.html 1/6/2015 Unknown Unknown Defacement Education
The European bitcoin exchange suspends its service after it was hacked, ZDNet can
2015-049 WHID 2015-049: Bitstamp exchange hacked, $5M worth of bitcoin stolen confirm. Less than 19,000 bitcoins were stolen from an operational wallet. http://www.zdnet.com/article/bitstamp-bitcoin-exchange-suspended-amid-hack-concerns-heres-what-we-know/ 1/5/2015 Unknown Unknown Monetary Loss Finance
The second attack was detected on Sunday afternoon, only a couple of hours after the
first attack had ended, according to an announcement posted by the financial services
2015-048 WHID 2015-048: OP hit by another denial of service attack provider on its Facebook page. http://www.helsinkitimes.fi/finland/finland-news/domestic/13104-op-hit-by-another-denial-of-service-attack.html 1/5/2015 Denial of Service Insufficient Anti-Automation
Downtime Finance
Finnish bank OP is continuing to fight off a cascading series of distributed denial of service
2015-047 WHID 2015-047: Finnish bank takes cricket bat to wave after wave of DDoS varmints (DDoS) attacks that began on New Year's Eve. http://www.theregister.co.uk/2015/01/05/finnish_bank_ddos/ 1/5/2015 Denial of Service Insufficient Anti-Automation
Downtime Finance
2015-046 WHID 2015-046: PhonCert Hacked DB Dump http://siph0n.net/exploits.php?id=3676 1/31/2015 SQL Injection Improper Input Handling Leakage of Information Entertainment
After the hacking last week, the umbrella body has been unable to restore its website to
2015-045 WHID 2015-045: Women's Resource Centre website hacked by people claiming to support Isis working order, and does not know why it has been targeted http://www.thirdsector.co.uk/womens-resource-centre-website-hacked-people-claiming-support-isis/communications/article/1331684 1/30/2015 Unknown Unknown Defacement Politics
Hackers have taken down the website of DKEVR, the Bulgarian energy regulator. - See
more at: http://www.novinite.com/articles/165828/Website+of+Bulgaria%
2015-044 WHID 2015-044: Website of Bulgaria's Energy Watchdog Hacked 27s+Energy+Watchdog+Hacked#sthash.zKOcddf7.dpuf http://www.novinite.com/articles/165828/Website+of+Bulgaria%27s+Energy+Watchdog+Hacked 1/8/2015 Unknown Unknown Defacement Government
2015-043 WHID 2015-042: Higher Education Commission Pakistan Hacked DB Dump http://siph0n.net/exploits.php?id=3670 1/29/2015 SQL Injection Improper Input Handling Leakage of Information Education
Last week, we hacked the servers of Temporis, allegedly France’s largest network of
2015-042 WHID 2015-042: Rex Mundi dumps more data after another entity doesn’t pay extortion demands
franchised temp work agencies (www.temporis-franchise.fr). http://www.databreaches.net/rex-mundi-dumps-more-data-after-another-entity-doesnt-pay-extortion-demands/ 1/27/2015 SQL Injection Improper Input Handling Leakage of Information Recruiting
The entire Victor Valley College Information Technology Department has been placed on
paid administrative leave while campus police and an outside company investigate a
2015-041 WHID 2015-041: Victor Valley College hit by computer security breach breach in security protocol, President Roger Wagner said Thursday. http://www.databreaches.net/ca-victor-valley-college-hit-by-computer-security-breach-entire-it-dept-put-on-leave/ 1/31/2015 SQL Injection Improper Input Handling Leakage of Information Education
2015-040 WHID 2015-040: oklahomacounty.org hacked DB Dump on PasteBin http://pastebin.com/0ekAGZWs 1/25/2015 SQL Injection Improper Input Handling Leakage of Information Government
2015-039 WHID 2015-039: ValidDumps.RU Full User Database Dump DB Dump http://siph0n.net/exploits.php?id=3668 1/22/2015 SQL Injection Improper Input Handling Leakage of Information Hacker Site
2015-038 WHID 2015-038: FreshFiction DB Dumped DB Dump on PasteBin http://pastebin.com/ZGfRR7mL 1/24/2015 SQL Injection Improper Input Handling Leakage of Information Media
“Well, looks like the XPY supporters got what they wanted. They logged in to our domain
2015-037 WHID 2015-037: Bitcoin news website Coinfire and its Twitter account hacked registrar account and had our domain taken away from us,” he added. http://www.hackread.com/bitcoin-news-website-coinfire-website-twitter-hacked/ 1/26/2015 DNS Hijacking Insufficient Process Validation
Defacement Media
2015-036 WHID 2015-036: Government of Nepal /Nepal Department of Transportation Hacked DB Dump http://siph0n.net/exploits.php?id=3665 1/19/2015 SQL Injection Improper Input Handling Leakage of Information Government
It appears we should add the University of Chicago to schools hacked by Carbonic. And
2015-035 WHID 2015-035: U. Chicago hacked yes, chalk it up to another SQLi vulnerability. http://www.databreaches.net/u-chicago-hacked-by-teamcarbonic-claim/ 1/24/2015 SQL Injection Improper Input Handling Leakage of Information Education
The majority of the Ghanaian government's websites, including its main site, have been
2015-034 WHID 2015-034: Ghana government websites targeted by hackers hacked and are currently offline. http://www.bbc.com/news/world-africa-30914000 1/21/2015 Unknown Unknown Defacement Government
Hackers from the Syrian Electronic Army, which supports Syrian President Bashar al-
Assad, broke into the Twitter account of Le Monde overnight, the newspaper confirmed on
2015-033 WHID 2015-033: Le Monde hacked: 'Je ne suis pas Charlie' writes Syrian Electronic Army Wednesday. http://www.telegraph.co.uk/news/worldnews/europe/france/11359732/Le-Monde-hacked-Je-ne-suis-pas-Charlie-writes-Syrian-Electronic-Army.html 1/21/2015 Unknown Unknown Account Takeover Social
At least two New Zealand websites have been hacked and defaced by a group calling
2015-032 WHID 2015-032: Alleged Islamic hackers target NZ websites themselves the 'Team Muslim Cyberforce'. http://www.stuff.co.nz/technology/digital-living/65198165/islamic-hackers-target-nz-websites 1/19/2015 Unknown Unknown Defacement Non-Profit
A major data breach has hit one of Australia's leading travel insurers, exposing details of
three quarters of a million policy holders. But while the hack occurred last year, customers
2015-031 WHID 2015-031: Aussie Travel Cover hack exposes details of 770,000 customers have remained in the dark. http://www.cnet.com/au/news/aussie-travel-cover-hack-exposes-customer-details/ 1/20/2015 SQL Injection Improper Input Handling Leakage of Information Travel
2015-030 WHID 2015-030: philsacra.ust.edu.ph website hacked DB dump http://siph0n.net/exploits.php?id=3654 1/17/2015 SQL Injection Improper Input Handling Leakage of Information Education
Police in Finland are investigating a series of distributed denial-of-service attacks against
the country's OP Pohjola financial services group that have intermittently shut down online
2015-029 WHID 2015-029: DDoS Attacks Slam Finnish Bank banking and direct debit services http://www.bankinfosecurity.com/ddos-attacks-slam-finnish-bank-a-7761 1/7/2015 Denial of Service Insufficient Anti-Automation
Downtime Finance
2015-028 WHID 2015-028: PowerPulse website hacked DB dumped http://siph0n.net/exploits.php?id=3653 1/16/2015 SQL Injection Improper Input Handling Leakage of Information Media
A Virginia county was the victim of a cyber attack where a group posted messages and
videos praising ISIS, the rebel Islamic group that has leveled threats against the United
States. - See more at: http://statescoop.com/virginia-county-website-defaced-islamic-state-
2015-027 WHID 2015-027: Virginia county website defaced with Islamic State message messages/#sthash.C2MeEh4O.dpuf http://statescoop.com/virginia-county-website-defaced-islamic-state-messages/ 1/20/2015 Unknown Unknown Defacement Government
From January 2014 to October 2014, cardholder data was exposed on three separate
occasions for various lengths of time due to a cyber attack against Barbecue Renew's web
2015-026 WHID 2015-026: Grill parts website experiences system intrusion, payment card breach server. http://www.scmagazine.com/grill-parts-website-experiences-system-intrusion-payment-card-breach/article/394116/ 1/23/2015 SQL Injection Improper Input Handling Leakage of Information Retail
In a campuswide e-mail Friday, interim president Devinder Malhotra wrote that a computer
hacker apparently got “unauthorized access” to the university database in mid-December,
2015-025 WHID 2015-025: Hacker breached Metropolitan State University database with personal info and that investigators are still trying to determine the scope of the data breach. http://www.databreaches.net/mn-hacker-breached-metropolitan-state-university-database-with-pe-rsonal-info/ 1/16/2015 SQL Injection Improper Input Handling Leakage of Information Education
Free Syrian Hacker Dr.SHA6H hacked and defaced the official Ohio City Website of
Perrysburg. He left a message to the defaced page with a message bashing the
2015-024 WHID 2015-024: FREE SYRIAN HACKERS HACKS OHIO CITY’S WEBSITE governments of the world for not solving the Syrian Crisis. https://www.hackread.com/ohio-city-website-hacked-by-free-syrian-hacker/ 1/17/2015 Unknown Unknown Defacement Government
Since the three day terror attack that started in France on January 7 with the attack on
satirical newspaper Charlie Hebdo, 19,000 websites of French-based companies have
2015-023 WHID 2015-023: 19,000 French websites hit by DDoS, defaced in wake of terror attack been targeted by cyber attackers, AP reports. http://www.net-security.org/secworld.php?id=17832 1/16/2015 Denial of Service Insufficient Anti-Automation
Downtime Media
2015-022 WHID 2015-022: Aqua Marine Boat website hacked DB dumped on PasteBin http://pastebin.com/ApnT0YcX 1/13/2015 SQL Injection Improper Input Handling Leakage of Information Retail
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
2015-021 WHID 2015-021: BigBlueInteractive Hacked Zyklon dumpts DB http://www.databreaches.net/and-then-i-stumbled-across-these-hacks-by-zyklon/ 1/14/2015 SQL Injection Improper Input Handling Leakage of Information Media
2015-020 WHID 2015-020: PasteBin DB Dump from lehlel.com lehlel.com was hacked and DB dumped http://pastebin.ca/2906107 1/14/2015 SQL Injection Improper Input Handling Leakage of Information Social
Tennessee-based ValuePetSupplies.com is notifying several thousand customers that
unauthorized persons accessed its servers and installed malicious files to capture
2015-019 WHID 2015-019: Payment cards targeted in attack on pet supplies website personal information – including payment card data – entered into its website. http://www.scmagazine.com/payment-cards-targeted-in-attack-on-pet-supplies-website/article/392821/ 1/16/2015 Unknown Unknown Leakage of Information Retail
The website of the open-source text editor Notepad++ has been defaced by an Islamist
2015-018 WHID 2015-018: Notepad++ Releases “Je suis Charlie” Edition, Website Gets Defaced hacking group because the developer released a “Je suis Charlie” edition of the software. http://news.softpedia.com/news/Notepad-plus-plus-Releases-Je-suis-Charlie-Edition-Website-Gets-Defaced-469956.shtml 1/14/2015 Unknown Unknown Defacement Technology
The hackers stole usernames and passwords from a third party source and logged into
thousands of accounts. The source of the leak is being investigated as the airlines work to
2015-017 WHID 2015-017: Thousands of American and United airlines accounts hacked, with thieves booking
pay dozens
back theofhacked
free trips
customers. http://www.nydailynews.com/news/national/thousands-american-united-airlines-accounts-hacked-article-1.2075162 1/12/2015 SQL Injection Improper Input Handling Leakage of Information Transportation
POLICE are investigating after the Bundaberg Regional Libraries website was hacked by a
2015-016 WHID 2015-016: Bundaberg Library website used as hacker's billboard Syrian activist. http://www.news-mail.com.au/news/library-website-a-hackers-billboard/2508740/ 1/13/2015 Unknown Unknown Defacement Government
Users who visited the site of the state-run North Korean news agency, to see the country’s
response to the Sony hacking accusations or for other reasons, might want to scan their
2015-015 WHID 2015-015: North Korean official news agency site serves malware computers for malware. http://www.pcworld.com/article/2868436/north-korean-official-news-agency-site-serves-malware.html 1/13/2015 Unknown Unknown Planting of Malware Media
xtraTorrent, one of the largest torrent sites on the Internet, remains down following a huge
DDoS attack. The site's operators are working hard to mitigate the assault and hope to
2015-014 WHID 2015-014: Extratorrent Down After Huge DDoS Attack have the site back online soon. https://torrentfreak.com/extratorrent-down-after-huge-ddos-attack-150112/ 1/12/2015 Denial of Service Insufficient Anti-Automation
Downtime Data Sharing
The U. of Hawaii data dump, which DataBreaches.net is not linking to, does not contain
student or employee personal information, but in addition to acquiring the root
username/password, “Attorney” also got the mac addresses, service tags, usernames and
more of each and every computer/smart board in their University. The dump only
2015-013 WHID 2015-013: U. of Hawaii and Cornell University hacked contained approximately 2,000 of the 65,000 lines of data he acquired, he tells this site http://www.databreaches.net/u-of-hawaii-and-cornell-university-hacked-by-marxistattorney/ 1/7/2015 SQL Injection Improper Input Handling Leakage of Information Education
Islamic extremists have hacked the websites of a primary school and a church and
2015-012 WHID 2015-012: Islamic extremists hack websites of primary school and church in Yorkshire replaced their homepages with a hate message against the US and Israel. http://www.dailymail.co.uk/news/article-2898635/Islamic-extremists-hack-websites-primary-school-church-Yorkshire-replace-homepages-hate-message-against-U-S-Israel.html
1/6/2015 Unknown Unknown Defacement Education
Two more EC-Council sub-domains have been defaced by the hacking group known as
2015-011 WHID 2015-011: More EC-Council Sub-Domains Defaced Indonesian Gantengers Crew. http://www.batblue.com/more-ec-council-sub-domains-defaced/ 1/6/2015 Unknown Unknown Defacement Government
A group calling itself the "CyberCaliphate" took over the Twitter feeds of two American
2015-010 WHID 2015-010: News websites, Twitter feeds hacked with pro-ISIS message news outlets Tuesday, in addition to the website of a Maryland-based TV news station. http://www.cbsnews.com/news/albuquerque-journal-wboc-websites-twitter-feeds-hacked-with-pro-isis-message/ 1/6/2015 Brute Force Insufficient Anti-Automation
Account Takeover Social
To achieve this flight, hackers exploited a flaw, a SQL injection via two different reticular
fallible addresses [ as in the case of TF1 / Viapresse, NDR ]. Remember, OWASP , an
independent organization dedicated to IT security, classified in its top 10 SQL injections as
2015-009 WHID 2015-009: 10 million customer data stolen from Orange Spain the first plague web applications. http://www.zataz.com/10-millions-de-donnees-volees-a-orange-espagne/#axzz3Nr3klnlH 1/5/2013 SQL Injection Improper Input Handling Leakage of Information Retail
In a post on Pastebin yesterday, @MarxistAttorney (web site) claimed a number of hacks,
including California State University, University of Kentucky, University of Connecticut,
2015-008 WHID 2015-008: Universities hacked, data dumped University of Maryland, Coastal Carolina University, and Abertay University. http://www.databreaches.net/universities-hacked-data-dumped-by-marxistattorney/ 1/4/2015 SQL Injection Improper Input Handling Leakage of Information Education
Tan Tock Seng Hospital has explained that the insulting, anti-Singaporean comments
2015-007 WHID 2015-007: TAN TOCK SENG: EDZ ELLO’S FACEBOOK ACCOUNT WAS HACKED WHEN made
HE MADE
by one INSULTING
of their staff,COMMENTS
Edz Ello, were posted while his facebook account was hacked. http://therealsingapore.com/content/tan-tock-seng-edz-ello%E2%80%99s-facebook-account-was-hacked-when-he-made-insulting-comments 1/4/2015 Brute Force Insufficient Anti-Automation
Account Takeover Social
2015-006 WHID 2015-006: United Nations Hacked by ulzr1z #REPOST United Nations Sub-domain Hacked by UlzR1z http://pastebin.com/GTmHYUyY 1/11/2015 SQL Injection Improper Input Handling Leakage of Information Government
HACKERS have stolen confidential data relating to almost two million online shoppers in
France who made purchases via the French TV station website TF1.fr - See more at: http:
//www.connexionfrance.com/shoppers-data-hacked-tf1-magazine-subscription-website-
2015-005 WHID 2015-005: 1.9m shoppers' data is hacked 16506-view-article.html#sthash.7vOravLn.dpuf http://www.connexionfrance.com/shoppers-data-hacked-tf1-magazine-subscription-website-16506-view-article.html 1/4/2015 SQL Injection Improper Input Handling Leakage of Information Retail
2015-004 WHID 2015-004: differencegames.com Database Dump PasteBin DB Dump of data from differencegames.com http://pastebin.com/SJc2xDr8 1/1/2015 SQL Injection Improper Input Handling Leakage of Information Retail
2015-003 WHID 2015-003: en.asiadcp.com Buyer Info Dump PasteBin DB Dump of data from http://en.asiadcp.com http://pastebin.com/Wp8xCir3 1/1/2015 SQL Injection Improper Input Handling Leakage of Information Retail
On the heels of Wednesday's attack on the OP-Pohjola Group's online banking services,
Nordea announced on Friday afternoon that its online banking services had also been the
2015-002 WHID 2015-002: Nordea: Online banking hit by hackers target of a denial of services attack http://yle.fi/uutiset/nordea_online_banking_hit_by_hackers/7718241 1/2/2015 Denial of Service Insufficient Anti-Automation
Downtime Finance
A developer claims to have discovered a flaw in Apple's iCloud security where an
2015-001 WHID 2015-001: iCloud accounts at risk of brute force attack as hacker exploits 'painfully obvious'
automated
passwordpiece
flaw of software can be used to repeatedly guess a target's password. http://www.ibtimes.co.uk/icloud-accounts-risk-brute-force-attack-hacker-exploits-painfully-obvious-password-flaw-1481623 1/2/2015 Brute Force Insufficient Anti-Automation
Account Takeover Technology
2014-151 WHID 2014-151: ctf365.com defaced and account information taken Hacking group defaced ctf365.com and obtained the username and password list. http://www.reddit.com/r/hacking/comments/2nbsou/ctf365_hacked/ 11/24/2014 Unknown Unknown Defacement Technology
Hacker group DerpTrolling has released a "very small portion" of usernames and logins for
2014-150 WHID 2014-150: DerpTrolling leaks PSN, 2K, Windows Live customer logins three gaming networks in its possession as a "warning to companies". http://www.cnet.com/news/derptrolling-leaks-psn-2k-windows-live-customer-logins/ 11/20/2014 Unknown Unknown Leakage of Information Gaming
The distributed denial of service (DDoS) attacks have been carried out against
independent news site Apple Daily and PopVote, which organised mock chief executive
2014-149 WHID 2014-149: The Largest Cyber Attack In History Has Been Hitting Hong Kong Sites elections for Hong Kong. http://www.forbes.com/sites/parmyolson/2014/11/20/the-largest-cyber-attack-in-history-has-been-hitting-hong-kong-sites/?ss=cio-network/ 11/21/2014 Denial of Service Insufficient Anti-Automation
Downtime Politics
Hackers from China breached the federal weather network recently, forcing cybersecurity
teams to seal off data vital to disaster planning, aviation, shipping and scores of other
2014-148 WHID 2014-148: Chinese hackers breach U.S. federal weather network, may have accessed classified data officials said.
crucial uses, http://news.nationalpost.com/2014/11/12/chinese-hackers-breach-u-s-federal-weather-network-may-have-accessed-classified-data/ 11/12/2014 Unknown Unknown Downtime Government
The cross-browser testing service BrowserStack was recently breached by an attacker
who leveraged his access to send an email to users claiming that the service was shutting
2014-147 WHID 2014-147: BrowserStack Hacked via Shellshock down. http://www.esecurityplanet.com/network-security/browserstack-hacked-via-shellshock.html 11/9/2014 OS Commanding Improper Input Handling Leakage of Information Technology ShellShock
WoW Insider received reports earlier today that Blizzard may be the target of a significant
DDoS effort -- and community manager Bashiok has confirmed it on the World of Warcraft
2014-146 WHID 2014-146: Blizzard confirms World of Warcraft target of DDoS attack forums. http://wow.joystiq.com/2014/11/13/blizzard-confirms-world-of-warcraft-target-of-ddos-attack/ 11/13/2014 Denial of Service Insufficient Anti-Automation
Downtime Gaming
Cybercriminals are sneaking past security protections to access online accounts across 34
banks in Switzerland, Sweden, Austria and Japan. And in doing so, experts say, the
hackers are defeating what’s often touted as one of the more effective online security
2014-145 WHID 2014-145: Hackers bypass online security at 34 banks protocols. http://www.marketwatch.com/story/hackers-bypass-online-security-at-34-banks-2014-07-22?siteid=bigcharts&dist=bigcharts 7/24/2014 Banking Trojan Insufficient Process Validation
Monetary Loss Finance
For the second time in the past month, AskMen.com was compromised, with malicious
code injected on the company's server sending out attacks. AskMen is reportedly looking
2014-144 WHID 2014-144: AskMen website hacked twice in the past month, sending malicious code into the security issue after being contacted by security software company Malwarebytes. http://www.tweaktown.com/news/39211/askmen-website-hacked-twice-in-the-past-month-sending-malicious-code/index.html 7/22/2014 Unknown Unknown Planting of Malware Media
However, Komarov, whose firm discovered the posting offering the vulnerabilities, said
that IntelCrawl had confirmed that a SQL injection vulnerability in the wsj.com site made it
2014-143 WHID 2014-143: WSJ website hacked, data offered for sale for 1 bitcoin possible “to get access to any database on the wsj.com server.” http://arstechnica.com/security/2014/07/wsj-website-hacked-data-offered-for-sale-for-1-bitcoin/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+(Ars+Technica+-+All+content)
7/23/2014 SQL Injection Improper Input Handling Leakage of Information Media
A glut of WordPress sites have fallen victim to both malware infections and a series of
brute force attacks that have been making the rounds over the past several days,
2014-142 WHID 2014-142: WORDPRESS SITES SEEING INCREASED MALWARE, BRUTE FORCE ATTACKS THIS WEEK
researchers claim. http://threatpost.com/wordpress-sites-seeing-increased-malware-brute-force-attacks-this-week 7/23/2014 Brute Force Insufficient Anti-Automation
Account Takeover Blogs
The attackers exploited a vulnerability to access a database serving the ECB’s public
website, the institution announced Thursday on its website. No internal systems or market
2014-141 WHID 2014-141: Hackers steal user data from the European Central Bank website, ask for money
sensitive data were affected, the ECB said. http://www.pcworld.com/article/2457960/hackers-steal-user-data-from-the-european-central-bank-website-ask-for-money.html 7/24/2014 SQL Injection Improper Input Handling Leakage of Information Finance
Shelby County Schools is limiting access to the direct deposit portion of its employee
portal after bank routing and account numbers for at least 10 employees were changed
2014-140 WHID 2014-140: Shelby County Schools' direct deposit data hacked and routed instead to prepaid cards. http://www.commercialappeal.com/news/local-news/schools/shelby-county-schools-direct-deposit-data-hacked_31644341 7/18/2014 Unknown Unknown Monetary Loss Education
An online activist known only as Ethical Dragon has been reportedly hacking the websites
of musicians and celebrities he feels have been ignoring his efforts to communicate with
2014-139 WHID 2014-139: Hacker Goes On Spree Against Musicians' Websites him (or her). http://themusic.com.au/news/all/2014/07/19/hacker-goes-on-spree-against-musicians-websites/ 7/18/2014 Unknown Unknown Defacement Entertainment
Hacker collective Anonymous has announced that it has taken down over a thousand of
crucial Israeli websites in a huge new coordinated cyber-attack called #OpSaveGaza on
2014-138 WHID 2014-138: #OpSaveGaza: Anonymous Takes Down 1,000 Israeli Government and Business 11 Websites
July and 17 July, in support of the people of Palestine. http://www.ibtimes.co.uk/opsavegaza-anonymous-takes-down-1000-israeli-government-business-websites-1457269 7/19/2014 Denial of Service Insufficient Anti-Automation
Downtiime Government Yes OpSaveGaza
Anonymous has laid claim to the downing of 500 Israeli web pages as part of a cyber
2014-137 WHID 2014-137: Anonymous hacks Israeli websites in new pro-Palestine campaign attack by the group in support of the people of Palestine. http://www.itproportal.com/2014/04/07/anonymous-hacks-israeli-websites-in-new-pro-palestine-campaign/ 4/7/2014 Denial of Service Insufficient Anti-Automation
Downtime Government Yes OpIsrael
A Saudi man in Bashair has filed a complaint saying that an anonymous individual had
hacked into his bank account and transferred SR18,430 to another account through local
2014-136 WHID 2014-136: Bank account of Saudi hacked transfer, adding that he is worried that the money would land in the wrong hands. http://www.arabnews.com/news/603681 7/18/2014 Unknown Unknown Monetary Loss Finance
About 1,600 patients had their private data in the provincial PharmaNet prescription
2014-135 WHID 2014-135: B.C. PharmaNet hit by hacker, 1,600 accounts breached system accessed by an unknown hacker, a Health Ministry investigation has revealed. http://www.cbc.ca/news/canada/british-columbia/b-c-pharmanet-hit-by-hacker-1-600-accounts-breached-1.2704446 7/11/2014 Stolen Credentials Insufficient AuthenticationLeakage of Information Healthcare
W0rm, which uses the Twitter handle @rev_priv8, tweeted a screenshot purportedly
showing the contents of the CNET database. He or she said that a security hole in CNET.
2014-134 WHID 2014-134: CNET Confirms Russian Hack com's implementation of the Symfony PHP framework was the attack vector. http://www.infosecurity-magazine.com/view/39323/cnet-confirms-russian-hack 7/15/2014 Code Injection Improper Input Handling Leakage of Information Media
Visitors accessing the Town of Grand Falls-Windsor’s official website late last week or
2014-133 WHID 2014-133: Town website hacked over the weekend may have gotten a shock. http://www.gfwadvertiser.ca/News/Local/2014-07-15/article-3801475/Town-website-hacked/1 7/15/2014 Unknown Unknown SPAM Links Government
The Houston Astros say they have been the victims of hackers who accessed their servers
2014-132 WHID 2014-132: Astros Respond After Hackers Breach Internal Database and published months of internal trade talks on the Internet. http://www.kwtx.com/sports/headlines/Astros-Respond-To-Security-Breach-265301541.html?ref=541 6/30/2014 Unknown Unknown Leakage of Information Sports
After compromising the VFW website, the attackers added an iframe into the beginning of
the website’s HTML code that loads the attacker’s page in the background. The attacker’s
HTML/JavaScript page runs a Flash object, which orchestrates the remainder of the
2014-131 WHID 2014-131: Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars exploit.
Website http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html 2/13/2014 Unknown Unknown Planting of Malware Government
Over 60,000 full names, user names, phone numbers and home addresses were leaked,
2014-130 WHID 2014-130: European Cyber Army Hacker Targets Syria along with several encrypted passwords and several in clear text. http://www.esecurityplanet.com/hackers/european-cyber-army-hacker-targets-syria.html 4/9/2014 SQL Injection Improper Input Handling Leakage of Information Advertising
After hacking and humiliating Comcast in February, NullCrew is back with HorsemenLulz
in a successful hack on the mail servers of the second biggest media company in the Arab
2014-129 WHID 2014-129: Anti-media cybercrime spree continues: Al Arabiya hacked by NullCrew world, Al Arabiya. http://www.zdnet.com/anti-media-cybercrime-spree-continues-al-arabiya-hacked-by-nullcrew-7000028004/ 4/3/2014 Local File Inclusion (LFI)Improper Input Handling Leakage of Information Media
Earlier today, a hacker identified as ProbablyOnion (who recently breached Boxee.tv) has
posted data from a large job seeker website resulting in over 36,000 accounts being
2014-128 WHID 2014-128: SQL Injection Leads To BigMoneyJobs.com Leak published online. https://www.riskbasedsecurity.com/2014/04/sql-injection-leads-to-bigmoneyjobs-com-leak/ 4/2/2014 SQL Injection Improper Input Handling Leakage of Information Advertising
On Sunday, March 30, email marketing service Mad Mimi was hit by a distributed denial-
of-service (DDOS) attack. Shortly after, they received an email from someone who asked
2014-127 WHID 2014-127: Email Marketing Service Mad Mimi Hit by DDOS Attacks, Blackmailed for 1.8 Bitcoins to stop launching attacks. http://news.softpedia.com/news/Email-Marketing-Service-Mad-Mimi-Hit-by-DDOS-Attacks-Blackmailed-435152.shtml 4/1/2014 Denial of Service Insufficient Anti-Automation
Downtime Advertising
A skirmish erupted last week when hacking group NullCrew successfully broke into tactical
communications company Klas Telecom. The global government contractor had an
2014-126 WHID 2014-126: Gov't contractor Klas Telecom responds to getting hacked by NullCrew interesting response to its attackers. http://www.zdnet.com/govt-contractor-klas-telecom-responds-to-getting-hacked-by-nullcrew-7000028102/ 4/6/2014 SQL Injection Improper Input Handling Leakage of Information Technology
Hackers posted names, e-mail addresses, message histories, and partially protected login
credentials for more than 158,000 forum users of Boxee.tv, the Web-based television
2014-125 WHID 2014-125: Hack of Boxee.tv exposes password data, messages for 158,000 users service that was acquired by Samsung last year, researchers said. http://arstechnica.com/security/2014/04/hack-of-boxee-tv-exposes-password-data-messages-for-158000-users/ 4/1/2014 Unknown Unknown Leakage of Information Technology
On Monday morning, Ms Bishop's spokeswoman said: "In weightier issues today, the
Australian Foreign Minister’s Twitter account was accessed by spambots alerting her more
than 50,000 followers to the latest innovations in weight loss, instead of her usual
2014-124 WHID 2014-124: Foreign Minister Julie Bishop confirms her Twitter account was hacked diplomatic endeavours. Twitter was quickly on the case and the situation swiftly handled.” http://www.smh.com.au/federal-politics/political-news/foreign-minister-julie-bishop-confirms-her-twitter-account-was-hacked-20140317-34wc8.html 3/17/2014 Unknown Insufficient AuthenticationSPAM Links Social
The Guatemala websites of Renault, Toyota and Chevrolet have been hacked and
2014-123 WHID 2014-123: Guatemala Sites of Renault, Toyota and Chevrolet Hacked and Defaced defaced by a member of a Pakistani group called Team Cyber Criminals. http://news.softpedia.com/news/Guatemala-Sites-of-Renault-Toyota-and-Chevrolet-Hacked-and-Defaced-432682.shtml 3/18/2014 Unknown Unknown Defacement Automotive
The attack, which has been given the name “Windigo” after a mythical creature from
Algonquian Native American folklore, has resulted in over 25,000 Unix servers being
hacked, resulting in 35 million spam messages being sent each day from compromised
2014-122 WHID 2014-122: Over 500,000 PCs attacked every day after 25,000 UNIX servers hijacked by Operation
machines.Windigo http://www.welivesecurity.com/2014/03/18/attack-unix-operation-windigo/ 3/18/2014 Stolen Credentials Insufficient AuthenticationSPAM Links Technology
One of the carmaker’s German websites hacked to include a backdoor last year, following
2014-121 WHID 2014-121: Citroen becomes the latest victim of Adobe ColdFusion hackers similar cases elsewhere http://www.theguardian.com/technology/2014/mar/17/citroen-adobe-coldfusion-hacked-backdoor 3/17/2014 Local File Inclusion (LFI)Improper Input Handling Leakage of Information Retail
Names, email addresses and phone numbers from about 850 current and former Johns
Hopkins University biomedical engineering students were posted online Thursday, stolen
2014-120 WHID 2014-120: Hacker breaches Hopkins server by someone claiming to be part of the hacker group known as Anonymous. http://articles.baltimoresun.com/2014-03-07/news/bs-md-hopkins-servers-hacked-20140306_1_engineering-students-identity-theft-server 3/7/2014 Unknown Unknown Leakage of Information Education
Earlier this morning, digital comics publisher comiXology sent out an email notifying
subscribers that it had discovered its database had recently been compromised. While
comiXology states that credit card information should be safe -- it does not store card
numbers on its servers -- it is suggested users of the digital platform immediately change
2014-119 WHID 2014-119: COMIXOLOGY URGES USERS TO CHANGE PASSWORDS IN WAKE OF SERVER HACK immediately.
their password http://www.comicbookresources.com/?page=article&id=51291 3/6/2014 Unknown Unknown Leakage of Information Entertainment
Statista, the company that provides statistics and studies from over 18,000 sources, has
2014-118 WHID 2014-118: Statistics Company Statista Hacked, Email Addresses and Passwords Possiblybeen
Stolenhacked. The company believes the hackers could have accessed its user database. http://news.softpedia.com/news/Statistics-Company-Statista-Hacked-Email-Addresses-and-Passwords-Possibly-Stolen-431173.shtml 3/8/2014 Unknown Unknown Leakage of Information Technology
Nationwide cosmetics and beauty retailer Sally Beauty today confirmed that hackers had
2014-117 WHID 2014-117: Sally Beauty Confirms Card Data Breach broken into its networks and stolen credit card data from stores. http://krebsonsecurity.com/2014/03/sally-beauty-confirms-card-data-breach/ 3/14/2014 Unknown Unknown Leakage of Information Retail
A North Dakota University System computer server that stores personal data of nearly
300,000 past and present students was hacked, university system officials announced
2014-116 WHID 2014-116: North Dakota university system says server hacked Wednesday. http://bismarcktribune.com/news/state-and-regional/north-dakota-university-system-says-server-hacked/article_2c11572a-a4ad-11e3-ac1d-001a4bcf887a.html 3/5/2014 Unknown Unknown Leakage of Information Education
Moments ago, the Ruptly international video news agency, which is part of the RT (Russia
Today) global news network, announced that its website is under a distributed denial-of-
2014-115 WHID 2014-115: Website of International Video News Agency Ruptly Hit With DDOS Attack service (DDOS) attack. http://news.softpedia.com/news/Website-of-International-Video-News-Agency-Ruptly-Hit-With-DDOS-Attack-430390.shtml 3/4/2014 Denial of Service Insufficient Anti-Automation
Downtime Media
The Congo domains (.cd) for Amazon, Audi, AVG, BBC, BMW, Canon, DHL, eBay,
Fujitsu, GoDaddy, Hitachi, Honda, IBM, Panasonic, Toshiba, Mercedes, Rolex, Samsung,
T-Mobile, Volkswagen and many others have been defaced by hackers of TeaM
2014-114 WHID 2014-114: High-Profile Domains from Congo Defaced via Hack Attack on NIC MaDLeeTs. http://news.softpedia.com/news/High-Profile-Domains-from-Congo-Defaced-via-Hack-Attack-on-NIC-430140.shtml 3/3/2014 DNS Hijacking Insufficient Process Validation
Defacement Service Provider
Meetup.com was back online Monday, after a series of massive denial-of-service attacks
2014-113 WHID 2014-113: Denial-Of-Service Attack Snags Meetup.com For Days that lasted off and on for four days. http://newyork.cbslocal.com/2014/03/03/denial-of-service-attack-snags-meetup-com-for-days/ 3/4/2014 Denial of Service Insufficient Anti-Automation
Downtime Social
Not all of the above-mentioned victims involved the exploitation of ColdFusion
vulnerabilities, but Smucker’s was included in a list of compromised online stores that I
regrettably lost track of toward the end of 2013, amid a series of investigations involving
2014-112 WHID 2014-112: Thieves Jam Up Smucker’s, Card Processor breaches at much bigger victims. http://krebsonsecurity.com/2014/03/thieves-jam-up-smuckers-card-processor/ 3/14/2014 Local File Inclusion (LFI)Improper Input Handling Leakage of Information Retail
It has come to to light today that the website of W3C (World Wide Web Consortium) has
2014-111 WHID 2014-111: W3C website fell victim to an SQL injection fallen victim to an SQL injection from an unknown party. http://www.hackingdaily.com/2014/03/w3c-hacked-by-sql.html 3/1/2014 SQL Injection Improper Input Handling Leakage of Information Technology
An EA Games server has been compromised by hackers and is now hosting a phishing
2014-110 WHID 2014-110: EA Games website hacked to steal Apple IDs site which targets Apple ID account holders. http://news.netcraft.com/archives/2014/03/19/ea-games-website-hacked-to-steal-apple-ids.html 3/19/2014 OS Commanding Improper Input Handling Phishing Gaming
After almost two days of disrupted service, SurveyGizmo has completely recovered from a
DDoS attack. According to Jason Carolan, CTO of SurveyGizmo’s web host ViaWest, the
2014-109 WHID 2014-109: SurveyGizmo Recovers from DDoS Attack Despite “Communication Issues” with Hosting
attack wasProvider ViaWest
persistent and estimated at between 20 and 40 Gbps. http://www.thewhir.com/web-hosting-news/surveygizmo-recovers-ddos-attack-despite-communication-issues-hosting-provider-viawest 3/28/2014 Denial of Service Insufficient Anti-Automation
Downtime Technology
In Europe, hackers are causing problems with distributed denial-of-service (DDoS)
2014-108 WHID 2014-108: World Of Warcraft, Hearthstone Hit By DDoS Attacks And ISP Issues attacks. The result is that every online game by the company has been disrupted. http://www.cinemablend.com/games/World-Warcraft-Hearthstone-Hit-By-DDoS-Attacks-ISP-Issues-63106.html 3/31/2014 Denial of Service Insufficient Anti-Automation
Downtime Gaming
The Elance denial-of-service attack has been going on for over a day now, though it is
now only sporadic. Elance says it has bought in new defences to try cope. Meanwhile
2014-107 WHID 2014-107: Elance and oDesk hit by major DDoS attacks, downing services for many freelancers
oDesk says it got hit by a briefer, separate attack. http://gigaom.com/2014/03/18/elance-hit-by-major-ddos-attack-downing-service-for-many-freelancers/ 3/18/2014 Denial of Service Insufficient Anti-Automation
Downtime Technology
HootSuite has bounced back from a denial of service (DoS) attack on Thursday morning
2014-106 WHID 2014-106: HootSuite Bounces Back After DDoS Attack that prevented users from accessing the social media platform. http://mashable.com/2014/03/21/hootsuite-bounce-back-after-ddos-attack/ 3/21/2014 Denial of Service Insufficient Anti-Automation
Downtime Social
A series of DDoS attacks launched over the weekend disrupted access to several
2014-105 WHID 2014-105: DDoS attack takes out NATO websites, Ukraine connection claimed websites operated by NATO http://nakedsecurity.sophos.com/2014/03/17/ddos-attack-takes-out-nato-websites-ukraine-connection-claimed/ 3/17/2014 Denial of Service Insufficient Anti-Automation
Downtime Government
Websites of several Russian state TV channels have been hit by a large cyberattack
suspected to partly come from Kiev. Anonymous Caucasus claimed it was responsible for
2014-104 WHID 2014-104: Russian media websites hit by ‘massive’ DDoS attack ‘linked to Ukraine’ hacking Channel One TV’s site, saying it had “nothing” to do with Ukraine. http://rt.com/news/russian-media-ddos-ukraine-614/ 3/14/2014 Denial of Service Insufficient Anti-Automation
Downtime Media
Basecamp, makers of the popular online project management software of the same name
(which as of this February became the company’s main focus) was hit with a distributed
denial-of-service attack (DDoS) this morning, rendering its services temporarily
unavailable. The company disclosed this news in a blog post, explaining that the
“criminals” behind the DDoS had also tried to extort money in return for stopping the attack
2014-103 WHID 2014-103: Basecamp Becomes Latest Victim Of DDoS Attackers Attempting To Extort Money – a request
From TechthatCompanies
Basecamp smartly refused. http://techcrunch.com/2014/03/24/basecamp-becomes-latest-victim-of-ddos-attackers-attempting-to-extort-money-from-tech-companies/ 3/24/2014 Denial of Service Insufficient Anti-Automation
Downtime Technology
Distributed Denial of Service (DDOS) attacks are becoming a common trend on our blog
lately, and that’s OK because it’s a very serious issue for every website owner. Today I
want to talk about a large DDOS attack that leveraged thousands of unsuspecting
2014-102 WHID 2014-102: More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack
WordPress websites as indirect source amplification vectors http://blog.sucuri.net/2014/03/more-than-162000-wordpress-sites-used-for-distributed-denial-of-service-attack.html 3/10/2014 Denial of Service Insufficient Process Validation
Downtime Blogs
On Tuesday, March 11th, GitHub was largely unreachable for roughly 2 hours as the result
of an evolving distributed denial of service (DDoS) attack. I know that you rely on GitHub
to be available all the time, and I'm sorry we let you down. I'd like to explain what
happened, how we responded to it, and what we're doing to reduce the impact of future
2014-101 WHID 2014-101: Denial of Service Attacks on GitHub attacks like this. https://github.com/blog/1796-denial-of-service-attacks 3/14/2014 Denial of Service Insufficient Anti-Automation
Downtime Technology
Mortgage origination software provider Ellie Mae says that a distributed denial of service
2014-100 WHID 2014-100: Ellie Mae hit by DDoS attack (DDoS) attack is to blame for its systems falling over earlier this week. http://www.finextra.com/news/fullstory.aspx?newsitemid=25930&topic=security 4/4/2014 Denial of Service Insufficient Anti-Automation
Downtime Government
Attackers exploited a vulnerability in a popular video-sharing site to hijack users' browsers
for use in a large-scale distributed denial-of-service attack, according to researchers from
2014-099 WHID 2014-099: XSS flaw in popular video-sharing site allowed DDoS attack through browsers Web security firm Incapsula. http://www.computerworld.com/s/article/9247450/XSS_flaw_in_popular_video_sharing_site_allowed_DDoS_attack_through_browsers 4/4/2014 Cross-site Scripting (XSS)
Improper Output HandlingDDoS Attacks Social
The official website of the UK Parliament contained basic flaws that left it vulnerable to
2014-098 WHID 2014-098: Revealed: key UK websites vulnerable to hackers hacking, a programmer has discovered. http://www.telegraph.co.uk/technology/internet-security/10673520/Revealed-key-UK-websites-vulnerable-to-hackers.html 3/4/2014 Cross-site Scripting (XSS)
Improper Output HandlingDisinformation Government
In some cases, the attackers posted maliciously crafted code on online forums. When
administrators clicked on the links, they unknowingly gave the hackers access to their
2014-097 WHID 2014-097: Three Alleged Hackers Arrested in Korea for Stealing Information from Hundreds of Sites
systems. http://news.softpedia.com/news/Three-Alleged-Hackers-Arrested-in-Korea-for-Stealing-Information-from-Hundreds-of-Sites-429630.shtml 2/27/2014 Cross-site Request Forgery
Insufficient
(CSRF)Process Validation
Leakage of Information Retail
2014-096 WHID 2014-096: Social site Meetup hit by DDoS attack Social site Meetup was hit by a DDoS attack today, according to a notice on its website. http://business-technology.co.uk/2014/02/social-site-meetup-under-ddos-attack/ 2/28/2014 Denial of Service Insufficient Anti-Automation
Downtime Social
Store officials at the Carson VIllage Market confirm their local server was compromised
but say proper security measures have been put in place and customers are no longer at
2014-095 WHID 2014-095: Hackers target Carson City market, credit card info stolen risk http://www.wzzm13.com/story/news/crime/2014/02/24/hackers-target-carson-city-market/5796113/ 2/24/2014 Unknown Unknown Leakage of Information Retail
It appears the attack was the result of DNS hijacking with the domain name pointed to an
Internet Protocol (IP) address under the attacker’s control. This also seems to have
affected EC-Council’s email infrastructure, as attempts to contact the organization at two
2014-094 WHID 2014-094: Hacker defaces website of IT security certification body EC-Council of its publicly listed email addresses failed with a DNS error. http://www.pcworld.com/article/2100880/hacker-defaces-website-of-it-security-certification-body-eccouncil.html 2/24/2014 DNS Hijacking Insufficient Process Validation
Defacement Government
Energie Steiermark, an energy company in Austria’s Styria province, says that its systems
2014-093 WHID 2014-093: Systems of Austrian Energy Provider Energie Steiermark Hacked have been hacked. http://news.softpedia.com/news/Systems-of-Austrian-Energy-Provider-Energie-Steiermark-Hacked-428187.shtml 2/20/2014 Unknown Unknown Leakage of Information Energy
Dozens of Singapore websites, possibly more than 180, have been defaced by hackers in
2014-092 WHID 2014-092: Massive hacking spree in Singapore, possibly over 180 websites defaced two separate occasions this week. http://www.techinasia.com/massive-website-defacing-spree-singapore-possibly-180-sites-affected/ 2/20/2014 Unknown Unknown Defacement Hosting Providers
Namecheap said Thursday it struggled to recover from a new type of distributed denial-of-
service attack (DDoS) against its DNS (domain name system) servers that knocked 300
2014-091 WHID 2014-091: Namecheap fends off DDoS attack that knocked 300 websites offline websites offline. http://www.pcworld.com/article/2100040/namecheap-fends-off-ddos-attack-restores-services.html 2/21/2014 Denial of Service Insufficient Anti-Automation
Downtime Service Provider
Texas State Technical College (TSTC) Waco is notifying almost 3,000 former students
and fewer than 2,000 employees that personal information may have been compromised
2014-090 WHID 2014-090: Hackers breach Texas college server, thousands compromised after an unauthorized party remotely gained access to a server that contained the data. http://www.scmagazine.com/hackers-breach-texas-college-server-thousands-compromised/article/334663/ 2/19/2014 Unknown Unknown Leakage of Information Education
The names and Social Security numbers of more than 309,000 students and staff from the
University of Maryland, dating back to 1998, were stolen in a "sophisticated" security
attack that penetrated recently bolstered defenses, the school’s president announced late
2014-089 WHID 2014-089: University of Maryland hacked; 309,000 Social Security numbers stolen Wednesday. http://www.latimes.com/nation/nationnow/la-na-nn-university-of-maryland-hacked-309000-records-compromised-20140219-story.html#ixzz2trcqXKuo 2/19/2014 Unknown Unknown Leakage of Information Education
The notorious pro-Assad hacker group known as the Syrian Electronic Army has
reportedly published a database that it says contains login credentials for 1 million users of
2014-088 WHID 2014-088: Forbes website hacked by notorious Syrian Electronic Army business publication Forbes.com. http://www.business-standard.com/article/news-ani/forbes-website-hacked-by-notorious-syrian-electronic-army-114021600119_1.html 2/16/2014 Phishing Insufficient AuthenticationDisinformation Media
The crowdfunding website Kickstarter said Saturday it had been hacked and that user
2014-087 WHID 2014-087: Kickstarter hacked, user names and encrypted passwords accessed names, encrypted passwords and other data had been accessed. http://www.computerworld.com/s/article/9246388/Kickstarter_hacked_user_names_and_encrypted_passwords_accessed 2/15/2014 Unknown Unknown Leakage of Information Social
The international supermarket chain deactivated its online customer accounts as hackers
2014-086 WHID 2014-086: Hackers hit Tesco as over 2,200 accounts compromised posted account and personal details online. http://www.cnet.com/news/hackers-hit-tesco-as-over-2200-accounts-compromised/ 2/14/2014 Brute Force Insufficient AuthenticationAccount Takeover Retail
At the start of this work week Blue MauMau was briefly hacked by a spambot lodged in
third-party service software. It tried to use our server to inject spam out to the world. That
sparked Google to mark our site for a few hours on Monday with the message, "The
2014-085 WHID 2014-085: Briefly Hacked, Quickly Eradicated website ahead contains malware!" http://www.bluemaumau.org/briefly_hacked_quickly_eradicated 2/14/2014 Unknown Unknown Planting of Malware Media
GCHQ's website at www.gchq.gov.uk is exhibiting some noticeable performance issues
2014-084 WHID 2014-084: GCHQ website falls after threats from Anonymous today, suggesting that it could be suffering from a denial of service attack. http://news.netcraft.com/archives/2014/02/12/gchq-website-falls-after-threats-from-anonymous.html 2/12/2014 Denial of Service Insufficient Anti-Automation
Downtime Government
A Government department's website was taken offline by a cyber attack which bombarded
2014-083 WHID 2014-083: Ministry website forced offline it with access requests. http://www.belfasttelegraph.co.uk/news/local-national/uk/ministry-website-forced-offline-30003368.html 2/12/2014 Denial of Service Insufficient Anti-Automation
Downtime Government
Hackers breached the websites of all Las Vegas Sands Corp. casinos on Tuesday
morning, and the home pages of some of the world's largest casinos remained down
2014-082 WHID 2014-082: Hackers breach websites of Venetian, Palazzo and other casinos in Las Vegas through the day. http://gadgets.ndtv.com/internet/news/hackers-breach-websites-of-venetian-palazzo-and-other-casinos-in-las-vegas-482455 2/12/2014 Unknown Unknown Defacement Gaming
The website of the U.S. Global Change Research Program (USGCRP) was repeatedly
hacked on Monday and Tuesday this week by an online drug retailer. A Tuesday Google
search of the site, www.globalchange.gov, revealed dozens of pages hawking everything
2014-081 WHID 2014-081: Feds' Climate Change Website Hacked By Online Drug Seller from Xanax to Levitra to Ambien. http://www.weeklystandard.com/blogs/feds-climate-change-website-hacked-online-drug-seller_781491.html 2/12/2014 Unknown Unknown SPAM Links Government
Hacking group "NullCrew FTS" announced on Twitter today that they had successfully
2014-080 WHID 2014-080: NullCrew FTS hacks Comcast servers, post exploit and passwords hacked Comcast and provided unredacted proof on Pastebin. http://www.zdnet.com/nullcrew-fts-hacks-comcast-servers-post-exploit-and-passwords-7000026020/ 2/5/2014 Local File Inclusion (LFI)Improper Input Handling Leakage of Information Service Provider
The website of URL shortening service Bitly was down on Wednesday morning.The
2014-079 WHID 2014-079: Bitly hit by DDoS attack company has blamed a DDoS attack. http://www.scmagazineuk.com/exclusive-bitly-hit-by-ddos-attack/article/332738/ 2/5/2014 Denial of Service Insufficient Anti-Automation
Downtime Technology
Financial institutions face a “significant” and growing cyber threat, as hacktivists and
criminals attempt to manipulate markets with distributed denial of service attacks,
2014-078 WHID 2014-078: Banks face “significant” DDoS threat as cyber criminals target share prices according to a report. http://www.computerworlduk.com/news/security/3500580/banks-face-significant-ddos-threat-as-cyber-criminals-target-share-prices/ 2/5/2014 Denial of Service Insufficient Anti-Automation
Monetary Loss Finance
The hackers, however, told DataBreaches.net that they had leveraged a SQL injection
2014-077 WHID 2014-077: Bell Canada Hacked by NullCrew vulnerability on Bell's own Web site, not at a third-party supplier, to access the information. http://www.esecurityplanet.com/hackers/bell-canada-hacked-by-nullcrew.html 2/4/2014 SQL Injection Improper Input Handling Leakage of Information Technology
Then yesterday, after explaining “passive reconnaissance, which allows us to query and
look at how the website operates and performs,” Kennedy said he was able to access
2014-076 WHID 2014-076: Insecure healthcare.gov allowed hacker to access 70,000 records in 4 minutes 70,000 records within four minutes! http://blogs.computerworld.com/cybercrime-and-hacking/23412/insecure-healthcaregov-allowed-hacker-access-70000-records-4-minutes 1/20/2014 SQL Injection Improper Input Handling Leakage of Information Government
A cache of sensitive traffic including ISP user credentials, WiFi SSIDs and WPA2 keys is
2014-075 WHID 2014-075: EE BrightBox routers can be hacked 'by simple copy/paste operation' kept in a file called cgi_status.js that can be accessed without logging into the device. http://www.theregister.co.uk/2014/01/20/brightbox_routers_vuln/ 1/20/2014 Predictable Resource Location
Insufficient AuthenticationLeakage of Information Technology
AVG has confirmed that one of its webservers was recently breached by hackers. The IT
2014-074 WHID 2014-074: AVG Confirms One of Its Webservers Was Hacked and Defaced security company is investigating the incident. http://news.softpedia.com/news/AVG-Confirms-One-of-Its-Webservers-Was-Hacked-and-Defaced-417781.shtml 1/16/2014 Unknown Unknown Defacement Technology
A Syrian hacktivist who uses the online moniker Dr.Sha6h has breached and defaced the
2014-073 WHID 2014-073: Saudi Arabian Government’s Informatics Magazine Hacked by Syrian Hacktivistwebsite of Saudi Arabia’s Informatics Magazine (informatics.gov.sa). http://news.softpedia.com/news/Saudi-Arabian-Government-s-Informatics-Magazine-Hacked-by-Syrian-Hacktivist-417491.shtml 1/16/2014 Unknown Unknown Defacement Government
Hackers have been using Amazon’s powerful data center computers to scrape data from
thousands of LinkedIn accounts in order to create fake profiles on the site, according to a
2014-072 WHID 2014-072: Hackers Used Amazon's Cloud To Scrape LinkedIn User Data new complaint the company has filed in the U.S. district court of Northern California. http://www.businessinsider.com.au/linkedin-suing-to-get-hacker-identities-2014-1 1/16/2014 Scraping Insufficient Anti-Automation
Disinformation Social
The official website of the Archbishop of Granada, Spain, has been breached by hackers
of Anonymous. Satirical messages and even adult images have been posted in various
2014-071 WHID 2014-071: Anonymous Hackers Target Website of the Archbishop of Granada sections of the site. http://news.softpedia.com/news/Anonymous-Hackers-Target-Website-of-the-Archbishop-of-Granada-416622.shtml 1/14/2014 Unknown Unknown Defacement Religious
Microsoft's official blog, along with email and social network handles, have been hacked
by the Syrian Electronic Army (SEA), with the group warning that they will publish "the
2014-070 WHID 2014-070: Microsoft's official blog hacked by Syrian Electronic Army documents of monitoring email accounts by Microsoft". http://www.techradar.com/news/world-of-tech/microsoft-s-official-blog-hacked-by-syrian-electronic-army-1214677 1/12/2014 Unknown Unknown Disinformation Technology
SheboyganDaily.com accessed several pages on the city’s website at www.ci.sheboygan.
wi.us Sunday afternoon and discovered links, forms and applications are redirecting to
2014-069 WHID 2014-069: City of Sheboygan website hacked drug websites. http://www.sheboygandaily.com/2014/01/12/city-of-sheboygan-website-hacked/ 1/12/2014 Unknown Improper Output HandlingSPAM Links Government
In an apparent hacking of the Microsoft News Twitter account, a tweet emerges saying the
company sells customer data to the government. The Syrian Electronic Army claims
2014-068 WHID 2014-068: Microsoft's Twitter account Hacked responsibility. http://www.cnet.com/news/microsofts-twitter-account-dont-use-our-e-mail/ 1/11/2014 Unknown Unknown Account Takeover Social
Dropbox website went offline last night with a hacking collecting calling itself The 1775 Sec
2014-067 WHID 2014-067: Dropbox hits by DDoS, but user data safe; The 1775 Sec claims responsibility claiming responsibility of the attack on the cloud storage company’s website. http://www.techienews.co.uk/974664/dropbox-hits-ddos-user-data-safe-1775-sec-claims-responsibility/ 1/11/2014 Denial of Service Insufficient Anti-Automation
Downtime Technology
Late on January 10, the hacktivism entity Anonymous hacked and defaced MIT letting the
2014-066 WHID 2014-066: MIT website hacked by Anonymous on anniversary of Aaron Swartz suicide institution know Anonymous will not forget the tragic suicide of hacker Aaron Swartz. http://www.zdnet.com/mit-website-hacked-by-anonymous-on-anniversary-of-aaron-swartz-suicide-7000025041/ 1/10/2014 Unknown Unknown Defacement Education
According to his plea, he and another man — who court records show is scheduled to
plead in the case next week — exploited Google’s password-reset process to get into
unwitting users’ accounts, which they then used to take over those users’ YouTube
2014-065 WHID 2014-065: Md. man admits taking over YouTube channels for ad money, hacking into AOLchannels.
CEO’s e-mail http://www.washingtonpost.com/local/crime/md-man-admits-taking-over-youtube-channels-for-ad-money-hacking-into-aol-ceos-e-mail/2014/01/09/f352ac3e-7970-11e3-b1c5-739e63e9c9a7_story.html
1/9/2014 Brute Force Insufficient Anti-Automation
Account Takeover Service Provider
Joshua Rogers, 16, of Melbourne, found a SQL injection flaw in a database owned by
2014-064 WHID 2014-064: Australian Police Investigating Teen Who Found Database Flaw Public Transport Victoria (PTV), which runs the state's transport system. http://www.cio.com/article/2379712/data-protection/australian-police-investigating-teen-who-found-database-flaw.html 1/10/2014 SQL Injection Improper Input Handling Leakage of Information Government
The Russian Foreign Ministry's website suffered yet another hacker attack on Saturday.
By now, access to the website has been restored and steps are being taken to modernize
2014-063 WHID 2014-063: Russian Foreign Ministry website suffers new hacker attack its security. http://voiceofrussia.com/news/2014_03_23/Russian-Foreign-Ministry-website-suffers-new-hacker-attack-source-9194/ 3/24/2014 Denial of Service Insufficient Anti-Automation
Downtime Government
It looks like hackers have hit Basecamp with a distributed denial-of-service (DDoS) attack
2014-062 WHID 2014-062: Basecamp Held Hostage by Hackers and are demanding that the company pay a ransom. http://www.nbcnews.com/tech/security/basecamp-held-hostage-hackers-n60621 3/24/2014 Denial of Service Insufficient Anti-Automation
Downtime Technology
The California Department of Motor Vehicles appears to have suffered a wide-ranging
credit card data breach involving online payments for DMV-related services, according to
banks in California and elsewhere that received alerts this week about compromised cards
2014-061 WHID 2014-061: Credit Card Breach at California DMV that all had been previously used online at the California DMV. http://krebsonsecurity.com/2014/03/sources-credit-card-breach-at-california-dmv/ 3/14/2014 Unknown Unknown Leakage of Information Government
Social media management system Hootsuite recovered rapidly from a denial of service
(DoS) attack late last week, bouncing back after being offline for a few hours Thursday
2014-060 WHID 2014-060: HootSuite Back Online After Denial of Service Attacks morning. https://threatpost.com/hootsuite-back-online-following-denial-of-service-attack/104975 3/24/2014 Denial of Service Insufficient Anti-Automation
Downtime Social
Security researchers discovered an odd DDoS attack against several sites recently that
relied on a persistent cross-site scripting vulnerability in a major video Web site and
2014-059 WHID 2014-059: Researchers Uncover Interesting Browser-Based Botnet hijacked users’ browsers in order to flood the site with traffic. http://threatpost.com/researchers-uncover-interesting-browser-based-botnet/105250 4/4/2014 Cross-site Scripting (XSS)
Improper Output Handling
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
A group of pro-Russian Ukrainians hit NATO with a DDoS attack over the weekend,
protesting the organization's stance on Crimea's split from the Ukraine. - See more at:
http://blogs.csoonline.com/network-security/3075/pro-russian-ukrainians-launch-ddos-
2014-046 WHID 2014-046: Pro-Russian Ukrainians launch DDoS strike against NATO strike-against-nato#sthash.wjqevPXH.dpuf http://blogs.csoonline.com/network-security/3075/pro-russian-ukrainians-launch-ddos-strike-against-nato 3/17/2014 Denial of Service Insufficient Anti-Automation
Downtime Politics
A criminal group has seized control of 25,000 Unix servers since 2011, forcing them to
send out more than 35 million malware-laden spam messages per day, according to
2014-045 WHID 2014-045: Hackers hit Unix servers to send 35 million spam messages a day security researchers at ESET. http://www.v3.co.uk/v3-uk/news/2334789/hackers-hit-unix-servers-to-send-35-million-spam-messages-a-day 3/19/2014 Unknown Unknown Planting of Malware Technology Yes Windingo
A prolific hacker gang that has breached numerous companies by exploiting Adobe
software has claimed another major hit in the form of car manufacturer Citroën, the
2014-044 WHID 2014-044: Citroen becomes the latest victim of Adobe ColdFusion hackers Guardian has learned. http://www.theguardian.com/technology/2014/mar/17/citroen-adobe-coldfusion-hacked-backdoor 3/17/2014 Directory Traversal Improper Input Handling Planting of Malware Automotive ColdFusion
The DirtJumper malware, a tool used by digital criminals during attacks on banks, has
started targeting Ukranian government websites, amid growing tensions with neighbouring
2014-043 WHID 2014-043: Criminal Malware Used In Attacks On Ukraine Government Russia. http://www.techweekeurope.co.uk/news/dirtjumper-malware-ukraine-russia-141954 3/19/2014 Denial of Service Insufficient Anti-Automation
Downtime Government DirtJumer
The website of the Estonian Ministry of Foreign Affairs came under cyber attack yesterday
2014-042 WHID 2014:042: Estonian Foreign Ministry’s website comes under cyber attack afternoon, reported ERR. http://balticbusinessnews.com/article/2014/3/20/estonian-foreign-ministry-s-website-comes-under-cyber-attack 3/20/2014 Denial of Service Insufficient Anti-Automation
Downtime Government
An EA Games server has been compromised by hackers and is now hosting a phishing
2014-041 WHID 2014-041: EA Games website hacked to steal Apple IDs site which targets Apple ID account holders. http://news.netcraft.com/archives/2014/03/19/ea-games-website-hacked-to-steal-apple-ids.html 3/19/2014 Unknown Unknown Phishing Gaming
Police have arrested two people in connection with a cyber-attack that yielded personal
2014-040 WHID 2014-040: Hackers steal data for 12 million customers at South Korean phone giant details for 12 million customers of one of South Korea's biggest phone companies. http://edition.cnn.com/2014/03/06/business/south-korea-telecoms-hackers/ 3/6/2014 Unknown Unknown Leakage of Information Technology
Digital comic book seller ComiXology has suffered a security breach, and is now requiring
2014-039 WHID 2014-039: ComiXology Hacked! Change Your Password Now all users reset their passwords. http://www.pcmag.com/article2/0,2817,2454664,00.asp 3/6/2014 SQL Injection Improper Input Handling Leakage of Information Media
The infiltration was launched with a common hacking technique known as an SQL
injection. It used a Navy website available to the public and then found its way to the
unprotected databases, said people familiar with the matter. The lack of security meant
once the hackers were inside, they could easily move into other parts of the network,
2014-038 WHID 2014-038: Navy Hacking Blamed on Iran Tied to H-P Contract these people said. http://online.wsj.com/news/articles/SB10001424052702304732804579423611224344876 3/6/2014 SQL Injection Improper Input Handling Leakage of Information Government
That information is stored in several databases, and the Archdiocese believes one of
those databases was hacked. "The bad guys have figured out how to breach it," Magnoni
2014-037 WHID 2014-037: Archdiocese of Seattle hacked, warns 90,000 said, "and so it's unsettling." http://www.kirotv.com/news/news/archdiocese-seattle-hacked-warns-90000-employees-a/nd9Xs/ 3/11/2014 SQL Injection Improper Input Handling Leakage of Information Religious
MOSCOW, March 12 (RAPSI) – The police detained suspected hackers in Russia who are
believed to have stolen about $58,000 from client accounts of a US bank, the Russian
2014-036 WHID 2014-036: Russian hacker family allegedly steals $58,000 from US bank Interior Ministry said in a statement Wednesday. http://rapsinews.com/news/20140312/270911000.html 3/12/2014 Banking Trojan Insufficient Process Validation
Monetary Loss Finance
Bitcoin exchange Mt. Gox suffered about 150,000 hacking attacks per second for several
2014-035 WHID 2014-035: Bitcoin Exchange Mt. Gox Hit by 150,000 DDoS Attacks Per Second Before Collapse
days before its collapse last month, according to a report. http://www.ibtimes.co.uk/bitcoin-exchange-mt-gox-hit-by-150000-ddos-attacks-per-second-before-collapse-1439568 3/10/2014 Denial of Service Insufficient Anti-Automation
Downtime Finance
In an attack on the Johns Hopkins University servers, a hacker was able to obtain the
names, emails and phone numbers of some 850 current and past biomedical engineering
2014-034 WHID 2014-034: Hacker attempts to hold Johns Hopkins hostage using student data students. http://www.cr80news.com/2014/03/12/hacker-attempts-to-hold-johns-hopkins-hostage-using-student-data 3/12/2014 SQL Injection Improper Input Handling Leakage of Information Education
More than 162,000 “popular and clean” WordPress sites were recently used in a large-
scale distributed denial of service attack (DDoS) that exploited the content management
2014-033 WHID 2014-033: 162,000 WORDPRESS SITES USED IN DDOS ATTACK system’s pingback feature. http://threatpost.com/162000-wordpress-sites-used-in-ddos-attack/104745 3/12/2014 Denial of Service Insufficient Process Validation
Downtime Blog
The defacement, EC-Council explained, resulted from a DNS poisoning attack. After
gaining control of the domain, the hacker issued a password reset request to EC-Council's
e-mail service provider, which allowed the hacker to compromise some e-mail accounts
2014-032 WHID 2014-032: EC-Council Acknowledges, Details February Hacker Attack before EC-Council responded. http://www.esecurityplanet.com/hackers/ec-council-acknowledges-details-february-hacker-attack.html 3/13/2014 DNS Hijacking Insufficient Process Validation
Defacement Technology
Unidentified hackers brought down the Russian presidency’s site and the Central Bank’s
2014-031 WHID 2014-031: Hackers down Russian presidential site in ‘powerful cyber-attack’ web page in a wave of online attacks. The website is now operational for most users. http://rt.com/news/kremlin-site-attack-hackers-790/ 3/14/2014 Denial of Service Insufficient Anti-Automation
Downtime Government
Websites of several Russian state TV channels have been hit by a large cyberattack
suspected to partly come from Kiev. Anonymous Caucasus claimed it was responsible for
2014-030 WHID 2014-030: Russian media websites hit by ‘massive’ DDoS attack ‘linked to Ukraine’ hacking Channel One TV’s site, saying it had “nothing” to do with Ukraine. http://rt.com/news/russian-media-ddos-ukraine-614/ 3/14/2014 Denial of Service Insufficient Anti-Automation
Downtime Media
The hackers appear to be using a variety of techniques to commandeer the devices and
make changes to the domain name system (DNS) servers used to translate human-
friendly domain names into the IP addresses computers use to locate their Web servers,
according to a report published Monday by researchers from security firm Team Cymru.
Likely hacks include a recently disclosed cross-site request forgery (CSRF) that allows
2014-029 WHID 2014-029: Hackers hijack 300,000-plus wireless routers, make malicious changes attackers to inject a blank password into the Web interface of TP-Link routers. http://arstechnica.com/security/2014/03/hackers-hijack-300000-plus-wireless-routers-make-malicious-changes/ 3/3/2014 Cross-site Request Forgery
Insufficient
(CSRF)Process Validation
DNS Hijacking Technology Yes
More than 300,000 personal records for faculty, staff and students who have received
identification cards at the University of Maryland were compromised in a computer security
2014-028 WHID 2014-028: U-Md. computer security attack exposes 300,000 records breach this week, school officials said. http://www.washingtonpost.com/local/college-park-shady-grove-campuses-affected-by-university-of-maryland-security-breach/2014/02/19/ce438108-99bd-11e3-80ac-63a8ba7f7942_story.html
2/18/2014 Stolen Credentials Insufficient AuthenticationLeakage of Information Education
Beginning February 4, hacktivists began leveling distributed denial-of-service attacks
(DDoS) against at least 1,700 Russian Websites connected to the winter games. The
attacks targeted official Websites of the games as well as those owned by hotels and
financial institutions connected with the event. As is the case with DDoS attacks, each of
2014-027 WHID 2014-027: Spotlight On Sochi: Distributed Denial Of Sochi the Websites was rendered temporarily unavailable. http://www.hstoday.us/industry-news/general/single-article/spotlight-on-sochi-distributed-denial-of-sochi-feb-7/e605d5e1db57c00e9c432ca83449b4e1.html 2/7/2014 Denial of Service Insufficient Anti-Automation
Downtime Government Yes #OpSochi
2014-026 WHID 2014-026: churchofcyprus.org.cy Hacked Email and data exposed in PasteBin Dump http://pastebin.com/9TyDsSR3 2/19/2014 Unknown Unknown Leakage of Information Religious
Stack Overflow went out for about an hour on Sunday morning due to a DDoS attack,
TechCrunch reported. Stack Overflow is a question and answer website focused on
2014-025 WHID 2014-025: Stack Overflow goes down for an hour on Sunday due to DDoS attack coding that programmers, both professional and amateur, rely on. http://www.vcpost.com/articles/21665/20140216/stack-overflow-goes-down-for-an-hour-sunday-due-to-ddos-attack.htm 2/16/2014 Denial of Service Insufficient Anti-Automation
Downtime Blog
The Syrian Electronic Army, the cyber-wing of Syrian president Bashar al-Assad's regime,
has targeted Barcelona football club because of its ties to Qatari money which is "full of
2014-024 WHID 2014-024: Barcelona Twitter Accounts Hacked by Syrian Electronic Army blood and kill." http://www.ibtimes.co.uk/barcelona-twitter-accounts-hacked-by-syrian-electronic-army-over-links-qatar-1437064 2/19/2014 Unknown Unknown Account Takeover Social
The group funding site Kickstarter was recently the target of a hack by an unknown
individual or group of individuals. Yes, some of the data that the service stores about you
‰ÛÒ if you're a user ‰ÛÒ was tapped into. However, there's a bit of a silver lining: Credit
2014-023 WHID 2014-023: Kickstarter Hacked, Credit Card Data Safe card data and passwords appear relatively safe, with a caveat. http://www.pcmag.com/article2/0,2817,2453510,00.asp 2/16/2014 Unknown Unknown Leakage of Information Retail
Hackers around the world are setting their sights on Venezuela‰Ûªs government web
properties following violent repression against anti-government protesters and instances of
2014-022 WHID 2014-022: Massive hacking affected Venezuela‰Ûªs government servers internet censorship. http://voxxi.com/2014/02/18/anonymous-hackers-venezuela-servers/ 2/17/2014 Unknown Unknown Defacement Government Yes #OpVenezuela
Semanario Universidad, the weekly news publication produced by the University of Costa
Rica, saw its website brought down by distributed denial of service (DDOS) attacks in late
2014-021 WHID 2014-021: Hackers Attack University of Costa Rica Publication January. http://news.co.cr/hackers-attack-university-of-costa-rica-publication/33056/ 1/27/2014 Denial of Service Insufficient Anti-Automation
Downtiime Media
Another incident last week highlighted the growing cyber threat posed by Distributed
Denial of Service (DDoS) attacks on government organisations. On Wednesday one such
attack took down the website of the UK Ministry of Justice (MoJ), rendering it inaccessible
2014-020 WHID 2014-020: UK MoJ Falls Victim To DDoS Attack for about three hours, V3 reported. http://www.misco.co.uk/blog/news/01707/uk-moj-falls-victim-to-ddos-attack 2/17/2014 Denial of Service Insufficient Anti-Automation
Downtiime Government
Today the site is being bombarded with Shell Blog comments, made in multiple languages
via multiple isp addresses. It appears to be yet another concerted denial of service attack
2014-019 WHID 2014-019: Royaldutchshellplc.com website under Denial of Service Attack by an unknown party. http://royaldutchshellplc.com/2014/02/17/royaldutchshellplc-com-website-under-denial-of-service-attack/ 2/17/2014 Denial of Service Insufficient Anti-Automation
Downtime Utilities
The Syrian Electronic Army, the cyber wing of Bashar al-Assad's army, said it hacked
Forbes.com website Friday, claiming it compromised user data, defaced webpages and
2014-018 WHID 2014-018: Syrian Electronic Army hacks into Forbes.com posted a fake story to the site. http://www.forbes.com/sites/andygreenberg/2014/02/20/how-the-syrian-electronic-army-hacked-us-a-detailed-timeline/ 2/16/2014 Cross-site Request Forgery
Unknown
(CSRF) Disinformation Blog
A Texas school district is learning the hard way about website security basics. If you'd like
to keep your site from being compromised, the very least you can do is reset the default
login. According to a post at Hackforums, the Round Rock Independent School District of
2014-017 WHID 2014-017: School District Still Using Default Login For Admin Account Surprised To Learn Austin,
Its Site TX
Haswas
Been
using
Hacked
the following name and password for its admin account. http://www.techdirt.com/articles/20131223/18274325679/school-district-still-using-default-login-admin-account-surprised-to-learn-its-site-has-been-hacked.shtml 1/8/2014 Brute Force Insufficient AuthenticationDefacement Education
Anonymous hackers have breached and defaced around a couple of dozen websites
2014-016 WHID 2014-016: 24 Mexican Government Websites Hacked by Anonymous hosted on Mexican government domains. http://news.softpedia.com/news/24-Mexican-Government-Websites-Hacked-by-Anonymous-413789.shtml 1/6/2014 Unknown Unknown Defacement Government
An unofficial security advisory issued by a hacker identifying themselves as ‰ÛÏMoe1‰
Û has warned E-toll users that the PINs used to log into their E-toll website accounts can
2014-015 WHID 2014-015: Massive E-toll website security flaw be easily obtained if their username is known. http://mybroadband.co.za/news/security/94446-massive-e-toll-website-security-flaw.html 1/7/2014 Predictable Resource Location
Insufficient Process Validation
Leakage of Information eCommerce
A hacker site called ObeySec took over a computer server at the Directors Guild of
Canada on the weekend. OUR EDITOR RECOMMENDS Directors Guild of Canada Has
New Topper Angelina Jolie Might Testify in News Corp's Phone Hacking Lawsuit The
external hacker used the handle legionnaire on Sunday to commandeer the DGC site and
obtain the personal data of over 2,000 members, including Canada's top film and TV
2014-014 WHID 2014-014: Hacker Targets Directors Guild of Canada Website directors. http://www.hollywoodreporter.com/news/hacker-targets-directors-guild-canada-668584 1/6/2014 Unknown Unknown Leakage of Information Entertainment
Two Internet security firms have reported that Yahoo's advertising servers have been
distributing malware to hundreds of thousands of users over the last few days. The attack
appears to be the work of malicious parties who have hijacked Yahoo's advertising
2014-013 WHID 2014-013: Thousands of visitors to yahoo.com hit with malware attack network for their own ends. http://www.washingtonpost.com/blogs/the-switch/wp/2014/01/04/thousands-of-visitors-to-yahoo-com-hit-with-malware-attack-researchers-say//?print=1 1/4/2014 Malvertising Insufficient Output Handling
Planting of Malware Search Engine
Infamous hacker group DERP has now become a pain in the A#$ for gaming community,
after targeting EA's Origin and some video game servers with DDoS attack the group has
2014-012 WHID 2014-012: Hacker Group DERP Attacking Xbox Live Now With DDoS, Sign-In Issue Reported now started attacking Xbox Live. http://www.gamepur.com/news/13200-hacker-group-derp-attacking-xbox-live-now-ddos-sign-issue-reported.html 1/4/2014 Denial of Service Insufficient Anti-Automation
Downtime Gaming
Sunanda Pushkar, the wife of Union minister of state for HRD Shashi Tharoor, has
claimed that "her Twitter account has been hacked" and the message that came criticizing
2014-011 WHID 2014-011: Sunanda Pushkar claims her Twitter account hacked BJP leader Subramaniam Swamy on her account was not hers. http://articles.timesofindia.indiatimes.com/2014-01-04/india/45859292_1_twitter-account-sunanda-pushkar-tweet 1/4/2014 Brute Force Insufficient AuthenticationAccount Takeover Social
World of Warcraft players have been hit with a malicious trojan that hijacks accounts even
2014-010 WHID 2014-010: World of Warcraft users hit by account-hijacking malware attack when they're protected by two-factor authentication, officials have warned. http://arstechnica.com/security/2014/01/world-of-warcraft-users-hit-by-account-hijacking-malware-attack/ 1/6/2014 Malware Insufficient AuthenticationAccount Takeover Gaming
Greyhat hackers have published the partial phone numbers belonging to more than 4.5
million Snapchat users after exploiting a recently disclosed security weakness that officials
2014-009 WHID 2014-009: Greyhats expose 4.5 million Snapchat phone numbers using ‰ÛÏtheoretical‰Û of thehack (updated)
service had described as theoretical. http://arstechnica.com/security/2014/01/greyhats-expose-4-5-million-snapchat-phone-numbers-using-theoretical-hack/ 1/2/2014 Predictable Resource Location
Insufficient Anti-Automation
Leakage of Information Social
The league website for free live poker nights across North America and the UK has been
2014-008 WHID 2014-008: World Poker Tour Amateur Poker League Website Hacked compromised and login details exposed. http://pokerfuse.com/news/live-and-online/world-poker-tour-amateur-poker-league-website-hacked-04-01/ 1/4/2014 Unknown Unknown Leakage of Information Gaming
Computer hackers broke into the website for the Highland Middle School last month, but
2014-007 WHID 2014-007: Highland website hacked school officials said that only the home page was changed. http://www.heraldbulletin.com/education/x12770567/Highland-website-hacked 1/3/2014 Unknown Unknown Defacement Education Wordpress
A hacker group known as DERP is currently taking down all of EA's gaming servers.
Battlelog, a web based social networking service for the Battlefield and Medal of Honor
2014-006 WHID 2014-006: Hacker Group DERP Takes Down Origin, Battlelog and More With DDoS Attackseries, is also down. http://www.ibtimes.co.uk/hacker-group-derp-takes-down-origin-battlelog-more-ddos-attack-1430857 1/3/2014 Denial of Service Insufficient Anti-Automation
Downtime Gaming
Blizzard's Battle.net service has been the target of a denial-of-service attack resulting in
intermittent downtime for its game platform as well as server instability on World of
2014-005 WHID 2014-005: Battle.net and League of Legend hit with denial of service attacks Warcraft. http://www.computerandvideogames.com/443794/battlenet-and-league-of-legend-hit-with-denial-of-service-attacks/ 1/3/2014 Denial of Service Insufficient Anti-Automation
Downtime Gaming
We had heard how Snapchat got hacked, and how Microsoft‰Ûªs Skype social media
accounts had been hacked, and now according to the latest reports, we are hearing word
that Valve‰Ûªs Steam platform has been attacked by hackers as well who have launched
a series of DDoS attacks against the company‰Ûªs servers, causing outages and
2014-004 WHID 2014-004: Steam Hit By DDoS Attacks, Hackers Claim Responsibility rendering gamers unable to play their online games or connecting to the service entirely. http://www.ubergizmo.com/2014/01/steam-hit-by-ddos-attacks-hackers-claim-responsibility/ 1/3/2014 Denial of Service Insufficient Anti-Automation
Downtime Gaming
A group of Pakistani hackers called Pakiz Cyber Squad has leaked user data apparently
stolen from the systems of Financial Services Online (FSO), an Australian company that
2014-003 WHID 2014-003: Pakistani Hackers Leak Data from Financial Services Online Australia provides insurance, finance, superannuation and investment services. http://news.softpedia.com/news/Pakistani-Hackers-Leak-Data-from-Financial-Services-Online-Australia-413191.shtml 1/3/2014 Unknown Unknown Leakage of Information Finance
arlier today, a person (or a few people) breached Skype‰Ûªs security and hacked its
Twitter account, Facebook page, and blog. The group claiming responsibility is the Syrian
2014-002 WHID 2014-002: Skypes Twitter, Facebook, and blog hacked by Syrian Electronic Army Electronic Army (SEA). Its message: end spying on the public. http://thenextweb.com/microsoft/2014/01/01/skypes-twitter-account-blog-get-hacked-sea-demanding-end-spying/#!uFj39 1/1/2014 Unknown Unknown Account Takeover Social
KUALA LUMPUR: The Ministry of Education (MOE) website was allegedly hacked by a
group of hackers that called themselves EvilSha0w Team, just a few hours after the
2014-001 WHID 2014-001: MOE website hacked few hours after New Year country celebrated the New Year, today. http://www.nst.com.my/latest/moe-website-hacked-few-hours-after-new-year-1.452286 1/1/2014 Unknown Unknown Defacement Government KUALA LUMPUR
The Twitter account associated with the fast-food chain Burger King was suspended after
an apparent hack defaced the page with messages that the account had been sold to
2013-127 WHID 2013-127: Burger King Twitter account hacked, defaced McDonald's. http://www.cnet.com/news/burger-king-twitter-account-hacked-defaced/ 2/18/2013 Brute Force Insufficient AuthenticationAccount Takeover Social
HACKER-ARTIST PAOLO CIRIO SCRAPED DATA FROM MORE THAN 200,000
CAYMAN ISLANDS CORPORATIONS VIA GOVERNMENT SERVERS TO PROTEST
OFFSHORE TAX LAWS. USERS CAN PURCHASE THEIR OWN OFFSHORE
"CERTIFICATES OF INCORPORATION" FOR TAX PURPOSES THROUGH CIRIO'S
2013-126 WHID 2013-126: 200,000 CAYMANS CORPORATIONS HACKED FOR ART PROJECT WEBSITE. http://www.fastcompany.com/3005965/200000-caymans-corporations-hacked-art-project 2/15/2013 Scraping Insufficient Anti-Automation
Leakage of Information Finance
In a post by Facebook's security team, the company said the attack happened after some
employees went to a mobile developer's website, which turned out to be compromised.
"The compromised website hosted an exploit which then allowed malware to be installed
2013-125 WHID 2013-125: Facebook says social network hacked on these employee laptops," Facebook said. http://www.marketwatch.com/story/facebook-says-social-network-hacked-2013-02-15 2/15/2013 Unknown Unknown Planting of Malware Technology
A 24-year-old Chinese man was arrested after authorities learned he had amassed
2013-124 WHID 2013-124: Chinese hacker arrested after extorting $32K from web companies $32,000 to purchase in-game MMO equipment by extorting internet companies http://www.polygon.com/2013/2/11/3975814/chinese-hacker-arrested-after-extorting-32k-from-web-companies 2/11/2013 Unknown Unknown Downtime Gaming
Telecom New Zealand outsources its Xtra email service to Yahoo!, which in turn uses an
2013-123 WHID 2013-123: Yahoo! hacked in New Zealand through WordPress vulnerability old and unpatched version of WordPress to host the service. http://www.smartcompany.com.au/technology/information-technology/30276-yahoo-hacked-in-new-zealand-through-wordpress-vulnerability.html# 2/11/2013 Unknown Unknown Account Takeover Hosting Providers WordPress
An unknown cyber criminal allegedly hacked into the NRI bank account of Savio Joao
Piedade Clemente from Borda, Margao, on January 29 and fraudulently withdrew 2.5 lakh
2013-122 WHID 2013-122: E-banking theft: Hackers steal Rs 2.5L from it. http://timesofindia.indiatimes.com/city/goa/E-banking-theft-Hackers-steal-Rs-2-5L/articleshow/18423221.cms 2/10/2013 Banking Trojan Insufficient Process Validation
Monetary Loss Finance
A hack of the Alabama Criminal Justice Information Center’s public website is now the
subject of a criminal investigation, according to the Alabama Department of Homeland
2013-121 WHID 2013-121: Hackers target Alabama Criminal Justice Information Center website Security. http://blog.al.com/montgomery/2013/02/hackers_target_alabama_crimina.html 2/6/2013 Unknown Unknown Disinformation Government
More than 4,000 bank executives had their personal information published on the Internet
by hackers who accessed the data on an internal Federal Reserve website, according to a
2013-120 WHID 2013-120: Hackers access bankers' info on Fed website Reuters report. http://www.usatoday.com/story/money/business/2013/02/06/federal-reserves-website-hacked/1896843/ 2/6/2013 SQL Injection Improper Input Handling Leakage of Information Government
The Department of Energy's electronics network was attacked by hackers in mid-January
2013-119 WHID 2013-119: Energy Department hacked, says no classified data was compromised but no classified data was compromised, the agency said in a letter to employees. http://articles.chicagotribune.com/2013-02-04/news/sns-rt-us-usa-cybersecurity-doebre9130zl-20130204_1_state-department-cables-energy-department-wikileaks 2/4/2013 Unknown Unknown Leakage of Information Government
Malware warnings were halting Internet users from visiting popular sites across the
Internet on Monday morning, including some websites owned by The Saratogian's parent
company, Digital First Media, after a Silicon Valley advertising company had it website
hacked. The company said Monday that its ads were not infected with any virus, so other
2013-118 WHID 2013-118: Malware warnings block Google Chrome users from some sites after website hackedsites were safe. http://www.saratogian.com/general-news/20130204/malware-warnings-block-google-chrome-users-from-some-sites-after-website-hacked 2/4/2013 Unknown Unknown Planting of Malware Multiple
Iraq's Prime Minister Nuri al-Maliki is facing protests from Sunni Muslims, an oil dispute
with the Kurdistan region and turmoil in his own government. Now hackers have attacked
2013-117 WHID 2013-117: Amid Iraqi protests, hackers hit Maliki's website his website to brand him a tyrant. http://www.reuters.com/article/2013/02/02/us-iraq-protests-idUSBRE91104C20130202 2/2/2013 Unknown Unknown Defacement Government
Twitter confirmed Friday that it had become the latest victim in a number of high-profile
cyber-attacks against media companies, saying that hackers may have gained access to
2013-116 WHID 2013-116: Twitter: Hackers hit 250,000 accounts information on 250,000 of its more than 200 million active users. http://www.usatoday.com/story/tech/2013/02/01/twitter-hackers-china-us/1885347/ 2/2/2013 Unknown Unknown Leakage of Information Social
Yahoo Mail users are once again having their accounts compromised in attacks that are
very similar to the ones seen just a few weeks ago. Attackers are gaining access after
leveraging a flaw in the company’s YDN blog page by means of a link sent to victims’
2013-115 WHID 2013-115: Yahoo Mail users still seeing accounts hacked via XSS exploit inboxes. http://thenextweb.com/insider/2013/01/31/yahoo-mail-users-still-seeing-accounts-hacked-via-xss-exploit-amid-reports-yahoo-failed-to-fix-old-flaw/ 1/31/2013 Cross-site Scripting (XSS)
Improper Output HandlingAccount Takeover Technology
Late last night reports started coming in suggesting that Yahoo Mail users have had their
accounts hacked. While “hacked” is a very broad term nowadays, it does appear that
Yahoo email accounts are being compromised after users click on a malicious link they
2013-114 WHID 2013-114: Yahoo Mail users hit by widespread hacking, XSS exploit seemingly to blame receive in their inboxes. http://thenextweb.com/insider/2013/01/07/yahoo-mail-users-hit-by-widespread-hacking-xss-exploit-seemingly-to-blame/ 1/7/2013 Cross-site Scripting (XSS)
Improper Output HandlingAccount Takeover Technology
Last Thursday, the main member-facing Patelco website was down for around five hours,
2013-113 WHID 2013-113: Patelco Confirms Five-Hour DDoS Takedown said Patelco CEO Ken Burns in an interview Tuesday. http://www.cutimes.com/2013/01/29/patelco-confirms-five-hour-ddos-takedown 1/29/2013 Denial of Service Insufficient Anti-Automation
Downtime Finance
A user uploaded a malicious gem that contained a malicious gem manifest (YAML file).
The manifest contained embedded Ruby with this payload. This is the only known incident
involving this vulnerability, but the vulnerability involved is a remote code execution exploit,
2013-112 WHID 2013-112: RubyGems.org hacked, interrupting Heroku services and putting sites using Railsso the
at risk
usual rules apply. http://venturebeat.com/2013/01/30/rubygems-org-hacked-interrupting-heroku-services-and-putting-millions-of-sites-using-rails-at-risk/ 1/30/2013 Code Injection Improper Input Handling Leakage of Information Technology
An investigation by Sky News has revealed that some Payday loan brokers have been
involved in hacking popular websites in order to increase their rankings on Google and the
2013-111 WHID 2013-111: Rogue Payday loan brokers hacking websites to increase website traffic number of visitors to their sites http://www.financialreporter.co.uk/finance-news/rogue-payday-loan-brokers-hacking-websites-to-increase-website-traffic.html 1/29/2013 Unknown Unknown SPAM Links Multiple
The bank's website was down on Thursday because of what the bank called "a temporary
2013-110 WHID 2013-110: Citizens Bank website brought down by Iranian hackers disruption due to an unusually high volume of Internet traffic." http://www.wcvb.com/money/Citizens-Bank-website-brought-down-by-Iranian-hackers/18291048 1/26/2013 Denial of Service Insufficient Anti-Automation
Downtime Finance
The hacktivist group Anonymous hacked the U.S. federal sentencing website early
Saturday, using the page to make a brazen and boisterous declaration of "war" on the U.
2013-109 WHID 2013-109: Anonymous Hacks US Government Site, Threatens Supreme 'Warheads' S. government. http://mashable.com/2013/01/26/anonymous-hack-government-website-declares-war/ 1/26/2013 Unknown Unknown Defacement Government
Hacker group Rex Mundi, which recently attempted to extort $15,000 from AmeriCash
Advance and $50,000 from Drake International, now claim to have breached the servers of
2013-108 WHID 2013-108: Buy Way Hit by Extortionist Rex Mundi Hackers Belgian company Buy Way http://www.esecurityplanet.com/hackers/buy-way-hit-by-extortionist-rex-mundi-hackers.html 1/25/2013 SQL Injection Improper Input Handling Leakage of Information Retail
University Federal Credit Union, the $1.5 billion institution headquartered in Austin, Texas,
confirmed Friday that it was taken down “for around two and one-half hours” on Thursday
2013-107 WHID 2013-107: Texas Credit Union Hit by DDoS Attackers in a cyber attack http://www.cutimes.com/2013/01/25/texas-credit-union-hit-by-ddos-attackers?ref=hp 1/25/2013 Denial of Service Insufficient Anti-Automation
Downtime Finance
The last in a year-long series of hacker attacks on Henyep Capital Markets (UK) Ltd., an
2013-106 WHID 2013-106: After Ransom Request, Trading Firm Repelled Hacker Attacks online trading platform, was quickly repelled last October http://blogs.wsj.com/cio/2013/01/25/after-ransom-request-trading-firm-repelled-hacker-attacks/ 1/25/2013 Denial of Service Insufficient Anti-Automation
Downtime Finance
A group of hackers that are infecting Web servers with rogue Apache modules are also
backdooring their SSH (Secure Shell) services in order to steal login credentials from
2013-105 WHID 2013-105: Web server hackers install rogue Apache modules and SSH backdoors administrators and users. http://www.infoworld.com/article/2612975/hacking/web-server-hackers-install-rogue-apache-modules-and-ssh-backdoors--researchers-say.html 1/24/2013 Unknown Unknown Planting of Malware Multiple
The website for Capital One was inaccessible for online banking customers for hours
overnight, possibly the latest salvo in a long-running cyber protest targeting major Western
2013-104 WHID 2013-104: Capital One Website Disrupted, Cyber Protestors Claim Attack financial institutions over an anti-Islam movie. http://abcnews.go.com/blogs/headlines/2013/01/capital-one-website-disrupted-cyber-protestors-claim-attack/ 1/24/2013 Denial of Service Insufficient Anti-Automation
Downtime Finance
Metropolitan Bank, the hacking of whose website we reported here two days ago, were not
the only local financial institution to suffer at the hands of site defacers in the past couple
of weeks. - See more at: http://www.techzim.co.zw/2013/01/more-zimbabwean-bank-
2013-103 WHID 2013-103: More Zimbabwean bank websites hacked websites-hacked-mbca-tetrad-and-others/#sthash.DMxZ56S1.dpuf http://www.techzim.co.zw/2013/01/more-zimbabwean-bank-websites-hacked-mbca-tetrad-and-others/ 1/24/2013 Unknown Unknown Defacement Finance
A hacker on Tuesday breached the Web site of Sri Lanka Port Authority (SLPA), and also
attacked and leaked the Web sites of two Sri Lankan TV channels and the Bureau of
2013-102 WHID 2013-102: Sri Lanka govt Web sites hit in spate of attacks Foreign Employment over the last weekend. http://www.zdnet.com/article/sri-lanka-govt-web-sites-hit-in-spate-of-attacks/ 1/23/2013 Unknown Unknown Defacement Government
It’s very likely that hackers were simply using a banking trojan in a consumer-focused info-
stealing campaign and just happened to ensnare the church’s account details from the
2013-101 WHID 2013-101: Hackers steal thousands from Vancouver church home computer. http://www.infosecurity-magazine.com/news/hackers-steal-thousands-from-vancouver-church/ 1/22/2013 Banking Trojan Insufficient Process Validation
Monetary Loss Finance
The University of NSW has been the target of a "concerted effort" to hack its systems in
2013-100 WHID 2013-100: UNSW confirms hacking breach December and January forcing the shutdown of 25 of its servers, a spokesman confirmed. http://www.theage.com.au/it-pro/security-it/unsw-confirms-hacking-breach-20130121-2d272.html 1/21/2013 Unknown Unknown Downtime Education
We’re gathering that the websites belonging to Zimbabwean bank, Metropolitan Bank
(www.metbank.co.zw) was defaced and subsequently taken down ‘for maintenance’. -
See more at: http://www.techzim.co.zw/2013/01/metropolitan-bank-website-
2013-099 WHID 2013-099: Metropolitan Bank website hacked hacked/#sthash.9ykIzLxt.dpuf http://www.techzim.co.zw/2013/01/metropolitan-bank-website-hacked/ 1/21/2013 Unknown Unknown Defacement Finance
Australian distributor Altech Computers fell victim to a hacking attack on Sunday after
attackers gained access to a page on the company’s website and uploaded images of a
2013-098 WHID 2013-098: Altech website hacked pornographic nature. http://www.crn.com.au/News/329486,altech-website-hacked-replaced-with-porn.aspx 1/21/2013 Unknown Unknown Defacement Technology
Phys.Org admitted it was hacked, but says there is no threat. Chrome and Firefox via
Google are blocking the malware "attack" site, but Bing and IE do nothing to warn users
2013-097 WHID 2013-007: Phys.Org Hacked, serving up malware that "this site may harm your computer." http://www.networkworld.com/article/2223853/microsoft-subnet/phys-org-hacked--serving-up-malware--google-blocks-site--but-bing-doesn-t.html 1/16/2013 Unknown Unknown Planting of Malware Education
Hackers claimed a cyberattack on the Mexican defense ministry website on Jan. 16,
2013-096 WHID 2013-096: Hackers Disrupt Mexican Defense Ministry’s Website posting a manifesto from the Zapatista rebel group for two hours. http://www.defensenews.com/article/20130117/DEFREG02/301170013/Hackers-Disrupt-Mexican-Defense-Ministry-8217-s-Website?odyssey=nav%7Chead 1/17/2013 Unknown Unknown Defacement Government
The webpage, http://news-eleven.com, of Eleven Media Group has today been hacked by
Red Army (a combination of six different hacker groups namely Blink Hacker Group,
Myanmar Hack3rs Unite4m, Myanmar Cyber Army, Black Hack Area, Myanmar Cyber
2013-095 WHID 2013-095: EMG website hacked by Red Army Defence Army, and Cyber Vampire Team). http://www.nationmultimedia.com/breakingnews/EMG-website-hacked-by-Red-Army-30198022.html 1/16/2013 Unknown Unknown Defacement Media
The official website of the Cultural Ministry was still off the air on Wednesday, as police
2013-094 WHID 2013-094: Culture Ministry website hacked by "Bad Piggies" continued to hunt for hackers who tampered with the website yesterday and again today. http://www.nationmultimedia.com/national/Culture-Ministry-website-hacked-by-Bad-Piggies-30198031.html 1/16/2013 Unknown Unknown Defacement Government
A group of University of Washington websites was hacked Thursday morning, and pages
2013-089 WHID 2013-089: Some University of Washington websites hacked were replaced by an extremist message that promised death to Americans in Iraq. http://q13fox.com/2013/01/29/some-university-of-washington-websites-hacked-extremist-group-claims-responsibility/ 1/27/2013 Unknown Unknown Defacement Education
We are observing a particular large malvertising campaign in progress from popular adult
2013-088 WHID 2013-088: Top adult site xhamster victim of large malvertising campaign site xhamster[.]com, a site that boasts half a billion visits a month. https://blog.malwarebytes.org/exploits-2/2013/01/top-adult-site-xhamster-victim-of-large-malvertising-campaign/ 1/27/2013 Unknown Unknown Planting of Malware Adult
Taylor Swift may be the victim of a recent hack on both of her confirmed Twitter and
Instagram accounts. The now-deleted tweets tag Twitter users @Veriuser and @Lizzard
2013-087 WHID 2013-097: Taylor Swift hacked on Twitter and Instagram and encourages her fans to follow them. http://mashable.com/2013/01/27/taylor-swift-hack/ 1/27/2013 Unknown Unknown Account Takeover Social
In a post on its Facebook account, the airline denied its internal servers, which contain
passenger information, had been compromised. It said its Domain Name System (DNS)
2013-083 WHID 2013-083: Malaysia Airlines website hacked by 'Cyber Caliphate' had instead been hijacked, with users redirected to the hackers' website. http://www.cnn.com/2013/01/25/asia/malaysia-airlines-website-hacked/ 1/26/2013 DNS Hijacking Insufficient Process Validation
Defacement Transportation
The Defence Headquarters (DHQ)' information blog site, defenceinfo.mil.ng, that was
hacked into in the early hours of Friday, 23 January, 2013 has been restored to full
2013-078 WHID 2013-078: Nigeria: DHQ Blogsite Hacked operation. http://allafrica.com/stories/201301250109.html 1/24/2013 Unknown Unknown Defacement Government
User names and e-mail addresses of 20 million visitors to a Russia-based online dating
service have been hacked and offered for sale on a website, according to fraud-detection
2013-074 WHID 2013-074: Russian Dating Site Topface Hacked for 20 Million User Names software-maker Easy Solutions Inc. http://www.bloomberg.com/news/articles/2013-01-25/hacker-steals-20-million-passwords-from-unidentified-dating-site 1/25/2013 SQL Injection Improper Input Handling Leakage of Information Social
On the eve of the Supreme Court's hearing on the Anti-Cybercrime Act of 2012, hackers
2013-070 WHID 2013-070: Govt sites hacked on eve of SC cybercrime hearing opposing the law defaced several government websites early Monday. http://www.gmanetwork.com/news/story/290139/scitech/technology/govt-sites-hacked-on-eve-of-sc-cybercrime-hearing 1/14/2013 Unknown Unknown Defacement Government
The official website of the Andhra Pradesh State Road Transport Corporation (APSRTC)
2013-069 WHID 2013-089: Road Transport Corporation website hacked was defaced by suspected hackers from Bangladesh on Sunday http://timesofindia.indiatimes.com/city/hyderabad/Road-Transport-Corporation-website-hacked/articleshow/18012113.cms 1/14/2013 Unknown Unknown Defacement Government
The New York Post said its Twitter account was hacked after messages were posted citing
bogus breaking news about U.S. interest-rate policy and China firing missiles on a U.S.
2013-064 WHID 2013-064: New York Post Confirms Twitter Accounts Were Hacked Navy ship. http://www.bloomberg.com/news/articles/2013-01-16/new-york-post-says-twitter-feed-hacked-after-fake-china-tweets 1/16/2013 Unknown Unknown Account Takeover Social
Someone hacked LizardStresser[dot]su, the Web site the group uses to coordinate attacks
2013-063 WHID 2013-063: Lizard Lair Hacked and sell subscriptions to its attacks-for-hire service. https://krebsonsecurity.com/2013/01/another-lizard-arrested-lizard-lair-hacked/ 1/15/2013 SQL Injection Improper Input Handling Leakage of Information Retail
UK-based Boomerang Rentals, a videogame rental service, issued a statement Monday,
January 12th, following earlier allegations that customer information had been
2013-055 WHID 2013-055: Boomerang Rentals Issues Statement Following Alleged Security Breach compromised. http://www.gamebrit.com/2013/01/12/boomerang-rentals-uk-issues-statement-following-alleged-hack-security-breach-game-rental/ 1/12/2013 SQL Injection Improper Input Handling Leakage of Information Gaming
The Crayola Facebook page was posting things far more risqué than crayons this past
weekend. Unknown hackers took control of the Crayola social media webpage and posted
2013-053 WHID 2013-053: Crayola apologizes for Facebook page hack dozens of links to R-rated sites and sexual jokes. http://www.usatoday.com/story/news/nation-now/2013/01/12/crayola-facebook-page-hack/21640887/ 1/12/2013 Unknown Unknown Account Takeover Social
The Twitter account for U.S. Central Command was suspended Monday after it was
hacked by ISIS sympathizers -- but no classified information was obtained and no military
2013-051 WHID 2013-051: CENTCOM Twitter account hacked, suspended networks were compromised, defense officials said. http://www.cnn.com/2013/01/12/politics/centcom-twitter-hacked-suspended/ 1/12/2013 Brute Force Insufficient Anti-Automation
Account Takeover Social
Hacking collective Anonymous declared war on Islamic extremists after Wednesday's
deadly attack on Paris-based satirical newspaper Charlie Hebdo, and the group has now
2013-049 WHID 2013-049: Anonymous claims first victim in 'Operation Charlie Hebdo' claimed its first victim. http://mashable.com/2013/01/10/anonymous-operation-charlie-hebdo/ 1/10/2013 Denial of Service Insufficient Anti-Automation
Downtime Media
This past week, The Huffington Post and several major websites displayed malware-laced
2013-046 WHID 2013-046: Did you visit HuffPo last week? You might have a virus advertisements that infected computers and locked them down. http://money.cnn.com/2013/01/08/technology/security/malvertising-huffington-post/ 1/8/2013 Unknown Unknown Planting of Malware Media
On Thursday, the recent Lizard Squad tour of Internet infamy continued as the hacking
group took credit for a distributed denial of service (DDoS) attack against the imageboard
2013-045 WHID 2013-045: 8chan, related sites go down in Lizard Squad-powered DDoS site 8chan. http://arstechnica.com/security/2013/01/8chan-related-sites-go-down-in-lizard-squad-powered-ddos/ 1/8/2013 Denial of Service Insufficient Anti-Automation
Downtime Social
The Internet pages of German Chancellor Angela Merkel and the German Bundestag are
2013-043 WHID 2013-043: CyberBerkut committed DDoS attack on the parliament website obviously crippled by an attack from the Internet. http://www.zeit.de/digital/internet/2013-01/bundestag-bundeskanzlerin-cyberberkut-angriff-webseiten 1/7/2013 Denial of Service Insufficient Anti-Automation
Downtime Government
Hackers operating under the handle of Rex Mundi have claimed that they hacked into the
systems of Banque Cantonale de Geneve (BCGE) and stolen the banks customer
information including private emails. Now the hackers are demanding €10,000 for not
2013-042 WHID 2013-042: Banque Cantonale de Geneve (BCGE) hacked by Rex Mundi making the data public. http://www.techworm.net/2013/01/banque-cantonale-de-geneve-bcge-hacked-rex-mundi-demand-ransom.html 1/9/2013 SQL Injection Improper Input Handling Leakage of Information Finance
The famous anti-Bashar Al Assad hacker Dr.SHA6H from Free Syrian Hacker group has
hacked and defaced the official website of UNDP – United Nations Development
2013-035 WHID 2013-035: United Nation Pakistan Website Hacked By Free Syrian Hacker Programme, Pakistan against the ongoing Syrian conflict. https://www.facebook.com/hackrons/posts/1023633604318713 1/6/2013 Unknown Unknown Defacement Government
Attackers going under the name of "Ulzr1z" defaced websites for courses at the
2013-033 WHID 2013-033: MIT sites defaced in lead-up to anniversary of Aaron Swartz's death Massachusetts Institute of Technology (MIT). https://nakedsecurity.sophos.com/2013/01/06/mit-sites-defaced-in-lead-up-to-anniversary-of-aaron-swartzs-death/ 1/6/2013 Unknown Unknown Defacement Education
Nicole ‘Snooki’ Polizzi got a shock on the New Year eve, when she found out that her
Instagram account had been taken over by unknown Arabic speaking hackers on
2013-031 WHID 2013-031: ‘Snooki’s’ Instagram Account hacked by Arabic Speaking Hackers Tuesday. http://www.techworm.net/2013/01/snookis-instagram-account-hacked-by-arabic-speaking-hackers.html 1/1/2013 Brute Force Insufficient Anti-Automation
Account Takeover Social
"The Commission members have succeeded in hacking Twitter pornography accounts,
shutting them and arresting some of their owners over the past period," an unnamed
spokesman told the publication. The agency did not say how it compromised the users,
either through the use of malware or by softer methods such as open source intelligence
2013-028 WHID 2013-028: Saudi Arabia hires 'ethical hackers' to silence smut slingers gathering. http://www.theregister.co.uk/2013/01/05/saudi_arabia_hires_ethical_hackers_to_silence_smut_slingers/ 1/5/2013 Unknown Unknown Account Takeover Social
According to Reddit and EA forum postings Origin users are having their accounts hacked
2013-027 WHID 2013-027: Origin Accounts Hacked and fraudulent purchases are being made. http://www.hardcoregamer.com/2013/01/03/origin-accounts-hacked/127212/ 1/3/2013 Unknown Unknown Account Takeover Gaming
Blizzard’s Battle.net service is having authentication issues today as hundred of angry
2013-026 WHID 2013-026: Battle.net Experiencing Unusual Major Disruptions, DDoS Speculated gamers are clambering over each other wondering what’s going on. http://www.gamerheadlines.com/2013/01/battle-net-experiencing-unusual-major-disruptions-ddos-speculated/ 1/2/2013 Denial of Service Insufficient Anti-Automation
Downtime Gaming
Bristol residents looking for bus and train timetables were confronted by a message from
2013-024 WHID 2013-024: Islamic script kiddies aim killer blow - at Bristol bus timetable website Islamic militants following a defacement of the TravelWest website. http://www.theregister.co.uk/2013/01/02/bristol_bus_timetable_website_defaced_militants/ 1/2/2013 Unknown Unknown Defacement Transportation
The hackers obtained customers’ logins through other sources, StubHub said, not by
2013-022 WHID 2013-022: Here’s How Hackers Stole Over $1 Million From 1,600 StubHub Users hacking StubHub’s systems. http://time.com/3024409/over-1000-stubhub-accounts-reportedly-hacked/ 3/1/2013 Stolen Credentials Insufficient AuthenticationMonetary Loss Retail
The Web sites of Cambodia's National Military Police and the Supreme Court had been
breached by different hacker groups on Tuesday, and industry watchers note government
2013-021 WHID 2013-021: Two more Cambodia govt sites hacked and defaced sites in the country are vulnerable to hacks due to their poor security. http://www.zdnet.com/two-more-cambodia-govt-sites-hacked-and-defaced-7000009622/ 1/10/2013 Unknown Unknown Defacement Government 2
Drake International, the Canadian-based job placement firm, confirmed Wednesday that it
has been the victim of a hacking scheme by a group seeking to extort payment in
exchange for not releasing the personal information of people who have used Drake‰Ûªs
2013-020 WHID 2013-020: Drake International the latest victim of hacking, extortion scheme against companies
services. http://business.financialpost.com/2013/01/09/drake-international-confirms-database-with-user-information-hacked/?__lsa=bf4c-db1b 1/9/2013 SQL Injection Improper Input Handling Leakage of Information Consulting
Hacktivist group NullCrew recently announced a succesful intrusion (though intrusionette
2013-019 WHID 2013-019: DHS website falls victim to hacktivist intrusion might be a better word) against a website in the DHS.GOV domain hierarchy. http://nakedsecurity.sophos.com/2013/01/07/dhs-website-falls-victim-to-hacktivist-intrusion/ 1/7/2013 Forceful Browsing Predictable Resource Location
Leakage of Information Government
Ubisoft is investigating a recent spate of hijackings of gaming accounts belonging to users
2013-018 WHID 2013-018: Ubisoft probes sudden rash of hijack attacks on gamers' accounts of its Uplay platform http://www.theregister.co.uk/2013/01/04/ubisoft_gaming_account_hijack_caper/ 1/4/2013 Unknown Unknown Account Hijacking Gaming
Fifth Third Bank's website was hit with a cyberattack Tuesday causing its second
2013-017 WHID 2013-017: Cyberattack hits Fifth Third for 2nd time in week shutdown in a span of five days, the Cincinnati Business Courier reports. http://www.bizjournals.com/columbus/morning_call/2013/01/cyber-attack-hits-fifth-third-for.html 1/9/2013 Denial of Service Insufficient Anti-automation
Downtime Finance
In a scam never seen before in Ontario, a Toronto-area law firm lost ‰ÛÏa large six
figure‰Û over the holidays after a virus gave hackers backdoor access to its
bookkeeper‰Ûªs computer. The virus copied bank account passwords as she typed
2013-016 WHID 2013-016: Law firm‰Ûªs trust account hacked, ‰Û÷large six figure‰Ûª taken them. http://www.lawtimesnews.com/201301079535/Headline-News/Law-firms-trust-account-hacked-large-six-figure-taken 1/7/2013 Banking Trojan Insufficient Process Validation
Monetary Loss Finance
Late last ni

2013-015 WHID 2013-015: Yahoo Mail users hit by widespread hacking, XSS exploit seemingly to blame
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
Earlier today, social networking giant Facebook was caught with its pants down when
blogger Jack Jenkins noticed a privacy flaw with its New Year ‰Û÷Midnight Delivery‰Ûª
2013-010 WHID 2013-010: Just in time: Facebook restores New Year‰Ûªs messaging service after plugging privacy loophole
messaging service. http://thenextweb.com/facebook/2012/12/31/just-in-time-facebook-restores-new-years-messaging-service-after-plugging-privacy-loophole/ 1/1/2013 Forceful Browsing Predictable Resource Location
Leakage of Information Social
Facebook had a busy time over the holiday period fixing several security flaws, including a
webcam-related vulnerability that allowed hackers to record video from a user's web
2013-009 WHID 2013-009: Facebook fixes 'Peeping Tom' webcam bug - AFTER 5 MONTHS camera and post it on their timeline. http://www.theregister.co.uk/2013/01/02/facebook_privacy_bug_fixes/ 1/2/2013 Cross-site Request Forgery
Insufficient
(CSRF)Process Validation
Leakage of Information Social
Today we woke up to the tip that the website of one of the largest internet service
2013-008 WHID 2013-008: ZOL website hacked providers in the country, Zimbabwe Online (ZOL) had been hacked. http://www.techzim.co.zw/2013/01/zol-website-is-hacked/ 1/3/2013 Unknown Unknown Defacement Hosting Providers Joomla
As part of OpRedRoll and Occupy Steubenville, Anonymous' response to the rape of a 15-
year-old girl in Steubenville, Ohio last August, hacker AnonAcid recently published the
names, birthdates, addresses and other personal data of residents of Steubenville and
2013-007 WHID 2013-007: Hacker AnonAcid Publishes Data on 50,000 Ohio Residents nearby towns in Ohio. http://www.esecurityplanet.com/hackers/hacker-anonacid-publishes-data-on-50000-ohio-residents.html 1/3/2013 Unknown Unknown Leakage of Information Government
A hacker collective called DarkWeb Goons, recently founded by a former member of the
Grey Security group, has breached the official website of World Wildlife Foundation China
2013-006 WHID 2013-006: World Wildlife Foundation China Hacked, Details of 80,000 Users Leaked (wwfchina.org). http://news.softpedia.com/news/World-Wildlife-Foundation-China-Hacked-Details-of-80-000-Users-Leaked-318117.shtml 1/3/2013 SQL Injection Improper Input Handling Leakage of Information Non-Profit
Researcher Eric Romang said that Capstone Turbine Corp., which builds power
generation equipment for utilities, has been infected with malware exploiting CVE 2012-
2013-005 WHID 2013-005: Energy Manufacturer Also Victimized by IE Zero Day in Watering Hole Attack 4969 for four months and the latest IE exploit since Dec. 18. http://threatpost.com/en_us/blogs/energy-manufacturer-also-victimized-ie-zero-day-watering-hole-attack-010213 1/2/2013 Unknown Unknown Planting of Malware Energy
The hacker has breached a large number of websites over the past several days, including
2013-004 WHID 2013-004: The hacker has breached a large number of websites over the past several days
the Jawaharlal Nehru Centre for Advanced Scientific Research (jncasr.ac.in) http://news.softpedia.com/news/Yemen-Customs-Authority-Hacked-User-Details-Leaked-318245.shtml 1/1/2013 SQL Injection Improper Input Handling Leakage of Information Government
hacker has breached a large number of websites over the past several days, including the
2013-003 WHID 2013-003: Hacker has breached a large number of websites Indian National Institute of Technology (nitdgp.ac.in) http://news.softpedia.com/news/Yemen-Customs-Authority-Hacked-User-Details-Leaked-318245.shtml 1/1/2013 SQL Injection Improper Input Handling Leakage of Information Government
The hacker known as JokerCracker has breached the official website of Yemen‰Ûªs
2013-002 WHID 201-3-002: Yemen Customs Authority Hacked, User Details Leaked Customs Authority (customs.gov.ye), leaking the details of hundreds of users. http://news.softpedia.com/news/Yemen-Customs-Authority-Hacked-User-Details-Leaked-318245.shtml 1/1/2013 SQL Injection Improper Input Handling Leakage of Information Government
2013-001 WHID 2013-001: OpFuckMohammad - Happy New Year PastBin DB Dump of data from attack on http://eldorar.com/ http://pastebin.com/yDFK5XEC 1/1/2013 SQL Injection Improper Input Handling Leakage of Information Media
The computer hacker group Anonymous attacked websites of Brazil's federal district
Saturday as well as one belonging to a Brazilian singer to protest the forced closure of
2012-99 WHID 2012-99: 'Anonymous' hackers attack Brazilian websites Megaupload.com. http://www.google.com/hostednews/afp/article/ALeqM5jGNOfn8Ij_BmP_UTSE83cFq_bMDA?docId=CNG.ed2a687c0642d8185d1e4e7ccab9f2c3.6e1 1/21/2012 Denial of Service Insufficient Anti-automation
Downtime Government RIO DE JANEIRO, Brazil
Yes Anonymous
Computer hackers have broken in and stolen approximately $19,000 by way of an illegal
2012-98 WHID 2012-98: Hackers tap Salem Co. account for $19,000 wire transfer from a Salem County bank account that held more than $13 million in funds. http://www.nj.com/salem/index.ssf/2012/01/hackers_tap_salem_co_account_f.html 1/22/2012 Banking Trojan Insufficient Process Validation
Monetary Loss Finance Salem, NJ
Israeli hacker Hannibal claims to have stolen another 100,000 Facebook logins from Arab
users of the social network. A quick analysis shows that the number is actually closer to
2012-97 WHID 2012-97: Israeli hacker posts ‰Û÷100,000‰Û_ more stolen Facebook logins 20,000 accounts. https://www.zdnet.com/blog/facebook/israeli-hacker-posts-8216100000-8242-more-stolen-facebook-logins/7837 1/21/2012 Unknown Unknown Leakage of Information Social San Francisco Israel
An Israeli hacker who goes by the name Hannibal this week stole ‰ÛÏ85,000‰Û_
Facebook logins from Arab users of the social network, as part of an online hacker war
2012-96 WHID 2012-96: Israeli hacker steals 85,000 Facebook logins from Arabs being fought in the Middle East. https://www.zdnet.com/blog/facebook/israeli-hacker-steals-85000-facebook-logins-from-arabs/7758 1/19/2012 Unknown Unknown Leakage of Information Social San Francisco, CA
A hacking group has dumped internal login-in details for T-Mobile staff revealing the US
2012-95 WHID 2012-95: T-Mobile reused staff passwords telco had reused passwords for multiple accounts. http://www.scmagazine.com.au/News/287402,t-mobile-reused-staff-passwords.aspx 1/19/2012 SQL Injection Improper Input Handling Leakage of Information Technology Bonn, DE
VGP admitted it was "currently investigating a security issue" in a generic email addressed
to users, passed to Eurogamer this evening. The company recommends users change
2012-94 WHID 2012-94: VideoGamesPlus.ca hacked, 21,000 users' details stolen their passwords "as a safety precaution" and apologised "for any inconvenience caused". http://www.eurogamer.net/articles/2012-01-18-videogamesplus-ca-hacked-21-000-users-details-stolen 1/18/2012 Unknown Unknown Leakage of Information Entertainment Ontario, Canada
Most of the hackers we talk about here are out to steal credit card numbers and harass.
Some of the hacks result in illicit gains, but few that we have talked about have been able
to pull the massive amount of funds that hackers who hit the South African Postbank have
2012-93 WHID 2012-93: Hackers steal $6.7M in cyber bank robbery grabbed. These hackers were able to steal $6.7 million from the bank. http://www.slashgear.com/hackers-steal-6-7m-in-cyber-bank-robbery-18209697/ 1/18/2012 Banking Trojan Insufficient Process Validation
Monetary Loss Finance Johannesburg, South Africa
Hackers broke into the FourSquare and Twitter accounts of actor Ashton Kutcher, claiming
2012-92 WHID 2012-92: Ashton Kutcher's FourSquare, Twitter hacked to confirm he was in a romantic relationship with Lorene Scafaria. http://www.gmanetwork.com/news/story/244942/scitech/socialmedia/ashton-kutcher-s-foursquare-twitter-hacked 1/18/2012 Unknown Unknown Account Takeover Social San Francisco
Hackers are increasingly targeting child-focused gaming websites, according to a leading
2012-91 WHID 2012-91: Hackers spread malware via children's gaming websites anti-virus firm. http://www.bbc.co.uk/news/technology-16576542 1/16/2012 Unknown Improper Output HandlingPlanting of Malware Entertainment Fortitude Valley, Australia
UK ISP Namesco confirmed that a small number of its customers were affected by
hackers who broke into the company system and stole some personal data, including
2012-90 WHID 2012-90: Namesco customers affected by hackers credit card information, ISPreview reported. http://www.telecompaper.com/news/namesco-customers-affected-by-hackers 1/16/2012 Unknown Unknown Leakage of Information Service Provider UK
There are fears that the GAME website's user database has been hacked, with hackers
2012-9 WHID 2012-9: GAME website 'hacked', passwords obtained - Report getting hold of over 200 customers' email addresses and passwords in clear text. http://www.computerandvideogames.com/332334/game-website-hacked-passwords-obtained-report/ 1/16/2012 Shell Injection Improper Input Handling Leakage of Information Entertainment United Kingdom No NA 1 Unknown User accounts
A Nigerian army website was hacked by cyber activists Monday as protests against a hike
2012-89 WHID 2012-89: Nigerian army website hacked by protesters in fuel prices continue. http://observers.france24.com/content/20120116-nigerian-army-website-hacked-protesters-occupy-fuel-subisidy-goodluck-jonathan-lagos-soldiers-roadblocks-strike 1/16/2012 Unknown Unknown Defacement Government Nigeria
Anti-Israeli hackers attacked official websites in the Jewish state's mainly Muslim ally
Azerbaijan on Monday, the same day as several Israeli sites were also threatened. To
read more: http://www.nowlebanon.com/NewsArchiveDetails.aspx?
ID=353180#ixzz1rxH5n79K Only 25% of a given NOW Lebanon article can be
republished. For information on republishing rights from NOW Lebanon: http://www.
2012-88 WHID 2012-88: Anti-Israeli hackers hit ally Azerbaijan's websites nowlebanon.com/Sub.aspx?ID=125478 http://www.nowlebanon.com/NewsArchiveDetails.aspx?ID=353180 1/16/2012 Unknown Unknown Defacement Government Tel-Aviv, Israel
On realizing that her account was hacked, the actress was quick to retrieve it, giving the
2012-87 WHID 2012-87: Actress Madhu Shalini‰Ûªs twitter account hacked hacker little chance to misuse the account http://articles.timesofindia.indiatimes.com/2012-01-16/news-interviews/30631582_1_twitter-account-hacker-popular-micro-blogging-site 1/16/2012 Unknown Unknown Disinformation Social San Francisco, CA Twitter
Usual tweets with links to stories about celebrities and cute animal photos are joined by
2012-86 WHID 2012-86: HuffPo's Twitter account hacked racist and homophobic notes on The Huffington Post's Twitter account. http://news.cnet.com/8301-1023_3-57359471-93/huffpos-twitter-account-hacked/ 1/15/2012 Unknown Unknown Disinformation Social San Francisco, CA
The websites of Israeli national carrier El Al and the Tel Aviv Stock Exchange were both
offline on Monday morning hours after they were reportedly threatened by a hacker
2012-85 WHID 2012-85: Websites of Israel bourse, airline brought down claiming to be Saudi. http://www.bangkokpost.com/tech/computer/275406/websites-of-israel-bourse-airline-brought-down 1/16/2012 Denial of Service Insufficient Anti-automation
Downtime Finance Tel-Aviv, Israel Yes Saudi Arabia
Brilliant hackers have defaced some links given on the crime prevention tips page of city
2012-84 WHID 2012-84: Hackers deface city police website police website, www.kochicitypolice.org, entering picture language icons. http://www.asianage.com/india/hackers-deface-city-police-website-670 1/15/2012 Unknown Unknown Defacement Law Enforcement Kochi City, India
A group hackers succeeded on Thursday night in hacking into the Israeli Fire and Rescue
Services' official website. The site's homepage was changed to black with a sneering
message from the hackers to the Israeli government and other messages supporting
2012-83 WHID 2012-83: Gaza hackers attack Israeli fire services website armed resistance against Israel, Israeli media reported. http://www.allvoices.com/contributed-news/11288572-gaza-hackers-attack-israel-fire-services-website 1/13/2012 Unknown Unknown Defacement Government Tel-Aviv, Israel
Possible evidence that Xbox.com has been hacked has emerged in the US, suggesting
that the Microsoft Points scandal really does have more to it than just phishing scams.
Read more: http://www.metro.co.uk/tech/games/887330-xbox-com-has-been-hacked-
2012-82 WHID 2012-82: Xbox.com has been hacked claim users claim-users-update-microsoft-response#ixzz1rxAyOi00 http://www.metro.co.uk/tech/games/887330-xbox-com-has-been-hacked-claim-users-update-microsoft-response 1/13/2012 Brute Force Insufficient Anti-automation
Account Takeover Entertainment Redmond, WA Yes
Contrary to what you may have read, popular alternative bands No Doubt and Rise
Against have not officially endorsed any presidential candidate. According to Billboard,
early Wednesday morning (Jan. 11), both bands had their Twitter accounts hacked by
2012-81 WHID 2012-81: RON PAUL SUPPORTERS HACK TWITTER ACCOUNTS OF RISE AGAINST AND overzealous
NO DOUBT supporters of Ron Paul. http://audioinkradio.com/2012/01/no-doubt-rise-against-twitter-hacked-ron-paul-backers 1/13/2012 Unknown Unknown Disinformation Social San Francisco, CA
Live-blogging platform CoverItLive revealed Friday night that it will be implementing a
2012-80 WHID 2012-80: Live Blog Platform CoverItLive Hacked required password reset after discovering a hack of its files. http://www.pcmag.com/article2/0,2817,2398924,00.asp 1/7/2012 Unknown Unknown Leakage of Information Blogs Austin, TX
Zappos.com, the popular online shoe site, was the victim of a cyber attack by a hacker
who gained access to part of the company's internal network through one of its servers,
2012-8 WHID 2012-8: Zappos website hacked; credit card database not affected, CEO says Chief Executive Tony Hsieh said in an email to employees Sunday. http://latimesblogs.latimes.com/technology/2012/01/zappos-hacked.html 1/15/2012 Unknown Unknown Leakage of Information Retail Henderson, NV No NA 1 Unknown Unknown Unknown User accounts
Unknown
Plans by Anonymous to launch a distributed denial of service attack against www.governo.
2012-79 WHID 2012-79: ‰ÛÏOperation Italy‰Û takes down government website it were changed half an hour before the attack was scheduled to commence. http://news.netcraft.com/archives/2012/01/13/operation-italy-takes-down-government-website.html 1/13/2012 Denial of Service Insufficient Anti-automation
Downtime Government Italy Yes Anonymous
Charge card company American Express has fixed a security vulnerability on its web site
that allowed SQL injection and, therefore, direct access to its server's database. The
company acted after The H's associates at heise Security forwarded a tip-off from one of
2012-78 WHID 2012-78: American Express fixes critical security vulnerability its readers. http://www.h-online.com/security/news/item/American-Express-fixes-critical-security-vulnerability-1410252.html 1/13/2012 SQL Injection Improper Input Handling Leakage of Information Finance El Paso, TX
2012-77 WHID 2012-77: FoundationSource.com fends off a web attack The management firm enlisted reinforcements to quell a denial of service attack. http://www.internetretailer.com/2012/01/12/foundationsourcecom-fends-web-attack 1/12/2012 Denial of Service Insufficient Anti-automation
Downtime Politics Fairfield, CT Yes
A Dutch court has ordered two ISPs in that country to block their customers' access to The
Pirate Bay, a site often used for copyright-infringing activities. On Wednesday, the Hague
district court told the ISPs Ziggo and XS4ALL that they have to block the site within 10
days or face a ‰âÂ10,000 (å£8,315) fine each day that access remains possible. The
action against the ISPs was brought by Brein, the Netherlands' rights-holder group.
Following the verdict, it appears that hackers claiming to be part of Anonymous have used
2012-76 WHID 2012-76: Hackers retaliate as Dutch ISPs told to block Pirate Bay a denial-of-service attack to make Brein's own site inaccessible. http://www.zdnet.co.uk/blogs/communication-breakdown-10000030/hackers-retaliate-as-dutch-isps-told-to-block-pirate-bay-10025189/ 1/12/2012 Denial of Service Insufficient Anti-automation
Downtime Government Netherlands Yes Anonymous
Stratfor relaunched its website overnight, which included a video from the company's CEO
George Friedman thumbing his nose at Anonymous. This morning, the site has been
2012-75 WHID 2012-75: Stratfor downed again after brief relaunch pulled down again. http://www.zdnet.com.au/stratfor-downed-again-after-brief-relaunch-339329556.htm 1/12/2012 Denial of Service Insufficient Anti-automation
Downtime Technology Austin, TX Yes Anonymous
A group of Indian hackers-India Cyber Army (ICA)-hacked the Punjab Directorate General
2012-74 WHID 2012-74: Indian hackers break into DGPR site of Public Relations (DGPR)‰Ûªs official website (www.dgprpunjab.com) on Tuesday. http://www.pakistantoday.com.pk/2012/01/11/city/lahore/indian-hackers-break-into-dgpr-site/ 1/11/2012 Unknown Unknown Defacement Government Lahore, Pakistan
CYBER criminals manipulating computer networks across the globe are targeting internet
businesses and a Manly trader is warning locals to be wary after his website was
2012-73 WHID 2012-73: Russians in cyber attack on Manly business temporarily crippled in a high-tech extortion attempt. http://manly-daily.whereilive.com.au/news/story/russians-in-cyber-attack/ 1/10/2012 Denial of Service Insufficient Anti-automation
Downtime Finance Manly, Australia Russia
Anonymous has struck the websites of two anti-piracy organizations, a day after Finnish
ISP Elisa blocked access to The Pirate Bay search engine in response to an injunction
2012-72 WHID 2012-72: Pirate Bay block prompts Anonymous to launch DDOS requested by one of the organizations. https://www.computerworld.com/s/article/9223304/Pirate_Bay_block_prompts_Anonymous_to_launch_DDOS 1/10/2012 Denial of Service Insufficient Anti-automation
Downtime Entertainment Finland Yes Anonymous
Fraudsters have etched out a goldmine grey market from Xbox Live by selling hacked
2012-71 WHID 2012-71: Xbox Live a goldmine for hackers gaming profiles loaded with Microsoft Points. http://www.scmagazine.com.au/News/286307,xbox-live-a-goldmine-for-hackers.aspx 1/9/2012 Stolen Credentials Insufficient AuthenticationMonetary Loss Entertainment Redmond, WA
Israeli hackers decided this past weekend to retaliate in an unorganized fashion: On an
Israeli hacking forum, personal details were revealed (including phone numbers) of users
2012-70 WHID 2012-70: Israeli hackers hit Arab websites from an Arab website that was hacked by an Israeli. http://www.globes.co.il/serveen/globes/docview.asp?did=1000713894 1/9/2012 Unknown Unknown Leakage of Information Finance Saudi Arabia
Nigerian hackers have tampered with the website of the Economic and Financial Crimes
Commission, EFCC, www.efccnigeria.org, posting on the site the false ‰Û÷arrests‰Ûªof
2012-7 WHID 2012-7: Subsidy Protest: EFCC site hacked with False arrests of oil moguls prominent Nigerian players in the oil sector. http://pmnewsnigeria.com/2012/01/13/subsidy-protest-efcc-site-hacked-with-false-arrests-oil-moguls/ 1/13/2012 Unknown Unknown Defacement Government Nigeria N/A N/A 1 Unknown Unknown
The online piracy group Anonymous hacked into the Belgian website of industrial giant
ArcelorMittal on Friday, posting a video to protest the closure of two blast furnaces in
2012-69 WHID 2012-69: Hackers hit ArcelorMittal's Belgian website Belgium. http://www.google.com/hostednews/afp/article/ALeqM5h96a9ZQ7H-z0m5mW1LP6anEUM0qQ?docId=CNG.7cda19e9b40775c4791cfe074e851e06.b1 1/6/2012 Unknown Unknown Defacement Government Brussels, Belgium Anonymous
Ohio State University Medical Center has notified 30 patients and 150 students that a
hacker might have accessed their names, medical information and/or Social Security
2012-68 WHID 2012-68: Server hacked at OSU Medical Center numbers. http://www.dispatch.com/content/stories/local/2012/01/06/OSU-Medical-Center-server-hacked.html 1/6/2012 Unknown Unknown Leakage of Information Healthcare Columbus, OH
A group of Turkish hackers Cyber-Warrior.org/AKINCILAR broke French MP of Armenian
2012-67 WHID 2012-67: Turkish hackers break French MP‰Ûªs website descent Patrick Devedjian‰Ûªs website. http://news.am/eng/news/88198.html 1/5/2012 Unknown Unknown Defacement Government Paris, France
The hacking group Anonymous has confirmed that they have once again hacked Sony
2012-66 WHID 2012-66: Sony Pictures hacked again by Anonymous Pictures, gaining access to their Facebook account and website. http://www.afterdawn.com/news/article.cfm/2012/01/06/sony_pictures_hacked_again_by_anonymous 1/6/2012 Unknown Unknown Defacement Entertainment Culver City, CA
THE SOCIAL NETWORK Facebook has been hit by a malware worm called Ramnit,
which has gained access to the login details of more than 45,000 users. Source: The
2012-65 WHID 2012-65: Hackers steal 45,000 Facebook passwords Inquirer (http://s.tt/157jZ) http://www.theinquirer.net/inquirer/news/2135748/hackers-steal-facebook-passwords 1/6/2012 Stolen Credentials Improper Output HandlingPlanting of Malware Social California Yes Ramnit worm
Care2.com, a social networking website for activists, has decided to reset the account
passwords of almost 18 million registered members after hackers gained access to its
2012-64 WHID 2012-64: Care2 political social network hacked servers. http://www.computerworlduk.com/news/security/3327948/care2-political-social-network-hacked/ 1/5/2012 Unknown Unknown Leakage of Information Social Redwood City, CA
Update: Hackers have broken into the National University of Singapore and made staff
2012-63 WHID 2012-63: Singapore University hacked usernames, domain information and hashed passwords public. http://www.scmagazine.com.au/News/285906,singapore-university-hacked.aspx 1/5/2012 SQL Injection Improper Input Handling Leakage of Information Education Singapore Russia
Almost like an echo from retired hackers, those from the 90s who long ago faded into the
ether, the motto for 2011 may have been along the lines of "hack the planet." Yet there are
some who obviously learned nothing about the consequences of maintaining sloppy
security in 2011. In the cyber world, 2012 was not greeted by the boom of fireworks but by
2012-62 WHID 2012-62: Double wham bam: AntiSec hacks, dumps CA & NY law enforcement emails a double wham bam to law enforcement in California and New York. http://blogs.computerworld.com/19507/double_wham_bam_antisec_hacks_dumps_ca_ny_law_enforcement_emails 1/3/2012 Unknown Unknown Leakage of Information Law Enforcement New York
A group of Saudi hackers dubbed Group-XP claimed on Monday to have posted the
personal information of nearly half a million Israelis online, though credit card companies
2012-61 WHID 2012-61: Saudi Hackers Post Israeli Credit Card Numbers Online said the number of compromised records is actually much lower. http://www.pcmag.com/article2/0,2817,2398297,00.asp 1/3/2012 Unknown Unknown Leakage of Information Finance Israel
AUSTRALIA'S second-biggest online broking business, ANZ Bank's ETrade, was forced to
shut down over the Christmas-New Year period by a ''malicious'' cyber attack offshore.
Read more: http://www.smh.com.au/business/cyber-attack-strands-etrade-customers-
2012-60 WHID 2012-60: Cyber attack strands ETrade customers 20120104-1pl3x.html#ixzz1rvmJvu3b http://www.smh.com.au/business/cyber-attack-strands-etrade-customers-20120104-1pl3x.html 1/5/2012 Denial of Service Insufficient Anti-automation
Downtime Finance Australia
Arrahmah.com, a Web site categorized by the National Anti-Terrorism Agency and
Indonesia‰Ûªs largest Islamic group as promoting radical jihad and terrorism, could not
2012-6 WHID 2012-6: Radical Islamic Web Site Attacked by Hackers be accessed on Tuesday, its editor said on Wednesday. http://www.thejakartaglobe.com/media/radical-islamic-web-site-attacked-by-hackers/490668 1/10/2012 Denial of Service Insufficient Anti-automation
Downtime Media Australia 1 Unknown Unknown Unknown None
‰ÛÏAnonymous‰Û hackers have declared ‰ÛÏBlitzkrieg‰Û on neo-Nazis for the
New Year, disabling a number of their websites and publishing lists of extreme-right
2012-59 WHID 2012-58: 'Anonymous' declares 'Blitzkrieg' on neo-Nazis supporters. http://www.thelocal.de/society/20120102-39867.html 1/2/2012 Denial of Service Insufficient Anti-automation
Downtime Politics Frankfurt, Germany Yes Anonymous 15
2012-58 WHID 2012-58: City of Eau Claire‰Ûªs website hacked Thursday night The City of Eau Claire spent time restoring its website after it was hacked http://www.weau.com/home/headlines/City_of_Eau_Claires_website_hacked_Thursday_night_146380865.html?storySection=story 4/5/2012 Unknown Unknown Downtime Government Wisconson No NA 1 Unreported Apache/ PHP Unreported None NA
The Home Office tonight acknowledged it had been the target of an online protest after its
website was taken down in an apparent backlash against Government extradition and
2012-57 WHID 2012-57: Home Office Website 'Hacked By Anonymous' Over Email Snooping surveillance policies. http://www.huffingtonpost.co.uk/2012/04/07/home-office-website-hacked-anonymous-email-snooping_n_1410220.html?ref=uk 4/7/2012 Denial of Service Insufficient Anti-automation
Downtime Government United Kingdom Yes Denial of Service 1 Unreported Apache Unreported None NA
Anonymous has hacked hundreds of Chinese government websites. Some sites were just
defaced, but others have had administrator accounts, phone numbers, and e-mail
2012-56 WHID 2012-56: Anonymous hacks hundreds of Chinese government sites addresses leaked. http://www.zdnet.com/blog/security/anonymous-hacks-hundreds-of-chinese-government-sites/11303 3/30/2012 Unknown Unknown Leakage of Information Government China Unreported NA 485+ China Unreported Unreported administrator Two
accounts,
accounts
phone
andnumbers,
passwords
and
548
e-mail
phoneaddresses
numbers. 860 e-mail addresses.
2012-55 WHID 2012-55: Denial of Service Attack Targets Epoch Times The Epoch Times was hit with a series of cyber attacks. http://www.theepochtimes.com/n2/technology/denial-of-service-attack-targets-epoch-times-213907.html 4/1/2012 Denial of Service Insufficient Anti-automation
Downtime Media China Yes Denial of Service 2 Unreported Unreported Unreported None NA
2012-54 WHID 2012-54: DDOS Attack CatholicCulture.org was the victim of a distributed denial of service attack yesterday. http://www.catholicculture.org/commentary/the-city-gates.cfm?id=253 3/29/2012 Denial of Service Insufficient Anti-automation
Downtime Religious Manassas, Virginia Yes Distributed Denial of Service 1 Unreported Microsoft IIS 7, ASP.NET Unreported None NA
A spokesman for County Executive Rob Astorino said Friday that Westchester County‰
Ûªs web site had been accessed and that the intruders had left a message declaring that
2012-53 WHID 2012-53: Westchester County's website hacked they had hacked the site. http://www.lohud.com/article/20120330/NEWS02/120330015/Westchester-County-s-website-hacked 3/30/2012 Unknown Unknown Downtime Government Westchester, New York Non NA 1 Unreported Unreported Unreported Yes Unreported
All has been relatively quiet on the Anonymous front as far as defacing Web sites are
concerned. That has changed today as Anonymous China has attacked and defaced a
number of Chinese government Web sites to protest the country‰Ûªs censorship of the
2012-52 WHID 2012-52: Anonymous Takes Down And Defaces Chinese Government Web Sites Internet. http://www.webpronews.com/anonymous-takes-down-and-defaces-chines-government-web-sites-2012-03 3/30/2012 Unknown Unknown Downtime Government China Yes Denial of Service Multiple China Unreported Unreported None NA
The website of the Football Association of Malaysia (FAM) was hacked by irresponsible
2012-51 WHID 2012-51: FAM Website Hacked parties. http://www.bernama.com/bernama/v6/newssport.php?id=656042 3/30/2012 Unknown Unknown Defacement Sports Malaysia No NA 1 Unreported Unreported Unreported None NA
A section of Pakistan's Federal Tax Ombudsman (FTO) website was hacked with a media
2012-50 WHID 2012-50: Pak government website hacked, 'Indians' blamed report describing this as the handiwork of 'Indians‰Ûª. http://zeenews.india.com/news/south-asia/pak-government-website-hacked-indians-blamed_767145.html 3/30/2012 Unknown Unknown Defacement Government Pakistan No NA 1 Claimed to beUnreported
India Unreported None NA
Security researchers monitoring mass SQL injection attacks warned the latest one may be
nearing a million infected pages using a combination of automated tools with
reconnaissance information gathered from search engines. This follows similar storms last
2012-5 WHID 2012-5: Mass SQL Injection Storm Uses Search Engines And Automation year. http://www.techweekeurope.co.uk/news/mass-sql-injection-storm-uses-search-engines-and-automation-to-infect-sites-53567 1/11/2012 SQL Injection Improper Input Handling Planting of Malware Multiple Multiple locations No N/A Multiple
LulzSec, the hacking group responsible for breaching into a series of websites during
2012-49 WHID 2012-49: Dating Website Dedicated To US Military Personnel Hacked By LulzSec spring of the year 2011, is back, according a rumor spread all over US. http://www.techgadgetsweb.com/8364/dating-website-dedicated-military-personnel-hacked-lulzsec 3/28/2012 Unknown Unknown Leakage of Information Entertainment Scottsdale, Arizona None NA 1 Unreported Apache 2.0.63 Unreported Email addresses
Nearly 171000
Two local men have been arrested after an online referendum organised by Hong Kong
university to poll citizens on their choice of chief executive was disabled in an apparent
2012-48 WHID 2012-48: Election poll shot down by DDoS-ers denial of service attack. http://www.theregister.co.uk/2012/03/26/hong_kong_vote_hack/ 3/23/2012 Denial of Service Insufficient Anti-automation
Downtime Government China Yes Denial of Service 1 China Unreported Unreported None NA
The infamous Anonymous hacker group is not happy about Pope Benedict XVI's arrival in
2012-47 WHID 2012-47: Anonymous Hackers Target Pope in Mexico Mexico. http://latino.foxnews.com/latino/news/2012/03/23/anonymous-hackers-target-pope-in-mexico/?test=latestnews 3/22/2012 Denial of Service Insufficient Anti-automation
Downtime Government Mexico Unreported NA Multiple Mexico Unreported Unreported None NA
Orchard Central's website fell victim to hackers, who replaced a thumbnail photo on the
2012-46 WHID 2012-46: Orchard Central's website gets hacked page with that depicting a sexual act and put up racist content. http://www.digitalone.com.sg/news/article/18021 3/22/2012 Unknown Unknown Defacement Retail Singapore Non NA 1 Unreported Unreported Unreported No NA
Hackers breached an Australian police website this week, defacing the site and leaking
2012-45 WHID 2012-45: Hackers hit Australian police website, leak data the online data of its members. http://www.gmanetwork.com/news/story/252173/scitech/technology/hackers-hit-australian-police-website-leak-data 3/21/2012 Unknown Unknown Defacement Law Enforcement Australia No NA 1 Unreported Unreported Unreported User information
Unreported
Hackers with the collective Anonymous attack the home page of Panda Security's
2012-44 WHID 2012-44: Anonymous Hackers Take Down PandaLabs Website PandaLabs in apparent retaliation for the arrests of five LulzSec members. http://www.eweek.com/c/a/Security/Anonymous-Hackers-Take-Down-PandaLabs-Website-687825/ 3/7/2012 Unknown Unknown Defacement Technology USA Unreported NA 1 Unreported Unreported Unreported None NA
The website of the Labor Ministry was hacked Thursday by a group calling itself "Mad
2012-43 WHID 2012-43: Lebanon Labor Ministry website hacked Hackerz Team.‰Û http://www.dailystar.com.lb/News/Politics/2012/Mar-08/165981-labor-ministry-website-hacked.ashx#axzz1oah4DHvr 3/8/2012 Unknown Unknown Defacement Government Lebanon Non NA 1 Unreported Unreported Unreported None NA
Iranian hackers attacked NMCI in August of 2012, using a vulnerability in a public-facing
2012-428 WHID 2012-427: Iranians hacked Navy network for four months website to gain initial access to the network. http://arstechnica.com/information-technology/2014/02/iranians-hacked-navy-network-for-4-months-not-a-surprise/ 8/19/2012 Unknown Unknown Downtime Government
A website associated with the Dalai Lama's YouTube account has been hacked using
2012-427 WHID 2012-427: Who Hacked the Dalai Lama's Website? malware. http://mashable.com/2012/12/06/dalai-lama-website-hacked/ 12/3/2012 Unknown Unknown Malware distribution Religion India Unknown NA 1 Unknown PHP Unknown None NA
2012-426 WHID 2012-426: ITU Website Hacked The websites of the ITU were hit by a denial of service attack. http://www.multichannel.com/technology/itu-website-hacked/140572 12/5/2012 Denial of Service Unknown Service disruption Information Technology Geneva, Switzerland Unknown NA 1 Unknown Microsoft Sharepoint Unknown None NA
Anonymous hackers recently defaced the South Australian Web site for Australia's far-
2012-425 WHID 2012-425: Anonymous Hackers Target Australian Right-Wing Party right Family First Party. http://www.esecurityplanet.com/hackers/anonymous-hackers-target-australian-right-wing-party.html 12/4/2012 Unknown Unknown Defacement Politics Australia No NA 1 Unknown PHP Unknown None NA
A quickly spreading worm on Tumblr has caused media companies The Verge, Reuters,
and a large number of other account holders to publish a post laced with racist epithets
2012-424 WHID 2012-424: How a computer worm slithered across a huge number of Tumblr accounts and other offensive content. http://arstechnica.com/security/2012/12/how-a-computer-worm-slithered-across-a-huge-number-of-tumblr-accounts/ 12/3/2012 Cross-site Request Forgery
Insufficient
(CSRF)Process Validation
Worm Social
Widely-used open source web analytics platform Piwik has confirmed that hackers on
Monday breached its piwik.org webserver and planted malicious code in the ZIP file
2012-423 WHID 2012-423: Hackers planted backdoor in Piwik's web analytics update containing its current software update. http://www.cso.com.au/article/443069/hackers_planted_backdoor_piwik_web_analytics_update/ 11/28/2012 Unknown Unknown Planting of Malware Technology WordPress
A school district in western Wisconsin says hackers have stolen nearly $150,000 after
2012-422 WHID 2012-422: Hackers steal $150K from Wis. school district breaking into its payroll system. http://www.kare11.com/news/article/999866/396/Hackers-steal-150K-from-Wis-school-district 11/28/2012 Stolen Credentials Insufficient AuthenticationMonetary Loss Finance
Hackers in Pakistan have reportedly hacked the organisation managing domain name
servers to redirect users to their own site, disrupting access to major services such as
2012-421 WHID 2012-421: Google And Apple Sites Downed In Massive Pakistani DNS Hack Gmail and eBay. http://www.techweekeurope.co.uk/news/google-apple-dns-hack-defacement-100248 11/26/2012 DNS Hijacking Insufficient Process Validation
Defacement Search Engine
Protecting the rights of those who use internet banking, a state commission upheld a
district forum order and directed a bank to compensate a Navi Mumbai doctor Rs 42,000
2012-420 WHID 2012-420: Bank told to pay 42 thousand to man whose account was hacked after his account was hacked and the money withdrawn. http://articles.timesofindia.indiatimes.com/2012-11-25/mumbai/35347098_1_bank-account-holder-rbi-guidelines 11/25/2012 Stolen Credentials Insufficient AuthenticationMonetary Loss Finance
Computers weren't working right at the Vatican on Wednesday. The loosely-affiliated
international group of hackers known as Anonymous claimed it shut down the Catholic
2012-42 WHID 2012-42: Vatican Website Hacked Church's official website, vatican.va. http://kdrv.com/news/local/240926 3/7/2012 Denial of Service Insufficient Anti-automation
Downtime Religious Vatican City, Italy Yes Denial of Service 1 Unreported Unreported Unreported None NA
Four Greenspun Media Group websites -- lasvegassun.com, lasvegasweekly.com,
vegasinc.com and vegasdeluxe.com -- were temporarily disabled or compromised for
several hours Friday night into Saturday morning, the results of a cyberattack that
2012-419 WHID 2012-419: Las Vegas Sun, sister websites recover from disruptive cyberattack effectively overwhelmed servers that maintain the online media sites. http://www.lasvegassun.com/news/2012/nov/24/attack-disrupts-las-vegas-sun-website-work-under-w/ 11/24/2012 Denial of Service Insufficient Anti-automation
Downtime Media
The Google Pakistan homepage has been apparently hacked by Turkish hackers. If you
2012-418 WHID 2012-418: Google Pakistan website hacked go to google.com.pk, you will find a black page with something written in Turkish. http://ibnlive.in.com/news/google-pakistan-website-hacked/307189-11.html 11/24/2012 Unknown Unknown Defacement Search Engine
A zero-day vulnerability in yahoo.com that lets attackers hijack Yahoo! email accounts and
redirect users to malicious Web sites offers a fascinating glimpse into the underground
market for large-scale exploits. The exploit, being sold for $700 by an Egyptian hacker on
an exclusive cybercrime forum, targets a ‰ÛÏcross-site scripting‰Û (XSS) weakness in
2012-417 WHID 2012-417: Yahoo Email-Stealing Exploit Fetches $700 yahoo.com that lets attackers steal cookies from Yahoo! Webmail users. http://krebsonsecurity.com/2012/11/yahoo-email-stealing-exploit-fetches-700/ 11/23/2012 Cross-site Scripting (XSS)
Improper Output HandlingSession Hijacking Hosting Providers
Users are getting infected with ransomware thanks to criminals managing to hack the DNS
2012-416 WHID 2012-416: Hacked Go Daddy sites infecting users with ransomware records of Go Daddy hosted websites. http://nakedsecurity.sophos.com/2012/11/23/hacked-go-daddy-ransomware/ 11/23/2012 DNS Hijacking Insufficient Process Validation
Planting of Malware Hosting Providers
A group of pro-Palestinian hackers apparently managed to break into the social
networking accounts of Israeli Deputy Prime Minister Silvan Shalom and has promised to
2012-415 WHID 2012-415: Top Israeli Official‰Ûªs Facebook, Twitter Accounts Hacked release a drove of the top official‰Ûªs private emails. http://abcnews.go.com/blogs/headlines/2012/11/top-israeli-officials-facebook-twitter-accounts-hacked/ 11/21/2012 Unknown Unknown Disinformation Social
Hackers tried to steal thousands of pounds of goods from two Lancashire business. The
two businesses discovered hackers had changed the online value of their goods to 1p
before trying to buy the items ‰ÛÒ which included å£2000 of furniture - with a stolen
2012-414 WHID 2012-414: Website hacked changing online prices to 1p credit card http://www.itv.com/news/granada/update/2012-11-21/website-hacked-changing-online-prices-to-1p/ 11/21/2012 Unknown Unknown Monetary Loss Retail United Kingdom
During some hunting on Ebay‰Ûªs subdomains I found an exploitable SQL injection
which I reported to Ebay‰Ûªs security team. It took 20 days until they finally fixed the
2012-413 WHID 2012-413: Exploitable SQLi on Ebay.com exploitable SQL injection. http://blog.majorsecurity.net/2012/11/18/exploitable-sqli-on-ebay-dot-com-analysis/ 11/18/2012 SQL Injection Improper Input Handling Leakage of Information Retail
Insurance Commissioner Ralph Hudgens issued the following statement today concerning
2012-412 WHID 2012-412: Almost 30,000 Georgia Nationwide Insurance Customers Hacked the unauthorized access of Nationwide Insurance‰Û÷s website http://www.wctv.tv/home/headlines/Almost-30000-Georgia-Nationwide-Insurance-Customers-Hacked-180076711.html 11/20/2012 Unknown Unknown Leakage of Information Government
According to XSSed, Shubham Upadhyay has discovered an active XSS flaw affecting
2012-411 WHID 2012-411: Active XSS flaw discovered on eBay Ebay.com. http://www.zdnet.com/active-xss-flaw-discovered-on-ebay-7000007539/ 11/16/2012 Cross-site Scripting (XSS)
Improper Output HandlingSession Hijacking Retail
Hacking collective Anonymous has gone on a hacking spree in protest over attacks on
2012-410 WHID 2012-410: Anonymous takes on Israeli websites, wipes Jerusalem bank Gaza. http://www.zdnet.com/anonymous-takes-on-israeli-websites-wipes-jerusalem-bank-7000007537/ 11/16/2012 Unknown Unknown Defacement Finance
Calling it a "sickness to this world," members of the formless 'hacktivist' group of computer
programmers known as Anonymous declared war on religion on Friday, March 2, hacking
the websites of three Christian organizations all based in and around Charlotte, North
2012-41 WHID 2012-41: Anonymous Hackers Attack Christian Websites, Declare 'Religion Sucks LOL' Carolina. http://www.ibtimes.com/articles/308264/20120302/anonymous-hackers-religion-website-proxy-twitter.htm 3/2/2012 Unknown Unknown Downtime Religious Charlotte, North Carolina
Unreported NA 3 Unreported Unreported Unreported Unreported NA
The hack caused the site's text to be reversed and photos and graphics to rotate
2012-409 WHID 2012-409: New Zealand Herald falls victim to XSS prank clockwise http://www.csoonline.com/article/721785/new-zealand-herald-falls-victim-to-xss-prank 11/15/2012 Cross-site Scripting (XSS)
Improper Output HandlingDefacement Media
Adobe is the latest to have their databases compromised as an Egyptian hacker has
posted links to records of employees from Adobe as well as NASA and the US Military.
The hacker, who goes by the name ‰ÛÏHima,‰Û said he had hacked into Adobe‰Ûªs
server to gather these records before posting them on Pastebin. All told, Hima claims to
have obtained the records for 150,000 Adobe clients and employees redOrbit (http://s.
2012-408 WHID 2012-408: Adobe Servers Compromised, 150,000 Records Leaked tt/1tAg4) http://www.redorbit.com/news/technology/1112732564/adobe-user-records-hacked-hima-111512/ 11/15/2012 SQL Injection Improper Input Handling Leakage of Information Technology
The Pirate Bay is suffering some downtime this morning due to a DDoS attack that
appears to originate from a Twitter user who goes by the handle Zeiko Anonymous. The
connection flood targeted at the site originates from a small botnet and isn‰Ûªt worrying
The Pirate Bay team too much. Instead, the BitTorrent site is taking this opportunity to do
2012-407 WHID 2012-407: DDoS Takes Down The Pirate Bay, isoHunt and Others some database maintenance. http://torrentfreak.com/ddos-takes-down-the-pirate-bay-121113/ 11/13/2012 Denial of Service Insufficient Anti-automation
Downtime Torrent Site
The hacker published more than 600 users' details online, including some passwords in
2012-406 WHID 2012-406: Hacker Darwinare Claims Breach of Amazon UK clear text. http://www.esecurityplanet.com/hackers/hacker-darwinare-claims-breach-of-amazon-uk.html 11/12/2012 SQL Injection Improper Input Handling Leakage of Information Retail
Hackers gained access to several government websites Tuesday, November 13, but not in
2012-405 WHID 2012-405: Hackers add hidden pages to government sites any way average users would notice. http://www.rappler.com/life-and-style/technology/16053-hackers-add-hidden-pages-to-government-sites 11/13/2012 Unknown Unknown Defacement Government
The hackers defaced the page with a statement calling the United Nations 'just a bunch of
2012-404 WHID 2012-404: NullCrew Hackers Hit UNESCO Web Site corrupt nations.' http://www.esecurityplanet.com/hackers/nullcrew-hackers-hit-unesco-web-site.html 11/8/2012 Unknown Unknown Defacement Government
The company denies that 240,000 customer credit card details were stolen, but hackers
2012-403 WHID 2012-403: Pizza Hut hacked, customer info lost, credit card details safe did gain access to customer information. http://www.zdnet.com/au/pizza-hut-hacked-customer-info-lost-credit-card-details-safe-7000007016/ 11/7/2012 SQL Injection Improper Input Handling Leakage of Information Retail
NullCrew remembered the 5th of November by breaking into mod.co.uk and stealing and
dumping more than 3400 email addresses and passwords. While the date of the breach
2012-402 WHID 2012-402: NullCrew hacks MoD ‰ÛÒ leaks thousands of plaintext credentials cannot be verified, it does look as if it happened on the Guy Fawkes anniversary http://www.infosecurity-magazine.com/view/29161/nullcrew-hacks-mod-leaks-thousands-of-plaintext-credentials/ 11/6/2012 SQL Injection Improper Input Handling Leakage of Information Government
Different hacker groups claim to have breached servers belonging to ImageShack,
2012-401 WHID 2012-401: Hackers claim attacks against ImageShack, Symantec, PayPal, other websitesSymantec, PayPal and other organizations. http://www.computerworld.com/s/article/9233262/Hackers_claim_attacks_against_ImageShack_Symantec_PayPal_other_websites?taxonomyId=142 11/5/2012 SQL Injection Improper Input Handling Leakage of Information Technology
hose in search of SNL and 30 Rock clips over at NBC‰Ûªs videos page have been met
with something quite different: a hacked page of weirdness with a surprisingly catchy
soundtrack. It‰Ûªs most prominent website hack we‰Ûªve seen in a while, and also one
2012-400 WHID 2012-400: Hackers Replace NBC Sites With Sm̦rg̴sbord of Hacker Cliches of the least coherent. http://www.gizmodo.co.uk/2012/11/hackers-replace-nbc-sites-with-smorgasbord-of-hacker-cliches/ 11/4/2012 Unknown Unknown Defacement Media
Interpol's website appears to have been the target of a cyber attack following the arrests of
2012-40 WHID 2012-40: Interpol website hacked after arrest of 25 suspected Anonymous members 25 members of the hacking activist group Anonymous. http://www.thejournal.ie/interpol-website-hacked-after-arrest-of-25-suspected-anonymous-members-369043-Feb2012/ 2/28/2012 Denial of Service Insufficient Anti-automation
Downtime Law Enforcement Global Yes Denial of Service 1 Unreported Unreported Unreported None NA
The group of computer hackers known as Anonymous has turned its attention from
corporations long enough to attack and take down over 40 child porn websites run by
2012-4 WHID 2012-4: Hacker Group Anonymous Takes Down Over 40 Child Porn Sites pedophiles. http://www.skyvalleychronicle.com/BREAKING-NEWS/HACKER-GROUP-ANONYMOUS-TAKES-DOWN-OVER-40-CHILD-PORN-SITES-874450 1/10/2012 Unknown Unknown Downtime Hosting Provider South Africa Unknown N/A 40+ Unknown User names 1589
Hackers from the Moroccan Ghosts collective have breached and defaced the website of
2012-399 WHID 2012-399: French Euromillions Lottery Website Hacked, Anti-Gambling Message Posted France‰Ûªs renowned Euromillions lottery (euromillions.fr). http://news.softpedia.com/news/French-Euromillions-Lottery-Website-Hacked-Anti-Gambling-Message-Posted-302742.shtml 10/29/2012 Unknown Unknown Defacement Gaming
The hackers claim to have leveraged an SQL Injection vulnerability in order to gain access
to the databases behind the social.ford.com subdomain. As a result of the breach,
database and table names, customer usernames ‰ÛÒ represented by email addresses
2012-398 WHID 2012-398: Ford Website Hacked by NullCrew, User Credentials Leaked Online ‰ÛÒ and encrypted passwords have been leaked. http://news.softpedia.com/news/Ford-Website-Hacked-by-NullCrew-User-Credentials-Leaked-Online-302688.shtml 10/29/2012 SQL Injection Improper Input Handling Leakage of Information Automotive
By the time the computer crimes office of the U.S. Secret Service discovered a problem
Oct. 10, a foreign hacker had taken a database from the Department of Revenue's
computers exposing 3.6 million Social Security numbers and 387,000 credit and debit card
2012-397 WHID 2012-397: Hacker swipes 3.6M Social Security numbers, other data numbers, one of the largest computer breaches in the state or nation. http://www.usatoday.com/story/news/nation/2012/10/26/hacker-south-caroling-social-security-numbers/1660929/ 10/26/2012 Stolen Credentials Insufficient AuthenticationLeakage of Information Government
Ally Financial Inc on Thursday became the latest U.S. financial institution to face cyber
2012-396 WHID 2012-396: Ally Financial Latest U.S Bank to Face Cyber Attacks attacks that may stem from hackers in Iran. http://www.banktech.com/risk-management/ally-financial-latest-us-bank-to-face-cy/240009394 10/18/2012 Denial of Service Insufficient Anti-automation
Downtime Finance
Hackers have breached servers belonging to the US National Weather Service by
exploiting a vulnerability in the weather.gov website, releasing sensitive data from the
2012-395 WHID 2012-395: National Weather Service website hacked government systems. http://nakedsecurity.sophos.com/2012/10/19/national-weather-service-website-hacked-by-kosovo-hackers-security/ 10/19/2012 Local File Inclusion (LFI)Improper Input Handling Leakage of Information Government
GitHub has been targeted by another DDoS attack that has been successful in causing
2012-394 WHID 2012-394: 'Major interruption' at GitHub as attackers launch DDoS major disruptions for the code sharing site. http://www.zdnet.com/major-interruption-at-github-as-attackers-launch-ddos-7000006030/ 10/19/2012 Denial of Service Insufficient Anti-automation
Downtime Technology
HSBC has blamed a denial of service attack for the downtime of many of its websites
2012-393 WHID 2012-393: HSBC websites fell in DDoS attack last night, bank admits worldwide on Thursday night. http://www.theregister.co.uk/2012/10/19/hsbc_ddos/ 10/19/2012 Denial of Service Insufficient Anti-automation
Downtime Finance
BB&T Corp., a Winston-Salem, N.C.-based bank, acknowledged Oct. 17 that its website
was suffering from intermittent outages related to a distributed denial of service attack.
The $178.5 billion institution is the ninth U.S. bank to be affected by a DDoS strike in the
2012-392 WHID 2012-392: BB&T Site Outages Linked to DDoS last five weeks. http://www.bankinfosecurity.com/bbt-site-outages-linked-to-ddos-a-5208 10/17/2012 Denial of Service Insufficient Anti-automation
Downtime Finance
CYBER criminals tried to swindle unsuspecting holidaymakers out of their money by
2012-391 WHID 2012-391: Hackers target Fairfax holiday site Stayz, altering bank details on listings altering the details of listings on Fairfax's holiday rental website, Stayz.com.au. http://www.theaustralian.com.au/travel/news/hackers-target-fairfax-holiday-site-stayz-altering-bank-details-on-listings/story-e6frg8ro-1226496595089 10/15/2012 Stolen Credentials Insufficient AuthenticationMonetary Loss Travel
The city of Burlington is warning its employees to check their bank accounts after finding
2012-390 WHID 2012-390: Burlington city bank account hacked, $400k stolen out funds have been stolen http://www.komonews.com/news/local/Burlington-city-bank-account-hacked-173966921.html 10/12/2012 Banking Trojan Ins
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
In a show of opposition to a near-complete rare earths processing plant in Malaysia, the
2012-38 WHID 2012-38: Lynas Corp website hacked website of Australian miner Lynas Corporation has been hacked. http://www.freemalaysiatoday.com/2012/02/27/lynas-corp-website-hacked/ 2/26/2012 Denial of Service Insufficient Anti-automation
Downtime Retail Australia Unreported NA 1 Malaysia Unreported Unreported None NA
Wells Fargo has become the latest bank to be targeted by a cyber gang seeking revenge
2012-379 WHID 2012-379: Wells Fargo becomes latest bank to be hacked by cyber gang seeking revengefor
forthe
anti-Islam
anti-Islam
filmfilm
Read
Innocence http://www.dailymail.co.uk/news/article-2209403/Wells-Fargo-reveal-website-hacked-cyber-gang-seeking-revenge-anti-Islam-film.html?ito=feeds-newsxml
more: http://www.dailymail.co.uk/news/article-2209403/Wells-Fargo-reveal-website-hacked-cyber-gang-seeking-revenge-anti-Islam-film.html#ixzz2CoFkyink
of Muslims Follow us: @MailOnline on Twitter | DailyMail on Facebook 9/27/2012 Denial of Service Insufficient Anti-automation
Downtime Finance
A DDoS attack on a bank‰Ûªs website could very well be a precursor to a wire transfer
2012-378 WHID 2012-378: Thieves use DDoS to distract banks during cyber heists raid. http://www.cso.com.au/article/437372/thieves_use_ddos_distract_banks_during_cyber_heists/#closeme 9/25/2012 Banking Trojan Insufficient Process Validation
Monetary Loss Finance
Hackers broke into a subdomain used by the University of Technology, Sydney, over the
weekend, and dumped the contents of a database from an old content management
2012-377 WHID 2012-377: Hackers deface old UTS system, dump user database system. http://www.zdnet.com/au/hackers-deface-old-uts-system-dump-user-database-7000004694/ 9/24/2012 SQL Injection Improper Input Handling Leakage of Information Education
The hackers say they published e-mail addresses and passwords only after their warnings
2012-376 WHID 2012-376: American Chamber of Commerce in France Hacked about a SQL injection error were ignored. http://www.esecurityplanet.com/hackers/american-chamber-of-commerce-in-france-hacked.html 9/21/2012 SQL Injection Improper Input Handling Leakage of Information Government
Hackers accessed personal information of more than 200,000 service members earlier this
2012-375 WHID 2012-375: Hackers Get Personal Data From Navy Website year and posted a sampling of the data online. http://www.military.com/daily-news/2012/09/21/hackers-get-personal-data-from-navy-website.html 9/21/2012 Unknown Unknown Leakage of Information Government
The territorial dispute between Japan and China has escalated into cyberattacks, Japan-
2012-374 WHID 2012-374: Japanese Web sites attacked in tense dispute with China based reports say. http://news.cnet.com/8301-1009_3-57517128-83/japanese-web-sites-attacked-in-tense-dispute-with-china/ 9/20/2012 Denial of Service Insufficient Anti-automation
Downtime Government
Sprint, the mobile carrier that owns Virgin Mobile, claims to have addressed the PIN brute
force attack issue discovered by Kevin Burke. However, the expert claims that more
2012-373 WHID 2012-373: Virgin Mobile PIN Brute Force Attack Issue Addressed by Sprint measures should be implemented. http://news.softpedia.com/news/Virgin-Mobile-PIN-Brute-Force-Attack-Issue-Addressed-by-Sprint-293560.shtml 9/20/2012 Brute Force Insufficient Anti-automation
Leakage of Information Telecommunications
J.P. Morgan Chase (JPM) and NYSE Euronext (NYX) experienced website trouble
Wednesday after being targeted by apparent cyber attacks. The problems come a day
after Bank of America experienced prolonged issues following a separate attack. Read
more: http://www.foxbusiness.com/industries/2012/09/19/chase-website-experiences-
2012-372 WHID 2012-372: Chase, NYSE Websites Targeted in Cyber Attacks intermittent-troubles/#ixzz2CntAd4Pz http://www.foxbusiness.com/industries/2012/09/19/chase-website-experiences-intermittent-troubles/ 9/19/2012 Denial of Service Insufficient Anti-automation
Downtime Finance
The Bank of America website was possibly hacked with customers experiencing
intermittent problems most of Tuesday, the same time an Islamic cyber-terrorist group
2012-371 WHID 2012-371: Bank of America Website Hacked, Islamic Cyber Terrorists Takes Credit threatened to attack the bank, New York Stock Exchange and other U.S. targets. http://www.foodworldnews.com/articles/2197/20120918/bank-of-america-website-hacked-islamic-cyber-terrorists-takes-credit.htm 9/18/2012 Denial of Service Insufficient Anti-automation
Downtime Finance
However, unbeknownst to MicahJ, it was in fact an .exe file possibly complete with a
2012-370 WHID 2012-370: Hacker Steals $140k From Lock Poker Account keylogger program which then accessed all sensitive information on his computer. http://www.onlinepoker.net/poker-news/general-poker-news/hacker-steals-140k-lock-poker-account/16705 9/18/2012 Stolen Credentials Insufficient AuthenticationMonetary Loss Gaming
The AFL is a little embarrassed and users surprised by a message replacing the normal
2012-37 WHID 2012-37: AFL Website Hacked screen. http://www.triplem.com.au/sydney/sport/afl/news/blog/afl-website-hacked-with-demetriou-is-eddies-bitch-message/20120221-fo0o.html 2/21/2012 Unknown Unknown Downtime Sports Australia Unreported NA 1 Unreported Unreported Unreported None NA
Mexican computer hackers have taken over at least ten government and other websites in
2012-369 WHID 2012-369: Mexico hackers hit official websites in cyber protest a political protest marking the country's independence day. http://www.bbc.co.uk/news/world-latin-america-19618459 9/16/2012 Unknown Unknown Defacement Government
A lone hacker has claimed responsibility for an ongoing denial-of-service attack that may
have knocked out millions of websites hosted by world's largest domain registrar
2012-368 WHID 2012-368: GoDaddy stopped by massive DDoS attack GoDaddy. http://www.theregister.co.uk/2012/09/10/godaddy_ddos_attack/ 9/10/2012 Denial of Service Insufficient Anti-automation
Downtime Service Providers
Domino‰Ûªs India website was hacked using the SQL injection method and remote file
inclusion, one of the most common methods for stealing private data from web databases.
Through this, the hacker typically tricks the site‰Ûªs database into revealing data that
2012-367 WHID 2012-367: Dominos' India website hacked, customer info leaked should be hidden by ‰Û÷injecting‰Ûª certain commands. http://business-standard.com/india/news/dominos-india-website-hacked-customer-info-leaked/486057/ 9/11/2012 SQL Injection Improper Input Handling Leakage of Information Retail
"I accidently typed in a wrong case number and saw that I could access other cases.
2012-366 WHID 2012-366: Hacker suspected of stealing scores of court documents Some of them I just passed on to acquaintances. It's what you do today ‰ÛÒ like Twitter." http://www.ynetnews.com/articles/0,7340,L-4279655,00.html 9/10/2012 Predictable Resource Location
Insufficient Authorization Leakage of Information Government
Al Jazeera news network's mobile service was hacked today, as per a report by AFP. This
development comes barely a week after a number of its websites were hacked by Syria‰
2012-365 WHID 2012-365: Al Jazeera‰Ûªs mobile news service hacked Ûªs Assad loyalists, it reported on its website al-jazeera.net. http://tech2.in.com/news/general/al-jazeeras-mobile-news-service-hacked/424632 9/10/2012 Unknown Unknown Disinformation Media
ArenaNet ‰ÛÓ the company behind the massively multiplayer online game ‰ÛÓ has told
players that hackers are actively trying to get into accounts and appear to have cracked
2012-364 WHID 2012-364: Thousands of 'Guild Wars 2' accounts hacked more than 11,000 already. http://www.nbcnews.com/technology/ingame/thousands-guild-wars-2-accounts-hacked-985019 9/6/2012 Stolen Credentials Insufficient AuthenticationAccount Takeover Gaming
A SQL injection attack took down the provincial lobbyist registry site several weeks ago. A
2012-363 WHID 2012-363: Nova Scotia Web site clobbered by virus government spokesperson says viruses sometimes slip through between software updates http://www.itworldcanada.com/news/nova-scotia-web-site-clobbered-by-virus/146080 9/6/2012 Stolen Credentials Improper Input Handling Downtime Government
The US's biggest BitCoin trading exchange, BitFloor, has been forced to temporarily shut
2012-362 WHID 2012-362: Hackers steal $250,000 from BitFloor exchange up shop, after a virtual heist in which the equivalent of $250,000 was stolen. http://www.tgdaily.com/business-and-law-features/65934-hackers-steal-250000-from-bitfloor-exchange 9/5/2012 Unknown Unknown Monetary Loss Finance
"The hackers have published massive amounts of data -- including some e-mail
addresses, usernames and passwords -- allegedly stolen from these Web sites," writes
Softpedia's Eduard Kovacs. "Judging by the files posted on PrivatePaste, it appears that
the attackers once again leveraged SQL Injection vulnerabilities to breach the sites and
2012-361 WHID 2012-361: Anonymous Hackers Hit Siemens, Fujitsu gain access to their databases." http://www.esecurityplanet.com/hackers/anonymous-hackers-hit-siemens-fujitsu.html 9/4/2012 SQL Injection Improper Input Handling Leakage of Information Technology
The website of Qatar-based satellite news network Al Jazeera was apparently hacked on
Tuesday by Syrian government loyalists for what they said was the television channel's
2012-360 WHID 2012-360: Qatar's Al Jazeera website hacked by Syria's Assad loyalists support for the "armed terrorist groups and spreading lies and fabricated news". http://www.reuters.com/article/2012/09/04/us-qatar-jazeera-hacking-idUSBRE8830ZI20120904 9/4/2012 Unknown Unknown Defacement Media
Houston County‰Ûªs official website is indefinitely down for maintenance after being
2012-36 WHID 2012-36: Houston County website hacked, investigation ongoing hacked early Monday morning. http://www2.dothaneagle.com/news/2012/feb/20/houston-county-website-hacked-investigation-ongoin-ar-3266922/ 2/20/2012 Unknown Unknown Downtime Government Houston, TX No NA 1 Unreported Unreported Unreported None NA
A group of hackers known as the Null Crew have laid claim to eight Sony servers, citing
2012-359 WHID 2012-359: Sony Mobile's website hacked the company's notoriously 'lax security.' http://www.afterdawn.com/news/article.cfm/2012/09/03/sony_mobile_s_website_hacked 9/3/2012 SQL Injection Improper Input Handling Leakage of Information Entertainment
Multiple government and media websites in Sweden were taken down today by
coordinated Distributed Denial of Service (DDoS) attacks at around 10AM local time. The
Swedish Armed Forces, Sweden.se, the Swedish Institute, and the Swedish Courts
websites were among those affected. At the time of writing, the first two were down while
the other two were up, but that doesn‰Ûªt mean much as the sites have been going in
2012-358 WHID 2012-358: WikiLeaks supporters take down Swedish government sites with DDOS attacksand out all day. http://thenextweb.com/insider/2012/09/03/wikileaks-supporters-take-swedish-government-sites-ddos-attacks/ 9/3/2012 Denial of Service Insufficient Anti-automation
Downtime Government
A hacker broke into a Berks County manufacturer's computer system and stole nearly
2012-357 WHID 2012-357: Hacker hands Barto manufacturer $190,000 loss $200,000, according to state police. http://readingeagle.com/article.aspx?id=412706 9/3/2012 Banking Trojan Insufficient Process Validation
Monetary Loss Finance
Hackers claiming to be a Philippine chapter of the hacktivist collective Anonymous
defaced the website of the Metropolitan Waterworks and Sewerage System (MWSS) over
2012-356 WHID 2012-356: Hackers deface MWSS site over high water rates the weekend, supposedly over unjustified high charges by the agency's concessionaires. http://www.gmanetwork.com/news/story/272170/scitech/technology/hackers-deface-mwss-site-over-high-water-rates 9/1/2012 Unknown Unknown Defacement Government
Hertfordshire Constabulary ‰Ûªs website has been hacked and data from it published on
2012-355 WHID 2012-355: Data stolen after Hertfordshire Constabulary website hacked internet by activists thought to be linked with WikiLeaks founder Julian Assange. http://www.times-series.co.uk/news/9905085.Data_stolen_after_Hertfordshire_Constabulary_website_hacked/ 9/1/2012 Unknown Unknown Leakage of Information Government
Investigation is now underway into whether a computer programmer allegedly stole
proprietary information from the automaker Toyota and ‰ÛÏsabotaged‰Û the
2012-354 WHID 2012-354: Toyota Employee Allegedly Hacked, Stole Confidential Information company‰Ûªs supplier computer network after being terminated last week. http://threatpost.com/en_us/blogs/toyota-employee-allegedly-hacked-stole-confidential-information-083112 8/31/2012 Stolen Credentials Insufficient AuthenticationLeakage of Information Automotive
On 24th and 29th August respectively both Cambridge University and Africa College
Leeds (a research partnership affiliated to the University of Leeds working to improve food
2012-353 WHID 2012-353: University IT blunder sparks hacking fears sources in sub-Saharan Africa) websites were infiltrated by hackers. http://oxfordstudent.com/2012/08/31/university-computer-systems-hacked/ 8/31/2012 Unknown Unknown Leakage of Information Education
Arabic Service reports are confirming hacking of a London NHS trust, which was down for
a night reading the message: Group HP-Hack in red letters with displayed images of the
2012-352 WHID 2012-352: Hacker‰Ûªs Overnight Attack South London Healthcare NHS Trust's Website Syrian civil war. http://topnews.ae/content/212832-hacker-s-overnight-attack-south-london-healthcare-nhs-trusts-website 8/30/2012 Unknown Unknown Defacement Healthcare
"Our investigation has indicated that his account was accessed by an unknown third party.
Our fraud detection systems recognised the threat, meaning that no money was able to be
2012-351 WHID 2012-351: Hacker makes abusive bank account attack withdrawn. http://www.eveningtimes.co.uk/news/hacker-makes-abusive-bank-account-attack.18721478 8/29/2012 Unknown Unknown Defacement Finance
We're seeing an uptick in reports of account theft and attempted account theft. We believe
hackers are using databases of email addresses and passwords stolen from other games
and web sites, and pre-existing trojan horses, to search for matching Guild Wars 2
accounts which they attempt to compromise. To prevent this, we have temporarily
disabled the 'reset password' feature, and we're working to bring email authentication
2012-350 WHID 2012-350: Guild Wars 2 Accounts Hacked online http://www.esecurityplanet.com/hackers/guild-wars-2-accounts-hacked.html 8/30/2012 Stolen Credentials Insufficient AuthenticationAccount Takeover Gaming
The Herald website, www.herald.co.zw, was compromised and used to host links to
2012-35 WHID 2012-35: The Herald website hacked, used to propagate pornography pornography sites. http://www.techzim.co.zw/2012/02/the-herald-website-hacked-used-to-propagate-pornography/ 2/15/2012 Unknown Unknown Spam Media Zimbabwe Unreported NA 1 Unreported Unreported Unreported None NA
The Churchill Square website has been displaying links to sexual enhancement drugs and
2012-349 WHID 2012-349: Brighton shopping centre website hacked hair loss treatment after being hacked. http://www.theargus.co.uk/news/9901746.Sex__drugs_and_hair_loss_links_on_hacked_Brighton_shopping_centre_website/?ref=nt 8/30/2012 Unknown Unknown Spam Links Retail
Screenshot: A message on the hacked website of the Heyuan City Public Security
Department, in Guangdong Province, says ‰ÛÏthe Chinese Communist Party deserves a
terrible death.‰Û The website was hacked from between Aug. 22 and Aug. 27, when it
2012-348 WHID 2012-348: Guangdong PSB Website Hacked was taken down and repaired. (Aboluowang.com) http://www.theepochtimes.com/n2/china-news/guangdong-psb-website-hacked-cheering-netizens-285263.html 8/28/2012 Unknown Unknown Defacement Government
A London NHS trust had to take down its website after it was hacked. A message was
written in Arabic on the South London Healthcare NHS Trust (SLHT) website on
2012-347 WHID 2012-347: South London Healthcare NHS Trust's website hacked Wednesday night. http://www.bbc.co.uk/news/uk-england-london-19413427 8/29/2012 Unknown Unknown Defacement Healthcare
Supporters of the Syrian government hacked the website of Amnesty International, posting
2012-346 WHID 2012-346: Amnesty International Website Hacked items that falsely accused the rebels of a string of atrocities. http://www.northjersey.com/news/international/167726365_Amnesty_International_Website_Hacked.html?page=all 8/28/2012 Unknown Unknown Disinformation Blogs
Hacker collective Team GhostShell leaked a cache of more than one million user account
2012-345 WHID 2012-345: 1 MILLION accounts leaked in megahack on banks, websites records from 100 websites over the weekend. http://www.theregister.co.uk/2012/08/28/team_ghostshell_megahack/ 8/28/2012 SQL Injection Improper Input Handling Leakage of Information Finance Yes
2012-344 WHID 2012-344: GOVT HACKED OFF BY WEB BUG Last weekend the website www.gibraltar.gov.gi was hacked, albeit for a brief time. http://www.chronicle.gi/headlines_details.php?id=25802 8/23/2012 Unknown Unknown Defacement Government
Student records may have been among information exposed during a breach at Memorial
2012-343 WHID 2012-343: MUN business school website hacked University's business school website, according to officials. http://www.cbc.ca/news/canada/newfoundland-labrador/story/2012/08/23/nl-mun-business-website-hack-823.html 8/24/2012 Unknown Unknown Leakage of Information Education
"Significantly, the SQL injection inquiries that were contained in the web server logs
match exactly the SQL inquires posted on the Hack Forums by Knudson and the others,"
the complaint states. "Structured Query Language," or SQL, refers to questions written
2012-342 WHID 2012-342: Adventists Claim Hacker Swiped Manuscripts in database language intended to extract the contents of the database, the Adventists say. http://www.courthousenews.com/2012/08/22/49525.htm 8/22/2012 SQL Injection Improper Input Handling Leakage of Information Religion
A group calling itself r00tbeer claims responsibility for the attack, which forced AMD to
2012-341 WHID 2012-341: AMD Blog Site Hacked, Usernames, Encrypted Passwords Stolen take the site offline and to change all the passwords. http://www.eweek.com/c/a/Security/AMD-Blog-Site-Hacked-Usernames-Passwords-Stolen-794445/ 8/20/2012 Unknown Unknown Leakage of Information Blogs
Police Sgt. Jay Junghans said it appeared that someone had hacked into the nonprofit‰
2012-340 WHID 2012-34: Nonprofit reports hacker's theft from payroll system Ûªs payroll system and made a fraudulent entry. http://cjonline.com/news/2012-08-17/nonprofit-reports-hackers-theft-payroll-system 8/17/2012 Unknown Unknown Monetary Loss Government
Reports have emerged that AnonyOps, a website associated with the hacktivist
2012-34 WHID 2012-34: Hackers Hit Anonymous's AnonyOps Website Anonymous collective, has been defaced by the hacker Exotz. http://www.ibtimes.co.uk/articles/298417/20120214/hackers-hit-anonymous-anonyops-website.htm 2/14/2012 Unknown Unknown Defacement Hacktivism New York Unreported NA 1 Unreported Unreported Unreported None NA
A website curated by local activists was up and running again after being hacked by
someone leaving a message about "dirty hippies," the group said in an email to supporters
2012-339 WHID 2012-339: Activist website hacked, called 'dirty hippies' Thursday. http://www.utsandiego.com/news/2012/aug/16/activist-website-hacked-called-dirty-hippies/ 8/16/2012 Unknown Unknown Defacement Politics
The Ugandan prime minister's website was attacked by hackers on Tuesday and
2012-338 WHID 2012-338: Ugandan Prime Minister's Website Hacked Wednesday, a government official has confirmed to the BBC. http://reason.com/24-7/2012/08/17/ugandan-prime-ministers-website-hacked 8/17/2012 Unknown Unknown Defacement Government
The website welcomed surfers with the picture of a wrecked plane captioned that it was of
a crashin Mumbai with at least 1,000 casualties. But as they scrolled down the page, it
2012-337 WHID 2012-337: Airport website hacked by ‰Û÷neighbour‰Ûª was revealed that is was a joke. http://www.dnaindia.com/mumbai/report_airport-website-hacked-by-neighbour_1728906 8/17/2012 Unknown Unknown Defacement Government
UK-based news agency Reuters has fallen victim to computer hackers for the third time in
a month, with an article falsely claiming that Saudi Arabia's Foreign Minister Saud al-
2012-336 WHID 2012-336: Reuters website ‰Û÷hacked‰Ûª for third time in month Faisal had died. http://zeenews.india.com/news/world/reuters-website-hacked-for-third-time-in-month_794183.html 8/17/2012 Unknown Unknown Disinformation Media
The Kremlin-funded channel, which featured Julian Assange as a talk-show host, says it
has come under denial-of-service attack. Antileaks says it's responsible, but the timing
2012-335 WHID 2012-335: Russia Today hit by DDoS as anti-Wikileaks group claims responsibility could more to do with the Pussy Riot verdict than Wikileaks. http://www.zdnet.com/russia-today-hit-by-ddos-as-anti-wikileaks-group-claims-responsibility-7000002794/ 8/17/2012 Denial of Service Insufficient Anti-automation
Downtime Media
A distributed denial-of-service attack aimed at AT&T's DNS (Domain Name System)
2012-334 WHID 2012-334: AT&T Hit by DDoS Attack, Suffers DNS Outage servers has disrupted data traffic for some of the company's customers. http://www.pcworld.com/article/260940/atandt_hit_by_ddos_attack_suffers_dns_outage.html 8/15/2012 Denial of Service Insufficient Anti-automation
Downtime Service Providers
2012-333 WHID 2012-333: RUTracker Hacked The Russian BitTorrent tracker RUTracker was recently hit by hackers. http://www.esecurityplanet.com/hackers/rutracker-hacked.html 8/15/2012 DNS Hijacking Insufficient Authorization Defacement Torrent Site
A group of some Indian internet hackers ‰ÛÒ the Indian Tigers ‰ÛÒ broke into the
2012-332 WHID 2012-332: Indian hackers break into LDA website website of the Lahore Development Authority (LDA) on Tuesday and hacked it. http://www.pakistantoday.com.pk/2012/08/15/city/lahore/indian-hackers-break-into-lda-website/ 8/15/2012 Unknown Unknown Defacement Government
The Reuters news agency says hackers have broken into one of its websites for the
second time in two weeks and posted a false story saying Saudi Arabia's foreign minister
2012-331 WHID 2012-331: Reuters Hacked With Fake Story About Saudi Arabia's Foreign Minister had died. http://www.huffingtonpost.com/2012/08/15/reuters-hacked-saudi-arabia-syria_n_1778525.html 8/15/2012 Unknown Unknown Disinformation Media
Trinamool Congress' website was today hacked with the hackers posting on it a quote
2012-330 WHID 2012-330: TMC Website Hacked, Declares Mamata a Maoist from party chief Mamata Banerjee that she is a Maoist. http://news.outlookindia.com/items.aspx?artid=772006 8/14/2012 Unknown Unknown Defacement Governmanet India
Other websites of large Israeli institutions and businesses were also attacked yesterday.
2012-33 WHID 2012-33: Hackers hit Israel Prime Minister Office website Attacks could be a prelude to a further, broader attack today. http://www.haaretz.com/business/hackers-hit-israel-prime-minister-office-website-1.412769 2/13/2012 Denial of Service Insufficient Anti-automation
Downtime Government Israel Yes Distributed Denial of Service 1 UNreported Unreported Unreported None NA
The Bellevue Public Schools had to take down its website this week, just before school
resumes on Tuesday. The website was infected with a virus on July 31 and information
2012-329 WHID 2012-329: Bellevue Public Schools website hacked technology workers have been unable to ‰ÛÏcure‰Û it. http://www.omaha.com/article/20120810/NEWS/708119942/1707 8/10/2012 Unknown Unknown Planting of Malware Education
While users who post unencrypted photos on Photobucket can make their albums
password protected, individual photos, even in a private album, can be shared with others
through a direct web link or URL. Read more: http://www.wptv.
com/dpp/news/science_tech/photobucket-hacked-fusking-software-used-to-gain-access-
2012-328 WHID 2012-328: Photobucket hacked: 'Fusking' software used to gain access to private images to-private-images#ixzz2ClvRY6iA http://www.wptv.com/dpp/news/science_tech/photobucket-hacked-fusking-software-used-to-gain-access-to-private-images
Read more: http://www.wptv.com/dpp/news/science_tech/photobucket-hacked-fusking-software-used-to-gain-access-to-private-images#ixzz2ClvGraiL 8/10/2012 Predictable Resource Location
Insufficient Authorization Leakage of Information Social
Blizzard announced on its website last night that its security team uncovered
2012-327 WHID 2012-327: Blizzard's Battle.net Servers Hacked, User Info Stolen "unauthorized and illegal access" to Blizzard's internal network. http://www.pcmag.com/article2/0,2817,2408311,00.asp 8/10/2012 Unknown Unknown Leakage of Information Gaming
ACTIVIST group Anonymous says it has successfully knocked offline the public website of
2012-326 WHID 2012-326: Hacking group Anonymous targets ASIO, DSD websites Australia's domestic spy agency, the Australian Security Intelligence Organisation (ASIO) http://www.heraldsun.com.au/technology/anonymous-targets-asio-website/story-fn7celvh-1226447969866 8/11/2012 Denial of Service Insufficient Anti-automation
Downtime Government
A massive distributed denial of service (DDoS) attack that peaked at 45 million packets
2012-325 WHID 2012-325: Massive DDoS attack hits Chechen news agency per second (pps) has smashed into the Chechen internet news agency Kavkaz Center. http://www.scmagazine.com.au/News/311528,massive-ddos-attack-hits-chechen-news-agency.aspx 8/10/2012 Denial of Service Insufficient Anti-automation
Downtime Media
Hackers have broken into a website of the Australian Institute of Business Brokers and
2012-324 WHID 2012-324: Australian Institute of Business Brokers hacked published 260 user login credentials on the internet. http://www.scmagazine.com.au/News/311387,australian-institute-of-business-brokers-hacked.aspx 8/9/2012 Unknown Unknown Leakage of Information Finance
The city of Haines City's governmental website has returned after being down after it was
2012-323 WHID 2012-323: Haines City government website returns after being hacked hacked. http://www.baynews9.com/content/news/baynews9/news/article.html/content/news/articles/bn9/2012/8/8/haines_city_governme.html 8/8/2012 Unknown Unknown Defacement Government
Researchers have uncovered another in an ongoing series of targeted attacks against
government agencies and activists, this time an attack that compromised a pair of
Nepalese government web sites with code that exploits a Java vulnerability to install a
2012-322 WHID 2012-322: Nepalese Government Sites Hacked, Serving Zegost Malware backdoor on vistors' machines. http://threatpost.com/en_us/blogs/nepalese-government-sites-hacked-serving-zegost-malware-080812 8/8/2012 Unknown Unknown Planting of Malware Government
The website of the Metropolitan Waterworks and Sewerage System (MWSS) was defaced
2012-321 WHID 2012-321: MWSS website defaced by hackers claiming 'Anonymous' link Thursday by hackers claiming links or solidarity with the 'Anonymous' network. http://www.gmanetwork.com/news/story/269071/scitech/technology/mwss-website-defaced-by-hackers-claiming-anonymous-link 8/10/2012 Unknown Unknown Defacement Government
In retaliation to Demonoid's demise, Anonymous has begun its own denial of service
2012-320 WHID 2012-320: Anonymous attacks Ukrainian government after Demonoid bust attacks against the Ukrainian government. http://www.zdnet.com/anonymous-attacks-ukrainian-government-after-demonoid-bust-7000002348/ 8/8/2012 Denial of Service Insufficient Anti-automation
Downtime Government Ukrain
Hacktivist group Anonymous has claimed responsibility for a series of distributed denial of
2012-32 WHID 2012-32: Anonymous takes down Greek sites in support of Athens protests service (DDoS) attacks on Greek government sites. http://www.v3.co.uk/v3-uk/news/2152195/anonymous-takes-greek-sites-support-athens-protests 2/13/2012 Denial of Service Insufficient Anti-automation
Downtime Government Greece Yes Distributed Denial of Service
Multiple Unreported Unreported Unreported None NA
Hackers broke into the website of the Burmese Information Ministry on Tuesday, posting a
threatening message to the Burmese government which said in part, ‰ÛÏStop the killing
2012-319 WHID 2012-319: Website of Burmese Information Ministry hacked of Muslims.‰Û http://www.mizzima.com/news/inside-burma/7708-website-of-burmese-information-ministry-hacked.html 8/8/2012 Unknown Unknown Defacement Government
Mohammed Hamdan, UFree network chairman, said that UFree website was hacked by
2012-318 WHID 2012-318: UFree Network website hacked by Israeli hackers‰Ûª team Israeli hackers‰Ûª team, which totally paralyzed the website. http://www.scoop.co.nz/stories/WO1208/S00153/ufree-network-website-hacked-by-israeli-hackers-team.htm 8/8/2012 Unknown Unknown Defacement Politics
Global eSolutions (Hong Kong) Limited, a provider of trade execution technology via
personal computer and mobile devices, saw one of its clients, an online foreign exchange
(FX) and contracts for difference (CFD) trading firm headquartered in the UK, become a
target after management did not respond to a ransom demand from cybercriminals.
Initially, Layer 3 and Layer 4 volumetric floods interrupted web site availability for
approximately four hours. A second, more damaging Layer 7 attack occurred three weeks
2012-317 WHID 20120-317: FX Broker Suffers DDoS Attack later, rendering the trading platform almost inaccessible to online traders. http://www.waterstechnology.com/sell-side-technology/news/2197260/hong-kong-broker-suffers-ddos-attack-turns-to-prolexic 8/7/2012 Denial of Service Insufficient Anti-automation
Monetary Loss Finance Hong Kong
A hacker has just brought down the website of VinaCapital Group, the parent company of
2012-316 WHID 2012-316: VinaCapital Group website hacked one of Vietnam‰Ûªs largest tech investment fund. http://e27.sg/2012/08/07/vinacapital-group-website-hacked/ 8/7/2012 Unknown Unknown Defacement Finance
The Reuters news service suffered a second successful hacker attack this weekend, just
2012-316 WHID 2012-316: Reuters hacked twice in 48 hours; pro-Syrian government stories, Tweets posted
48 hours after a computer intruder was able to post fake news stories on its web site. http://redtape.nbcnews.com/_news/2012/08/03/13106396-reuters-hacked-twice-in-48-hours-pro-syrian-government-stories-tweets-posted 8/3/2012 Unknown Unknown Disinformation Social
The weak link in the security chain turned out to be the seven digit alphanumeric password
2012-315 WHID 2012-315: How @Gizmodo Got Hacked and How You Should Defend Yourself to our good buddy and former contributor Mat Honan's iCloud account. http://gizmodo.com/5931828/how-gizmodo-got-hacked-and-how-you-should-defend-yourself 8/4/2012 Brute Force Insufficient AuthenticationDisinformation Social
Thomson Reuters Corp. said Friday that its blogging platform for Reuters News was
hacked, resulting in multiple false posts to its website, including a fake interview with a
2012-314 WHID 2012-314: Reuters News Site Hacked Syrian rebel army leader. http://online.wsj.com/article/SB10000872396390443687504577567283653306226.html 8/3/2012 Unknown Unknown Disinformation Media
The Facebook pages of the New York Yankees, Chicago Cubs and several other Major
2012-313 WHID 2012-313: Yanks, Cubs, other MLB team Facebook pages hacked League Baseball clubs have been restored after briefly being hacked. http://sports.yahoo.com/news/yanks-cubs-other-mlb-team-152805142--mlb.html 8/3/2012 Unknown Unknown Disinformation Social
This week, though, users are reporting redirects from the Demonoid URL to an ad
2012-312 WHID 2012-312: Demonoid redirecting to malware after DDoS attack network, some of which are serving up a dose of malware. http://www.cnet.com.au/demonoid-redirecting-to-malware-after-ddos-attack-339340995.htm 8/3/2012 Unknown Unknown Planting of Malware Torrent Site
In an explanatory blog post, Dropbox today said a stolen password was "used to access
an employee Dropbox account containing a project document with user email addresses."
Hackers apparently started spamming those addresses, although there‰Ûªs no indication
2012-311 WHID 2012-311: Dropbox confirms it got hacked that user passwords were revealed as well. http://arstechnica.com/security/2012/07/dropbox-confirms-it-got-hacked-will-offer-two-factor-authentication/ 7/31/2012 Stolen Credentials Insufficient AuthenticationLeakage of Information Technology
The Daily Caller is offering a gun as a reward for finding the person who hacked the
2012-310 WHID 2012-310: Daily Caller Hacked: Banner Replaced With Porn Ad website with porn ads. http://www.huffingtonpost.com/2012/07/30/daily-caller-hacked-porn-ads_n_1720830.html 7/30/2012 Unknown Unknown Defacement Politics
Stock market operator Bursa Malaysia Bhd's website was the target of a distributed denial
of service attack (DDoS), whereby the site was overloaded with excess traffic from
2012-31 WHID 2012-31: Bursa website target of DDoS attack multiple sources. http://biz.thestar.com.my/news/story.asp?file=/2012/2/14/business/20120214091735&sec=business 2/13/2012 Denial of Service Insufficient Anti-automation
Downtime Finance Malaysia Yes Distributed Denial of Service 1 Unreported Unreported Unreported None NA
The website of private TV channel NewsOne was hacked in an attempt ‰ÛÏto open the
eyes of Pakistanis as well as the media personnel‰Û towards the killings of Rohingya
Muslims in Myanmar, reported ProPakistani on Tuesday. However, the site has been
2012-309 WHID 2012-309: NewsOne website hacked for media‰Ûªs ‰Û÷inadequate coverage of Burmarecovered killings‰Ûª now. http://tribune.com.pk/story/415403/newsone-website-hacked-for-medias-inadequate-coverage-of-burma-killings/ 7/31/2012 Unknown Unknown Defacement Media
KT Corp., South Korea's No. 2 wireless service provider, apologized on Sunday after
2012-308 WHID 2012-308: Data of 8.7 million KT subscribers hacked in South Korea personal data of millions of mobile phone subscribers was hacked. http://in.reuters.com/article/2012/07/29/us-korea-hacking-idINBRE86S01Y20120729 7/29/2012 Unknown Unknown Leakage of Information Service Providers South Korea
Demonoid, one of the biggest torrent sites around, has been taken down by a massive
Distributed Denial of Service (DDoS) attack. The website has been hit many times before,
2012-307 WHID 2012-307: Demonoid hit by DDoS attack and this outage is another one that will take quite a while to resolve. http://www.zdnet.com/demonoid-hit-by-ddos-attack-7000001732/ 7/27/2012 Denial of Service Insufficient Anti-automation
Downtime Torrent Site
AAPT has confirmed a breach of systems held at an external service provider that saw
2012-306 WHID 2012-306: AAPT hacked some of the telco's "business customer data" compromised. http://www.scmagazine.com.au/News/309922,confirmed-aapt-hacked.aspx 7/26/2012 Unknown Unknown Leakage of Information Service Providers
Last Friday, 3F‰Ûªs website was shutdown after a so-called DDoS attack in which the
site was flooded with traffic causing a virtual traffic jam and rendering the site inaccessible
2012-305 WHID 2012-305: Union website shut by Anonymous ‰Û÷hacktivist‰Ûª for legitimate users. http://cphpost.dk/news/national/union-website-shut-anonymous-%E2%80%98hacktivist%E2%80%99 7/25/2012 Denial of Service Insufficient Anti-automation
Downtime Politics
Cloud services provider Zerigo has lost at least one client after its DNS servers suffered a
2012-304 WHID 2012-304: Zerigo falls victim to DDoS attackers ‰ÛÏsustained‰Û distributed denial of service (DDoS) attack. http://www.cloudpro.co.uk/cloud-essentials/general/4171/zerigo-falls-victim-ddos-attackers 7/25/2012 Denial of Service Insufficient Anti-automation
Downtime Hosting Provider
International hacking group Anonymous took at least 10 Australian government websites
offline briefly Tuesday in a series of escalating attacks over proposed changes to privacy
laws. Read more: http://www.foxnews.com/tech/2012/07/24/anonymous-hackers-cripple-
2012-303 WHID 2012-303: Anonymous hackers cripple Australian gov't websites australian-govt-websites/#ixzz2ChlstWvb http://www.foxnews.com/tech/2012/07/24/anonymous-hackers-cripple-australian-govt-websites/ 7/24/2012 Denial of Service Insufficient Anti-automation
Downtime Government Australia
The hacker group Anonymous managed to hack the Freedom Party website and switched
2012-302 WHID 2012-302: FPÌÐ website hacked by Anonymous the usual content of the site with a protest against the EU Monitoring Project INDECT. http://austrianindependent.com/news/Politics/2012-07-23/11758/FP%D6_website_hacked_by_Anonymous. 7/23/2012 Unknown Unknown Defacement Politics Austria
The official website of Chinmaya Vidyalaya, a prominent school in the city, has been
2012-301 WHID 2012-301: Bokaro school website hacked hacked recently. http://articles.timesofindia.indiatimes.com/2012-07-24/ranchi/32826694_1_website-chinmaya-vidyalaya-bokaro 7/24/2012 Unknown Unknown Data Loss Education India
Four months after the gaming site Gamigo warned users about a hacker intrusion that
accessed some portions of its users‰Ûª credentials, more than 8 million usernames,
emails and and encrypted passwords from the site have been published on the Web,
2012-300 WHID 2012-300: Eight Million Email Addresses And Passwords Spilled From Gaming Site Gamigo according
Months toAfter
theHacker
data breach
Breachalert service PwnedList. http://www.forbes.com/sites/andygreenberg/2012/07/23/eight-million-passwords-spilled-from-gaming-site-gamigo-months-after-breach/ 7/23/2012 Unknown Unknown Leakage of Information Gaming
A U.S. security company whose tear gas has been used against Egyptian demonstrators
has become the latest victim of the Anonymous movement, hackers claimed Tuesday.A U.
S. seA U.S. security company whose tear gas has been used against Egyptian
demonstrators has become the latest victim of the Anonymous movement, hackers
claimed Tuesday. curity company whose tear gas has been used against Egyptian
demonstrators has become the latest victim of the Anonymous movement, hackers
2012-30 WHID 2012-30: Hackers Claim Attack on American Tear Gas Company claimed Tuesday. http://abcnews.go.com/International/wireStory/hackers-claim-attack-american-tear-gas-company-15579671#.TzsfFUxSS_c 2/14/2012 Unknown Unknown Leakage of Information Retail Florida Unreported NA 1 Unreported Unreported Unreported User names and
Unreported
passwords
Popular text file sharing service Pastebin.com has returned online following a denial of
2012-3 WHID 2012-3: Pastebin on the mend after DDoS battering service attack on Tuesday. http://www.theregister.co.uk/2012/01/04/pastebin_ddos_recovery/ 1/3/2012 Denial of Service Insufficient Anti-automation
Downtime Information Los Angeles, CA Unknown N/A 1 Unknown File Sharing
Pinterest has been locking user accounts due to suspicious activity, after a string of
disappearing or changed user data. But as the source of the security breach is still being
determined, users are advised to keep their passwords unique and to make sure they
2012-299 WHID 2012-299: Pinterest Locks Out Hacked Accounts, Investigates Security Breach don't fall victim to social engineering attacks. http://www.cmswire.com/cms/customer-experience/pinterest-locks-out-hacked-accounts-investigates-security-breach-016607.php 7/20/2012 Unknown Unknown Account Takeover Social
Hackers broke into climate change emails sent by scientists at the University of East
2012-299 WHID 2012-299: Hackers breached password security to steal UEA climate change emails Anglia (UEA) on at least three occasions, a senior investigating officer revealed today. http://www.eveningnews24.co.uk/news/hackers_breached_password_security_to_steal_uea_climate_change_emails_1_1452449 7/19/2012 Abuse of Functionality Insufficient Password Recovery
Account Takeover Education
A Pennsylvania woman allegedly changed her children's grades after logging into a
school computer system using passwords obtained when she worked for the district.
Read more: http://www.foxnews.com/us/2012/07/19/pennsylvania-mom-allegedly-hacked-
2012-298 WHID 2012-298: Pennsylvania mom allegedly hacked school website to change kids' grades school-website-to-change-kids-grades/#ixzz2ChbzMl3Z http://www.foxnews.com/us/2012/07/19/pennsylvania-mom-allegedly-hacked-school-website-to-change-kids-grades/ 7/19/2012 Stolen Credentials Insufficient AuthenticationFraud Education
Team GhostShell leaked what it said was 50,000 user accounts for an online jobs board
that focuses on Wall Street. The site, ITWallStreet.com, allows users to upload their
2012-297 WHID 2012-297: Hackers Claim Wall Street Resume Leak resumes for searching by recruiters. http://www.informationweek.com/security/attacks/hackers-claim-wall-street-resume-leak/240004023 7/19/2012 Unknown Unknown Leakage of Information Technology
As events in Syria inch ever closer to a critical mass, Anonymous has hit the pro-Syrian
hackers, the Syrian Electronic Army. Anonymous just announced that they have taken
2012-296 WHID 2012-296: Tango Down: Anonymous takes down Syrian hackers‰Ûª website down the SEA‰Ûªs website with a DDoS attack. http://www.deathandtaxesmag.com/186003/tango-down-anonymous-takes-down-syrian-hackers-website/ 7/18/2012 Denial of Service Insufficient Anti-automation
Downtime Blog
Nike Hacker Brad Stephenson went on a shopping spree for 5 months after he found a
loophole in one of Nike's websites‰Û_ until the Secret Service caught up with him. Read
more: http://www.virtual-strategy.com/2012/07/17/nike-gets-hacked-brad-stephenson-
80000-sports-gear#ixzz2ChXhise4 Read more at http://www.virtual-strategy.
com/2012/07/17/nike-gets-hacked-brad-stephenson-80000-sports-
2012-295 WHID 2012-295: Nike Gets Hacked by Brad Stephenson for $80,000+ in Sports Gear gear#Bx1UQ6PdmTmmoSvY.99 http://www.virtual-strategy.com/2012/07/17/nike-gets-hacked-brad-stephenson-80000-sports-gear 7/17/2012 Abuse of Functionality Insufficient Process Validation
Fraud Retail
According to a dump from their password database, Billabong stored all passwords in
plain text - presumably this made it easier to tell a user what their password was if they'd
forgotten it. It also made life very easy for any hackers who wished to masquerade as the
2012-294 WHID 2012-294: Billabong website hacked; reveals passwords of 21,000 users users on the site. http://www.itwire.com/business-it-news/security/55708-billabong-website-hacked-reveals-passwords-of-21000-users 7/14/2012 Unknown Unknown Leakage of Information Retail
Add two more websites to the already long list of sites that have been hacked as of late.
Nvidia‰Ûªs developer forum and Phandroid‰Ûªs AndroidForums.com have both been
breached and it is believed that usernames and hashed passwords were among the data
2012-293 WHID 2012-293: Nvidia and Android forums fall victim to hackers stolen during each attack http://www.techspot.com/news/49388-nvidia-and-android-forums-fall-victim-to-hackers.html 7/13/2012 Unknown Unknown Leakage of Information Forums
Microsoft recently fixed an XSS flaw in its Windows Live service that allowed an attacker
to steal victims' online identities. The vulnerability was disclosed by two security
2012-292 WHID 2012-292: Microsoft patches Windows Live identity theft flaw researchers from Morocco. http://www.zdnet.com/microsoft-patches-windows-live-identity-theft-flaw-7000000832/ 7/12/2012 Cross-site Scripting (XSS)
Improper Output HandlingSession Hijacking Technology
Some 50,000 websites have been compromised as part of a sustained iframe injection
attack campaign targeting vulnerable plug-ins for web servers and content management
2012-291 WHID 2012-291: 50,000 sites compromised in sustained attack systems. http://www.scmagazine.com.au/News/308164,50000-sites-compromised-in-sustained-attack.aspx 7/10/2012 SQL Injection Improper Input Handling Planting of Malware Blogs
Social networking site Formspring said Tuesday that it was disabling nearly 30 million
registered users‰Ûª passwords after hundreds of thousands of them were leaked to the
2012-290 WHID 2012-290: Social site Formspring hacked, passwords disabled Web in their encrypted form. http://www.boston.com/business/technology/2012/07/11/formspring-site-hacked-passwords-leaked-web/qsm1Ytov74SW6zyuQnG18J/story.html 7/11/2012 Unknown Unknown Leakage of Information Social
An Anonymous-related Twitter channel claimed Friday that the group had successfully
2012-29 WHID 2012-29: CIA Website Hacked, Struggles To Recover taken down the CIA's public-facing website. http://www.informationweek.com/news/security/attacks/232600729 2/10/2012 Denial of Service Insufficient Anti-automation
Downtime Government Washington D.C. Yes Distributed Denial of Service 1 Unreported Unreported Unreported Unreported NA
It has come to light that a group called ‰ÛÏOpIndia‰Û had hacked government servers
and posted large files of complaints received online by the Tamil Nadu police and its
2012-289 WHID 2012-289: State server hacked in ‰Û÷war‰Ûª on graft responses on Anonymous India‰Ûªs Facebook page. http://www.asianage.com/chennai/state-server-hacked-war-graft-644 7/10/2012 Unknown Unknown Leakage of Information Government
Best Buy says some customers' email accounts may have been hacked. The retail giant is
notifying those customers via email, telling them their current passwords have been
2012-288 WHID 2012-288: Best Buy says some customer accounts hacked disabled and asking them to reset their passwords. http://www.nbcnews.com/technology/technolog/best-buy-says-some-customer-accounts-hacked-867048 7/7/2012 Brute Force Insufficient AuthenticationAccount Takeover Retail
A BlackHat presenter has extracted passwords from temporary databases in consumer
2012-287 WHID 2012-287: NetGear routers rooted by SQLi routers including Netgear using SQL Injection attacks. http://www.scmagazine.com.au/News/307818,netgear-routers-rooted-by-sqli.aspx 7/6/2012 SQL Injection Improper Input Handling Leakage of Information Technology
A message was posted to Darrelle Revis‰Ûª Twitter page just after 6:30 p.m. on
Wednesday, in which the star cornerback appeared to curse out agents Neil Schwartz and
Jonathan Feinsod ‰ÛÓ along with business manager John Geiger ‰ÛÓ for ‰ÛÏgetting
2012-286 WHID 2012-286: Jets‰Ûª Darrelle Revis: Trade Tweet Came From Hacker me traded.‰Û http://newyork.cbslocal.com/2012/07/05/jets-darrelle-revis-trade-tweet-came-from-hacker/ 7/5/2012 Unknown Unknown Disinformation Social
The Twitter account of Al-Jazeera's English-language social media show has been hacked
2012-285 WHID 2012-285: Al Jazeera's 'The Stream' Twitter Account Hacked By Assad Supporters by supporters of Syrian President Bashar Assad. http://www.huffingtonpost.com/2012/07/05/al-jazeera-stream-twitter-hacked-assad_n_1651410.html 7/5/2012 Unknown Unknown Disinformation Social
He said voting on the poll jumped from about 100 votes to 4000 in the space of about 24
hours. He said the source of the votes couldn't be traced but said technicians suggested
the source was either a robot or a programme which had been written to continuously vote
2012-284 WHID 2012-284: Hackers skew poll on alcohol reform on one option. http://www.rotoruadailypost.co.nz/news/hackers-skew-poll-on-alcohol-reform/1439503/ 7/3/2012 Automation Insufficient Anti-automation
Disinformation Government
Socialist group RedHack brought down the Turkish Foreign Ministry website on July 3
morning, replacing its contents with pictures showing the Turkish prime minister embracing
2012-283 WHID 2012-283: Hackers take down Turkish Foreign Ministry website former Libyan dictator Muammar Gaddafi and Syrian President Bashar al-Assad. http://www.panarmenian.net/eng/news/114518/Hackers_take_down_Turkish_Foreign_Ministry_website 7/3/2012 Unknown Unknown Defacement Government Turkey
One of Zimbabwe‰Ûªs 3 most read daily newspapers, the Daily News, had its website
hacked yesterday. An email tip we got, and a tweet early Sunday morning say the site was
2012-282 WHID 2012-282: The Daily News website suffers hacking showing the page below instead of the usual content. http://www.techzim.co.zw/2012/07/the-daily-news-website-suffers-hacking/ 7/2/2012 Unknown Unknown Defacement Media Zimbabwe
The Web site of a European aeronautical parts supplier had been hacked and a malicious
2012-281 WHID 2012-281: European aeronautical parts supplier website hacked attack ‰ÛÓ which exploits zero-day Microsoft security vulnerability ‰ÛÓ was planted http://www.thehindubusinessline.com/industry-and-economy/logistics/article3576021.ece?ref=wl_industry-and-economy 6/27/2012 Unknown Unknown Planting of Malware Technology Bangalore, India
HACKERS have broken into a prominent Russian opposition leader's Twitter and email
2012-280 WHID 2012-280: Russian opposition leader's Twitter and email accounts hacked accounts, sending his followers abusive messages. http://www.theaustralian.com.au/australian-it/russian-opposition-leaders-twitter-and-email-accounts-hacked/story-e6frgakx-1226409706806 6/27/2012 Unknown Unknown Disinformation Social
Chinese hackers on Monday attacked Microsoft India's retail website and stole the
usernames and passwords of its customers, forcing the company to shut it down
2012-28 WHID 2012-28: Microsoft India's retail website hacked temporarily. http://www.hindustantimes.com/technology/BusinessComputing-Updates/Microsoft-India-s-retail-website-hacked/SP-Article1-810639.aspx 2/13/2012 Unknown Unknown Leakage of Information Technology India Unreported NA 1 China Microsoft IIS Unreported User names and
Unreported
passwords
The international hackers group Anonymous has launched a series of cyber-attacks
against Japanese government websites in an operation apparently triggered by the
group's displeasure with the recent introduction of stiffer punishments for illegal
2012-279 WHID 2012-279: 'Anonymous' hackers attack govt websites downloads. http://www.yomiuri.co.jp/dy/national/T120627005770.htm 6/28/2012 Denial of Service Insufficient Anti-automation
Downtime Government Japan
But it has now emerged that a gang has been operating for a couple of years, hacking into
the IRCTC website and buying Tatkal tickets even before you could log into the system.

2012-278 WHID 2012-278: Gang hacks IRCTC website and books Tatkal tickets
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
According to ZebraChild / Erawoc Brothers Group, handlers of actor Majid Michel‰Ûªs
official website, the website has been hacked on a grand scale, forcing them to put it
2012-271 WHID 2012-271: Majid Michel‰Ûªs website hacked offline for a while. http://www.ghanaweb.com/GhanaHomePage/NewsArchive/artikel.php?ID=243952 7/6/2012 Malware Injection Unknown Downtime Entertainment Ghana No N/A 1 Unknown Unknown Unknown No N/A
Telecommunications firm Dhiraagu has confirmed that websites in the Maldives have been
2012-270 WHID 2012-270: Maldives websites report denial-of-service (DDoS) cyberattacks targeted in apparent Denial of Service (DDoS) cyberattacks. http://minivannews.com/society/maldives-websites-report-denial-of-service-ddos-cyberattacks-40282 7/4/2012 Denial of Service Insufficient Anti-automation
Downtime Telecommunications Maldives Yes Denial of Service Multiple Unknown Unknown Unknown No N/A
The Daily Mail, one of the UK‰Ûªs leading newspapers, and generally considered to be
2012-27 WHID 2012-27: Teampoison hacktivists deface Daily Mail recipe page politically right of center, has had its website defaced by the Teampoison hacking group. http://www.infosecurity-magazine.com/view/23720/teampoison-hacktivists-deface-daily-mail-recipe-page/ 2/5/2012 Unknown Unknown Defacement Media United Kingdom No NA 1 Unreported Unreported Unreported None NA
Hackers shut down the websites of Colombia's Justice Ministry and a coalition party to
2012-269 WHID 2012-269: Colombian hackers attack govt, political website to protest justice reform protest a widely criticized judicial reform. http://colombiareports.com/colombia-news/news/24736-colombian-hackers-attack-govt-political-website-to-protest-justice-reform.html 6/22/2012 Denial of Service Unknown Downtime Government Columbia, South America
Yes Denial of service 2 Columbia Unknown Unknown None N/A
Hackers claimed to break into the subdomains of two major United States government
2012-268 WHID 2012-268: Hackers hit US Navy, Homeland Security sites agencies, posting what appeared to be stolen data online. http://www.gmanetwork.com/news/story/262936/scitech/technology/hackers-hit-us-navy-homeland-security-sites 6/23/2012 SQL Injection Unknown Leakage of Information Government United States No N/A 2 Unknown Unknown Unknown usernames, passwords,
Unknown email IDs, and security questions and answers.
If any one visits the official Gujarat Government website for Narmada and water supply
2012-267 WHID 2012-267: One more Gujarat government website hacked department one would find it to be forbidden. http://articles.timesofindia.indiatimes.com/2012-06-22/ahmedabad/32368378_1_website-water-supply-state-government 6/22/2012 Unknown Unknown Downtime Government India No N/A 1 Unknown Unknown Unknown None N/A
Two Lebanese government Web sites were hacked Saturday by a group associated with
2012-266 WHID 2012-266: Lebanese government Web sites hacked Anonymous. http://www.upi.com/Top_News/World-News/2012/06/16/Lebanese-government-Web-sites-hacked/UPI-61361339857705/?spt=hs&or=tn 6/16/2012 Unknown Unknown Defacement Government Lebanon, Beirut No N/A 2 Unknown Unknown Unknown None N/A
Anyone who visited Doug Ford's (Ward 2, Etobicoke North) website since at least
2012-265 WHID 2012-265: Doug Ford's website hacked by "Dbuzz" yesterday afternoon didn't get the councillor's usual web presence. http://www.openfile.ca/toronto/blog/2012/doug-fords-website-hacked-dbuzz 6/12/2012 Unknown Unknown Defacement Canadian government Toronto No N/A 1 Unknown Unknown Unknown None N/A
The City of Langley website was hacked by a group calling themselves the
2012-264 WHID 2012-264: Langley City website hacked LatinHackTeam against corruption of the governments. http://www.langleytimes.com/news/158504945.html 6/6/2012 Unknown Unknown Defacement State government Virginia No N/A 1 Unknown Microsoft IIS Unknown None N/A
2012-263 WHID 2012-263: Wawa's Website Hacked Hackers caused problems for Wawa's website, www.wawa.com http://www.cspnet.com/news/technology/articles/update-wawas-website-hacked 6/8/2012 SQL Injection Unknown Defacement Gas sales Pennsylvania No N/A 1 Unknown Microsoft IIS 6.0 Unknown None N/A
2012-262 WHID 2012-262: Vice President Binay‰Ûªs website hacked The website of the Office of the Vice President (OVP) was hacked http://technology.inquirer.net/12081/vice-president-binays-website-hacked 6/12/2012 Unknown Unknown Defacement Government Philippines No N/A 1 Unknown Unknown Unknown None N/A
The websites of Russia's main independent news sources became inaccessible on
Tuesday as protesters gathered in Moscow for a march against President Vladimir Putin's
2012-261 WHID 2012-261: Russian sites go offline as protests begin third Kremlin term. http://www.abs-cbnnews.com/global-filipino/world/06/12/12/russian-sites-go-offline-protests-begin 6/12/2012 Denial of Service Insufficient Anti-automation
Downtime Media Russia Yes Denial of service 4+ Unknown Unknown Unknown None N/A
Hours ahead of its planned protest against certain incidents of internet censorship in India
, hacker collective Anonymous attacked andbroughtdown the website run by Computer
Emergency Response Team India (CERT-I n), the country's premier agency dealing with
2012-260 WHID 2012-260: Govt site taken down in censorship protest cyber security contingencies . http://articles.timesofindia.indiatimes.com/2012-06-10/chennai/32155621_1_opindia-web-censorship-cert 6/10/2012 Denial of Service Insufficient Anti-automation
Downtime Internet Security India Yes Distributed denial of service 1 Unknown Unknown Unknown None NA
RUTracker, Russia‰Ûªs largest BitTorrent tracker, has been dealing with the effects of a
2012-26 WHID 2012-26: Russia‰Ûªs Largest BitTorrent Tracker Under Huge DDoS Attack DDoS attack over the past 48 hours. http://torrentfreak.com/russias-largest-bittorrent-tracker-under-huge-ddos-attack-120208/ 2/6/2012 Denial of Service Insufficient Anti-automation
Downtime Information Russia Yes Denial of service 1 Unreported Unreported Unreported None NA
Anonymous claims to have taken down the website of Telecom Company MTNL yesterday
2012-259 WHID 2012-259: Anonymous all set for June 9 Nation-wide Protests against Censorship via a Distributed Denial of Service (DDoS) attack. http://www.cio.in/news/anonymous-all-set-june-9-nation-wide-protests-against-censorship-269642012 6/7/2012 Denial of Service Unknown Downtime Telekom India Yes Distributed Denial of Service Attack 1 Unknown Unknown Unknown None NA
LinkedIn on Wednesday morning was still unable to confirm reports that 6.5 million user
passwords had been exposed. But Sophos has discovered LinkedIn password information
2012-258 WHID 2012-258: 6.5 Million LinkedIn Passwords May Be In Hands of Hackers posted on a Russian hacker site. http://www.newsfactor.com/news/6-5M-LinkedIn-Passwords-May-Be-Stolen/story.xhtml?story_id=013000G54XRY 6/6/2012 SQL Injection Unknown Leakage of Information Social Networking Mountain View, CA No NA 1 Unknown Apache-Coyote/1.1 Unknown Passwords 6.5 million
A lot of people who did a Google search for UMass Amherst Wednesday morning found
2012-257 WHID 2012-257: UMass website hacked, Google searchers get offer to sell Viagra themselves with a bitter pill to swallow -- and it wasn't blue. http://www.masslive.com/business-news/index.ssf/2012/06/umass_website_hacked_google_searchers_ge.html 6/6/2012 Search Engine Poisoning
Improper Output HandlingSpam United States UniversityMassachusetts No NA 1 Unknown Drupal 7 Unknown Unknown NA
One of the Defence Materiel Organisation's (DMO) websites has been compromised by
hackers, while Panasonic Australia has taken its website down after one of its subdomains
2012-256 WHID 2012-256: Defence, Panasonic hacked and defaced was also hacked and then defaced. http://www.zdnet.com/defence-panasonic-hacked-and-defaced-1339339331/ 6/7/2012 Unknown Unknown Defacement Australian Department ofAustralia
Defense No NA 1 Unknown ASP.NET/ IIS 6.0 Unknown Unknown NA
The websites of Indian government-run communications company Mahanagar Telephone
Nigam and the Internet Service Providers Association of India faced DDoS (distributed
2012-255 WHID 2012-255: Indian ISPs Targeted in Anonymous Censorship Protest denial of service) attacks from Anonymous. http://www.pcworld.com/businesscenter/article/257032/indian_isps_targeted_in_anonymous_censorship_protest.html 6/6/2012 Denial of Service Insufficient Anti-automation
Downtime Internet Service ProviderIndia Yes Distributed Denial of Service
2+ Unknown Unknown Unknown No NA
Independent Apple retailer DigiCape is the victim of a cyber attack, with the company's
2012-254 WHID 2012-254: DigiCape website hacked website hacked. http://technology.iafrica.com/news/technology/798318.html 6/4/2012 Unknown Unknown Defacement Online retail South Africa No NA 1 Unknown PHP and Apache Unknown Unknown NA
Even after a series of government defacements by Anonymous, the website of the Indian
Computer Emergency Response Team website was trolled and defaced by by
2012-253 WHID 2012-253: Cyber watchdog website hacked Anonymous. http://www.deccanchronicle.com/channels/cities/hyderabad/cyber-watchdog-website-hacked-988 6/2/2012 Unknown Unknown Downtime Government India No Defacement 1 Unknown Unknown Unknown None NA
Web-hosting firm eUKHost has been hacked by Pakistani hacking team UrduHack, which
2012-252 WHID 2012-252: Hosting firm suffers 'innocent' intrusion after billing system hacked appeared to have gained access to its billing system. http://www.theregister.co.uk/2012/04/30/eukhost_billing_system_compromise/ 4/30/2012 Unknown Unknown Leakage of Information Hosting Provider
The bug allowed a hacker to reset the password for a Hotmail account, locking out its
owner and giving the attacker access to the inbox. The fix was put together because the
2012-251 WHID 2012-251: Quick fix for Hotmail password bug bug was starting to be actively exploited online. http://www.bbc.co.uk/news/technology-17866897 4/27/2012 Parameter ManipulationInsufficient Password Recovery
Account Takeover Service Providers
Facebook experienced service outages for portions of its 900 million users tonight after the
2012-250 WHID 2012-250: Just like the share price... Facebook goes down after being 'hacked by Anonymous'
social networking site was apparently targeted by hacking group Anonymous. http://www.dailymail.co.uk/sciencetech/article-2153081/Facebook-goes-just-like-share-price--Social-networking-giant-caps-end-week-forget-website-outages-apparently-hacked-Anonymous.html
6/1/2012 Denial of Service Insufficient Anti-automation
Downtime Social Networking United States Yes Distributed denial of service 1 Unknown Unknown Unknown None NA
The website of Vietnam‰Ûªs leading internet security firm, the Hanoi-based Bach Khoa
Internetwork Security Company, has been attacked by hackers, Vietnam News Agency
2012-25 WHID 2012-25: Website of Vietnam's top Internet security firm hacked (VNA) quoted its representative as saying Monday. http://www.thanhniennews.com/index/pages/20120206-vietnam-leading-internet-security-company-hacked.aspx 2/4/2012 Denial of Service Insufficient Anti-automation
Downtime Technology Hanoi, Vietnam Yes Denial of service 1 Unreported Unreported Unreported No NA
Agricultural research institute Rothamsted Research was pulled offline in a DDoS attack
2012-249 WHID 2012-249: Agriboffins' site downed by DDoS after GM protest just hours after police stopped protestors destroying a GM crop trial at the facility. http://www.theregister.co.uk/2012/05/28/rothamsted_site_down_ddos/ 5/28/2012 Denial of Service Unknown Downtime Agriculture research United Kingdom Yes Distributed denial of service 1 Unknown Apache/ PHP Unknown None NA
US Secretary of State Hilary Clinton admitted that cyber experts based at her department
2012-248 WHID 2012-248: Yemeni tribal website hacked by US, divulges Hilary Clinton hacked Yemeni tribal websites, and tracked messages about killing Americans. http://www.globalnewsdesk.co.uk/north-america/us-hacking-al-qaeda/0992/ 5/24/2012 Unknown Unknown Defacement Government Yemin No Site defacement Unknown United StatesUnknown Unknown Unknown Unknown
It appears that 123-reg are having some network problems caused by a distributed denial
2012-247 WHID 2012-247:123-reg outtage caused by DDoS attack from China of service attack from China. http://tamebay.com/2012/05/123-reg-outtage-caused-by-ddos-attack-from-china.html 5/23/2012 Denial of Service Unknown Downtime Web site hosting United Kingdom Yes Distributed denial of service
Unknown
attack China Apache Unknown None NA
2012-246 WHID 2012-246: Web Hosting Control Panel WHMCS Hit by DDoS and Social Engineering Attack
WHMCS experienced a DDoS and social engineering attack this week http://www.thewhir.com/web-hosting-news/web-hosting-control-panel-whmcs-hit-by-ddos-and-social-engineering-attack 5/22/2012 Denial of Service Unknown Downtime Client management United Kingdom Yes Denial of service 1 Unknown Apache Unknown Yes Unknown
The team of the Swiss airplane Solar Impulse warns its supporters that its website was
2012-245 WHID 2012-245: Solar Impulse website hacked hacked http://worldradio.ch/wrs/news/wrsnews/solar-impulse-website-hacked.shtml?30729 5/21/2012 Unknown Unknown Defacement Solar flight Sitzerland No NA 1 Unknown Apache Unknown None NA
Hacktivist group Anonymous continued its attacks on the Indian government and creative
2012-244 WHID 2012-244: Anonymous takes out Indian CERT as attacks continue industries. http://www.theregister.co.uk/2012/05/21/india_anonymous_cert_ddos/ 5/20/2012 Denial of Service Unknown Downtime Government India Yes Distributed denial of service
4+ Unknown Unknown Unknown Unknown NA
The Chicago Police Department website is down, and ‰ÛÏhactivists‰Û from the group
2012-243 WHID 2012-243: Anonymous Hackers Claim to Take Down Chicago Police Website Anonymous are taking credit. http://mashable.com/2012/05/20/anonymous-hackers-police-website/ 5/20/2012 Denial of Service Unknown Downtime Law enforcement Chicago Yes Distributed denial of service 1 Unknown Apache Unknown None NA
Websites belonging to India‰Ûªs Supreme Court, the Ministry of Communications and
Information Technology, the Department of Telecommunications, and both of the nation‰
2012-242 WHID 2012-242: Anonymous Launches Cyberattacks Against India Ûªs political parties were targets of an Anonymous-led hacking attack. http://www.redorbit.com/news/technology/1112538563/anonymous-launches-cyberattacks-against-india/ 5/18/2012 Denial of Service Unknown Downtime Government India Yes Distributed denial of service
6+ Unknown Unknown Unknown Unknown NA
The official website of local cable channel Basketball TV was compromised today, May 18,
2012-241 WHID 2012-241: Basketball TV website hacked by hackers claiming to be Chinese. http://www.rappler.com/nation/5582-btv-website-hacked 5/18/2012 Unknown Unknown Defacement Sports Phillipines No NA 1 China Apache/ PHP Unknown Unknown NA
A group is reportedly targeting websites related to the Eurovision Song Contest in
Azerbaijan in protest at a ‰Û÷parade of homosexuals‰Ûª it believes will take place at
2012-240 WHID 2012-240: Popular Eurovision website hacked in response to ‰Û÷parade of homosexuals‰Ûª
the event. http://www.pinknews.co.uk/2012/05/17/popular-eurovision-website-hacked-in-response-to-parade-of-homosexuals/ 5/17/2012 Denial of Service Unknown Downtime News Australia No NA 1 Unknown PleskLin Unknown None NA
The Salt Lake City police department is asking their tipsters and informants to be careful
2012-24 WHID 2012-24: More fallout; Salt Lake City police website hacked after a hacker compromised their website http://www.abc4.com/content/news/slc/story/More-fallout-Salt-Lake-City-police-website-hacked/PiSspE768UiioitJ3K4gyQ.cspx 2/1/2012 SQL Injection Improper Input Handling Leakage of Information Law Enforcement Salt Lake City, Utah Non NA 1 Unreported Unreported Unreported Unreported Unreported
After the site openly criticized Anonymous last week for DDoS‰Ûªing UK ISP Virgin
2012-239 WHID 2012-239: Pirate Bay Under DDoS Attack From Unknown Enemy Media, The Pirate Bay itself is now under attack. http://torrentfreak.com/pirate-bay-under-ddos-attack-from-unknown-enemy-120516/ 5/16/2012 Denial of Service Unknown Downtime Media web site United Kingdom Yes DDoS 1 Unknown lighttpd/ PHP Unknown None NA
The UK's Information Commissioner's Office website has been blown offline by a
distributed-denial-of-service attack that appears to be a hacktivist protest over the Leveson
2012-238 WHID 2012-238: ICO blasted offline by DDoS cannon in Leveson protest Inquiry. http://www.theregister.co.uk/2012/05/15/ico_downed_by_ddos_leveson/ 5/15/2012 Denial of Service Unknown Downtime Information Rights United Kingdom Unknown NA 1 Unknown IIS 7 Unknown Unknown NA
Amnesty International's UK website was hacked to host the dangerous Gh0st RAT Trojan
2012-237 WHID 2012-237: Amnesty UK website hacked to serve lethal Gh0st RAT Trojan for two days. http://news.idg.no/cw/art.cfm?id=8D5B5FA7-FBEE-927B-4C5DADA27F1AE4AD 5/11/2012 Hosting malicious code Unknown Planting of Malware Human Rights United Kingdom No NA 1 Unknown ASP.NET Unknown None NA
The Tea Party has had its PAC website hacked by what looks like a legion of users from
2012-236 WHID 2012-236: 4Chan vandalises Tea Party website, reveals private donors the notorious 4Chan image board. http://news.techeye.net/internet/4chan-vandalises-tea-party-website-reveals-private-donors 5/11/2012 Account compromise Weak password Defacement American political movement
United States No NA 1 Unknown Unknown Unknown Password 1
2012-235 WHID 2012-235: Activist hackers temporarily block Putin's website Hackers temporarily blocked President Vladimir Putin's web site http://www.reuters.com/article/2012/05/09/us-russia-hackers-kremlin-idUSBRE8480L020120509 5/9/2012 Denial of Service Unknown Downtime Government Russia Yes Denial of Service 1 Unkknown nginx Unknown None NA
The Philippine Atmospheric, Geophysical and Astronomical Services Administration
2012-234 2012-234: PAGASA website hacked (PAGASA) website was hacked. http://www.abs-cbnnews.com/nation/05/09/12/pagasa-website-hacked 5/9/2012 Unknown Unknown Defacement Science Philipines No NA 1 China Unknown Unknown None NA
Hacktivist members of the online collective called "Anonymous" targeted the websites of
2012-233 WHID 2012-231: Anonymous Hackers Target CIA, UK Supreme Court Over ‰Û÷Pirate Bay‰Ûªthe
Censorship
United Kingdom Supreme Court and the CIA. http://www.ibtimes.com/articles/337473/20120504/anonymous-hackers-cispa-cia-supreme-court-optpb.htm 5/4/2012 Denial of Service Unknown Downtime Government United States and United
Yes
Kingdom Dynamic Denial of Service
2+ Unknown Unknown None None NA
The European Space Agency has said that a group of hackers called 'The Unknowns'
2012-232 WHID 2012-232: 'Unknowns' hack European Space Agency successfully hacked into external servers and got access to user identity information. http://www.zdnet.co.uk/blogs/security-bulletin-10000166/unknowns-hack-european-space-agency-10026071/ 5/3/2012 SQL Injection Improper Input Handling Leakage of Information Space Agency Paris, France No NA 1 Unknown Unknown Unknown User names Unknown
2012-231 WHID 2012-231: Philippine Star's website hacked The website of national newspaper Philippine Star was hacked. http://www.abs-cbnnews.com/nation/05/04/12/philippine-stars-website-hacked 5/4/2012 Unknown Unknown Defacement Newspaper media Phillipines No NA 1 Unknown IIS 6.0/ ASP .NET Unknown None NA
2012-230 WHID 2012-230: Three Rivers Park District Website Hacked, Credit Card Information Safe The Three Rivers Park District online reservation system was the target of a cyber attack. http://kaaltv.com/article/stories/S2603448.shtml?cat=10728 4/19/2012 Information leakage Unknown Leakage of Information State Park Minneapolis, MinnesotaNo Information leakage 1 Unknown IIS 6.0 Unknown Yes log-in names and passwords of 86,000 customers
Hackers associated with the activist group Anonymous posted a protest against Greece's
EU and IMF-inspired austerity policies on the website of the country's justice ministry
2012-23 WHID 2012-23: Anonymous hackers access Greek ministry website Friday, a ministry spokeswoman said. http://www.reuters.com/article/2012/02/03/us-greece-hackers-idUSTRE8120D320120203 2/3/2012 Unknown Unknown Defacement Government Greece Unreported NA 1 Unreported Unreported Unreported None None
2012-229 WHID 2012-229: ANCYL website hacked, league responds ANCYL website was defaced. http://mybroadband.co.za/news/security/49043-ancyl-website-hacked-league-responds.html 5/2/2012 Unknown Unknown Defacement Youth organization Africa No NA 1 Unknown Apache Unknown None NA
The website of the Serious Organised Crime Agency, SOCA, has been hit by a distributed-
2012-228 WHID 2012-228: SOCA Website Downed By DDoS Attack denial-of-service attack. http://www.itproportal.com/2012/05/04/soca-website-downed-by-ddos-attack/ 5/2/2012 Denial of Service Unknown Downtime Law enforcement United Kingdom Yes Distributed Denial of Service attack 1 Unknown Apache Unknown None NA
Lake County sheriff's deputies have launched an investigation into how its computer
system was hacked, which forced officials to shut down all electronic communication and
2012-227 WHID 2012-227: Confidential information released in Lake County Sheriff's website hacking Internet. http://www.clickorlando.com/news/Lake-County-Sheriff-s-Office-website-hacked-over-weekend/-/1637132/12246044/-/7j5xot/-/ 4/27/2012 Unknown Unknown Leakage of Information Law enforcement Lake County,Florida No NA 1 Unknown Unknown Unknown Email addresses
250+and passwords
The website of the Philippines Department of Budget and Management was defaced
2012-226 WHID 2012-226: Philippines DBM site defaced Wednesday afternoon and was quickly taken down for a "security audit". http://www.gmanetwork.com/news/story/256173/scitech/technology/dbm-site-defaced-other-govt-sites-down 4/25/2012 Unknown Unknown Defacement Government Philippines No NA 1 China Drupal Unknown None NA
Unidentified hackers have broken into the main website of the Afghan Taliban, replacing
the usual militant claims of victories with images of executions carried out by the militants
2012-225 WHID 2012-225: Taliban Website Hacked As Afghan Cyberwar Heats Up and messages condemning violence in English, Arabic, and Pashto. http://www.rferl.org/content/taliban_website_hacked/24562004.html 4/26/2012 Unknown Unknown Defacement Political Group Afghanistan No NA 1 Unknown Apache Unknown None NA
Describes how Chris Chaney used brute force techniques to gain access to celebrity email
2012-224 WHID 2012-224: The Man Who Hacked Hollywood accounts. http://www.gq.com/news-politics/newsmakers/201205/chris-chaney-hacker-nude-photos-scarlett-johansson?printable=true 4/26/2012 Brute Force Insufficient Password Recovery
Leakage of Information Service Providers Multiple
British web hosting outfit UK2.NET was on the business end of a distributed denial-of-
2012-223 WHID 2012-223: UK2.NET smashed offline by '10-million-strong' botnet service attack last night that took down customers' websites. http://www.theregister.co.uk/2012/04/26/uk2net_outage_in_ddos_attack/ 4/26/2012 Denial of Service Insufficient Anti-automation
Downtime Hosting Providers UK Yes
Purported Chinese hackers attacked the website of the Department of Budget and
2012-222 WHID 2012-222: DBM website hacked Management (DBM) on Wednesday. http://www.abs-cbnnews.com/nation/04/25/12/dbm-website-hacked 4/25/2012 Unknown Unknown Defacement Government Manila, Philippines
The bank executive said that they believe it was the work of an automated hacking tool
that simply swapped their home page with the image that Grech saw. Management
contends it was purely superficial and at no time were customer accounts at risk, putting
2012-221 WHID 2012-221: Local bank website hacked some worries at ease. http://wtvr.com/2012/04/23/local-bank-website-hacked/ 4/23/2012 Unknown Unknown Defacement Finance Richmond, VA
The CIA website is now back online following a DDoS attack reportedly perpetrated by the
hacktivist group Anonymous. This is the latest attack in a series of assaults carried out
2012-220 WHID 2012-220: CIA site downed as Anonymous claims attack against US government websites. https://rt.com/news/cia-site-claims-attack-807/ 4/24/2012 Denial of Service Insufficient Anti-automation
Downtime Government Langley, Virginia Yes Anonymous
The website of the Government‰Ûªs overseas development programme, Irish Aid was
taken down for a time last night after the email addresses and passwords of staff were
2012-22 WHID 2012-22: Irish Aid website 'hacked' posted online. http://www.irishtimes.com/newspaper/breaking/2012/0202/breaking6.html 2/1/2012 Unknown Unknown Leakage of Information Government Ireland Unreported NA 1 Sweden Unreported Unreported Email addresses
Unreported
and passwords
The Government's parliamentary website, www.ttparliament.org, was taken offline
yesterday after a computer software hacker apparently breached the security codes of the
2012-219 WHID 2012-219: Hacker strikes Parliament website site and left a mischievous message announcing the security break. http://www.trinidadexpress.com/news/Hacker_strikes_Parliament_website-148466945.html 4/22/2012 Unknown Unknown Defacement Government Trinidad
Anonymous, a hacker collective, has shut down the official Formula 1 website after a
2012-218 WHID 2012-218: Anonymous Shuts Down Formula 1 Website Ahead of Bahrain Grand Prix series of violent protests ahead of its race in Bahrain. http://www.ibtimes.com/articles/331171/20120420/anonymous-formula-1-website-bahrain-grand-prix.htm 4/20/2012 Denial of Service Insufficient Anti-automation
Downtime Sports Bahrain Yes
A U.S.-based Web site that has aggressively covered China‰Ûªs biggest political scandal
in decades was the victim of a disruptive attack that was accompanied by threats to the
2012-217 WHID 2012-217: U.S. Web site covering China scandal disrupted by cyberattack service that registers its domain name, the site‰Ûªs manager said Friday. http://www.washingtonpost.com/world/national-security/us-web-site-covering-china-scandal-disrupted-by-cyberattack/2012/04/20/gIQAZbRcWT_story.html 4/20/2012 Denial of Service Insufficient Anti-automation
Downtime Media China Yes
2012-216 WHID 2012-216: Cyber war: Palace websites attacked Chinese hackers were at it again, and this time they attacked the presidential websites. http://globalnation.inquirer.net/34465/cyber-war-palace-websites-attacked 4/22/2012 Denial of Service Insufficient Anti-automation
Downtime Government Philipines Yes Denial of Service 3 China Unknown Unknown None NA
A group of hackers got into the Berrien County government website earlier this week and
2012-215 WHID 2012-215: Berrien County government website hacked left behind profanity and their views on government, authorities said Thursday. http://www.mlive.com/news/kalamazoo/index.ssf/2012/04/berrien_county_government_webs.html 4/20/2012 Brute Force Insufficient Anti-automation
Defacement Government ST. JOSEPH, MI
Hackers claiming to come from China defaced the website of the Philippines' top university
on Friday to assert their country's claim over the hotly disputed South China Sea, the
2012-214 WHID 2012-214: 'Chinese' hackers deface Philippine website government said. http://www.google.com/hostednews/afp/article/ALeqM5ieavMTCtsDq6Jzd8wBfyGQTNj4NA?docId=CNG.46b40181ee39a090b52dd63a46e30e61.421 4/20/2012 Unknown Unknown Defacement Education Manila, Philippines China
A massive hacker attack has crippled an overseas website that has reported extensively
on China's biggest political turmoil in years, underscoring the pivotal role the Internet has
2012-213 WHID 2012-213: Hacker attack underlines Web role in China scandal played in the unfolding scandal. https://www.ajc.com/news/nation-world/hacker-attack-underlines-web-1422689.html 4/20/2012 Denial of Service Insufficient Anti-automation
Downtime Media North Carolina Yes
City government websites in the District failed to load for hours on Thursday, the apparent
2012-212 WHID 2012-212: D.C. government website downed by hackers victims of hackers who wanted to target government sites. http://www.washingtontimes.com/news/2012/apr/19/dc-government-website-downed-hackers/ 4/19/2012 Denial of Service Insufficient Anti-automation
Downtime Government Washington, DC Yes
Anonymous member James Jeffery last month hacked into the British Pregnancy Advisory
Service (BPAS) and stole 10,000 database records. He has now been sentenced to 32
2012-211 WHID 2012-211: Anti-abortion hacker jailed for stealing 10,000 records months in jail. https://www.zdnet.com/blog/security/anti-abortion-hacker-jailed-for-stealing-10000-records/11558?tag=content;siu-container 4/17/2012 Unknown Unknown Leakage of Information Healthcare UK
A 15-year-old boy has been arrested for hacking into 259 companies during a 90-day
spree. In other words, during the last quarter he successfully attacked an average of three
2012-210 WHID 2012-210: 15-year-old arrested for hacking 259 companies websites per day. https://www.zdnet.com/blog/security/15-year-old-arrested-for-hacking-259-companies/11585?tag=content;siu-container 4/17/2012 Unknown Unknown Leakage of Information Multiple Multiple
Saboteurs have hacked into the websites of several law enforcement agencies worldwide
in attacks attributed to the collective called Anonymous, including in Boston and in Salt
Lake City, where police say personal information of confidential informants and tipsters
2012-21 WHID 2012-21: Hackers attack law enforcement websites was accessed. http://www.washingtontimes.com/news/2012/feb/5/hackers-attack-law-enforcement-websites/ 2/3/2012 Unknown Unknown Leakage of Information Law Enforcement Virginia Unknown NA 1 Unknown
Medical and personal information of more than 300,000 employees through a leak in the
software of the computer Humannet IT business VCD months been accessible to
unauthorized persons. This is the finding of Zembla, in the episode "The police
2012-209 WHID 2012-209: Hundreds of thousands of medical records accessible absenteeism II 'Friday, April 20. http://www.dutchnews.nl/news/archives/2012/04/new_online_medical_records_sca.php 4/19/2012 SQL Injection Improper Input Handling Leakage of Information Healthcare Netherlands
"A security fault with the incremental numbering of the competition entrants registration
URL created the potential for access to other customers' personal data for a two-month
2012-208 WHID 2012-208: Tosh UK rewards competition hopefuls by exposing their privates period," the regulator said. http://www.theregister.co.uk/2012/04/18/toshiba_slapped_by_ico/ 4/18/2012 Forceful Browsing Predictable Resource Location
Leakage of Information Technology UK
Changes have been restored to the Sam Houston State University catalog website after it
was hacked on April 12, according to an email sent out to SHSU web developers by
2012-207 WHID 2012-207: SHSU website hacked by black hat SEO techniques Jurden Bruce, web services manager. http://www.houstonianonline.com/news/shsu-website-hacked-by-black-hat-seo-techniques-1.2732151#.T5BPa5pWr6Q 4/12/2012 Unknown Unknown Spam Education Texas
2012-206 WHID 2012-206: FBI Charges Man In $1 Million Stock-Fraud Hacking Scheme Hacking crew used accounts under its control to conduct sham trades http://www.darkreading.com/security-monitoring/167901086/security/news/232900535/fbi-charges-man-in-1-million-stock-fraud-hacking-scheme.html 4/18/2012 Unknown Unknown Monetary Loss Finance Multiple
Our research team have been tracking a new mass SQL injection campaign that started
early this month. So far more than 180,000 URLs have been compromised. We will keep
2012-205 WHID 2012-205: Nikjju Mass injection campaign (180k+ pages compromised) posting updates as we get them. http://blog.sucuri.net/2012/04/nikjju-mass-injection-campaign-150k-sites-compromised.html 4/17/2012 SQL Injection Improper Input Handling Planting of Malware Multiple Multiple
We have been tracking an interesting malware that is affecting thousands of compromised
2012-204 WHID 2012-204: GetMama ‰ÛÒ Conditional malware affecting thousands of sites sites. We call it GetMama!! http://blog.sucuri.net/2012/04/getmama-conditional-malware-affecting-thousands-of-sites.html 4/10/2012 Unknown Improper Output HandlingPlanting of Malware Multiple Multiple
Hackers briefly shut down the official city website Tuesday. The city's information
technology department says NYC.gov was the target of what's called a "denial of service
2012-203 WHID 2012-203: Hackers Briefly Shut Down NYC.gov attack" Tuesday. http://www.ny1.com/content/news_beats/political_news/159597/hackers-briefly-shut-down-nyc-gov 4/17/2012 Denial of Service Insufficient Anti-automation
Downtime Government New York, NY Yes
Dutch ISP XS4ALL has been hit by a large-scale DDoS attack, Tweakers.net reported.
Customers are experiencing difficulties in accessing webmail; other services are also
2012-202 WHID 2012-202: XS4ALL hit by massive DDoS attack available on a limited basis. http://www.telecompaper.com/news/xs4all-hit-by-massive-ddos-attack 4/18/2012 Denial of Service Insufficient Anti-automation
Downtime Service Provider Netherlands
A LOW-SCALE cyber-attack on a US hosting company has created a headache for
2012-201 WHID 2012-201: Cyber attack hits Melbourne firm York Butter Factory Melbourne tech-incubation space York Butter Factory. http://www.theaustralian.com.au/australian-it/cyber-attack-hits-melbourne-firm-york-butter-factory/story-e6frgakx-1226331872949 4/18/2012 Denial of Service Insufficient Anti-automation
Downtime Media Melbourne, Australia Yes
The coalition for clean and fair elections Bersih claimed that its website was under a
2012-200 WHID 2012-200: Bersih website suffers DDoS attack distributed denial-of-service (DDoS) attack for 13 hours yesterday. http://www.malaysiakini.com/news/195392 4/17/2012 Denial of Service Insufficient Anti-automation
Downtime Politics Selangor, Malaysia
2012-20 WHID 2012-20: Citigroup Inc. (NYSE:C) Hit By Hackers Hackers have attacked Brazilian financial websites, including Citigroup Inc. (NYSE:C). http://www.emoneydaily.com/citigroup-inc-nysec-hit-by-hackers/69823284/ 2/4/2012 Denial of Service Insufficient Anti-automation
Downtime Finance South America Yes Distributed Denial of Service
Multiple Unknown Unknown
2012-2 WHID-2012-2: Hackers disable German right-wing websites The websites of several right-wing extremists in Germany have been attacked by hackers. http://www.jta.org/news/article/2012/01/05/3091030/hackers-disable-german-right-wing-websites 1/1/2012 Denial of Service Insufficient Anti-automation
Downtime Politics Germany Unknown Denial of Service Multiple unknown Unknown
Yesterday, Google sent out about 20,000 warnings to webmasters that have had their
2012-199 WHID 2012-199: Google Sends Out 20,000 Weird Redirect Hacked Notifications sites compromised and may have no idea about it. http://www.seroundtable.com/google-hacked-redirect-warning-15022.html 4/16/2012 Unknown Improper Output HandlingPlanting of Malware Search Engine Mountain View, CA
First, he warned of the security flaw in Iran‰Ûªs banking system. Then he provided them
with 1,000 bank account details. When they didn‰Ûªt listen, he hacked 3 million accounts
2012-198 WHID 2012-198: 3 million bank accounts hacked in Iran across at least 22 banks. https://www.zdnet.com/blog/security/3-million-bank-accounts-hacked-in-iran/11577 4/16/2012 Unknown Unknown Leakage of Information Finance Iran
A group calling itself "Raise Your Voice" hacked into 15 Lebanese government websites
on Tuesday, demanding an improvement in living standards and an end to widespread
2012-197 WHID 2012-197: Hackers take down 15 Lebanese government websites electricity and water shortages. http://www.reuters.com/article/2012/04/17/lebanon-hackers-idUSL6E8FH1P320120417 4/17/2012 Unknown Unknown Defacement Government Beirut, Lebanon
More US and UK government websites have fallen prey to DDoS attacks by the hacktivist
group Anonymous. The victims now include the US Department of Justice, CIA and two
2012-196 WHID 2012-196: US, UK govt. websites downed in Anonymous-claimed attack MI6 sites. https://rt.com/news/cia-ddos-attacks-usa-120/ 4/16/2012 Denial of Service Insufficient Anti-automation
Downtime Government Multiple Yes Anonymous
We established this morning that the website belonging to the Zimbabwe International
2012-195 WHID 2012-195: Zimbabwe International Trade Fair website hacked, taken down Trade Fair Company, www.zitf.net was hacked. http://www.techzim.co.zw/2012/04/zimbabwe-international-trade-fair-website-hacked/ 4/13/2012 Unknown Unknown Defacement Media Zimbabwe
Facebook 'Likejacking' scams can fool even the savviest users. But behind the scammers
2012-194 WHID 2012-194: Dude, you‰Ûªve just been ‰Û÷Likejacked‰Ûª by the Fortune 500 lie some of the powerful marketing firms in the world. http://www.itworld.com/it-managementstrategy/266618/dude-you-ve-just-been-likejacked-fortune-500 4/10/2012 Clickjacking Insufficient Process Validation
Spam Social Menlo Park, CA Facebook
The hacker also put up a tweet on NOM's Twitter account, NOMTweets, reading, "Yes,
creating a wedge between the black community and #lgbt was wrong. We vow to work on
2012-193 WHID 2012-193: National Organization For Marriage Twitter Account Hacked how we address our opponents in the future." http://www.huffingtonpost.com/2012/04/11/mitt-romney-endorsed-nom-national-organization-marriage_n_1417338.html?ref=mostpopular 4/11/2012 Unknown Unknown Disinformation Social San Francisco, CA Twitter
On the same morning that the National Organization for Marriage announced that it was
endorsing Mitt Romney, the group dedicated to stopping the marriage equality movement
also found its website and social media outlets hacked with a promise to stop dividing
2012-192 WHID 2012-192: National Organization For Marriage Website Hacked On Same Day Group Endorses Americans.
Mitt Romney http://www.huffingtonpost.com/2012/04/11/mitt-romney-endorsed-nom-national-organization-marriage_n_1417338.html?ref=mostpopular 4/11/2012 Unknown Unknown Defacement Politics San Francisco, CA
Anonymous is taking responsibility for launching a coordinated cyberattack on Boeing's
website, a high-profile takedown that's part of the hacking collective's campaign against
2012-191 WHID 2012-191: Anonymous takes out Boeing website what it believes is a stifling piece of federal legislation. http://www.technolog.msnbc.msn.com/technology/technolog/anonymous-takes-out-boeing-website-708942 4/10/2012 Denial of Service Insufficient Anti-automation
Downtime Technology US Yes Anonymous
The hacker-activist group known as Anonymous led attacks on the websites of two
technology trade associations for supporting cybersecurity legislation, the organizations
said. Read more: http://www.sfgate.com/cgi-bin/article.cgi?
2012-190 WHID 2012-190: Anonymous Said to Be Behind Website Attacks on Trade Groups f=/g/a/2012/04/09/bloomberg_articlesM283AE1A1I4G01-M28AL.DTL#ixzz1sOvvLODH http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2012/04/09/bloomberg_articlesM283AE1A1I4G01-M28AL.DTL#ixzz1sOvjfa7v 4/9/2012 Denial of Service Insufficient Anti-automation
Downtime Technology Washington, DC Yes Anonymous
A group linked to the hacker network Anonymous on Saturday said it had attacked the
Swedish government's website, bringing it down for periods of time by overloading it with
2012-19 WHID 2012-19: Anonymous hackers claim hit on Swedish government traffic. http://www.deseretnews.com/article/700222228/Anonymous-hackers-claim-hit-on-Swedish-government.html 2/4/2012 Denial of Service Insufficient Anti-automation
Downtime Government Sweden Yes Distributed Denial of Service 1 Unknown Unreported Unknown
The website of the Austrian Freedom Party's (FPÌÐ) education institute was hacked on
Easter Sunday with the slogan "Osterei statt Nazipartei" which translates as Easter eggs
2012-189 WHID 2012-189: FPÌÐ website hacked by Annonymous instead of Nazi Party. http://austrianindependent.com/news/General_News/2012-04-09/10827/FP%D6_website_hacked_by_Annonymous 4/9/2012 Unknown Unknown Defacement Politics Austria
Gulf Air, Bahrain's state airline, said that its Facebook page had been hacked on Monday
and that the nation's Internet crime division is investigating, according to the Associated
2012-188 WHID 2012-188: Reports: Gulf Air's Facebook page gets hacked Press. http://travel.usatoday.com/flights/post/2012/04/gulf-airs-facebook-page-gets-hacked/667184/1 4/10/2012 Unknown Unknown Defacement Social Menlo Park, CA
Analysis: For the second time in two years my WordPress site was hacked, this time by
2012-187 WHID 2012-187: Hacked Again: Lessons Learned Viagra spammers. Here are a few of the hard lessons I learned. https://www.pcworld.com/article/253408/hacked_again_lessons_learned.html 4/8/2012 Remote File Inclusion (RFI)
Misconfiguration Spam Blogs San Francisco, CA Wordpress
Britain‰Ûªs Home Office confirmed Sunday that its website was attacked overnight after
2012-186 WHID 2012-186: Hackers claiming ties to Anonymous target UK government website hackers claimed responsibility for shutting it down. http://www.washingtonpost.com/world/europe/hackers-claiming-ties-to-anonymous-target-uk-government-website/2012/04/08/gIQAZZch3S_story.html 4/8/2012 Denial of Service Insufficient Anti-automation
Downtime Government UK Yes Anonymous
A 20-year-old FedEx employee is facing a charge in federal court after he allegedly
2012-185 WHID 2012-185: FedEx employee charged with cyber attack on Marlboro company launched a cyber attack on a Marlboro human resources company. http://www.telegram.com/article/20120406/NEWS/120409643/1116 4/6/2012 Brute Force Insufficient Anti-automation
Account Takeover Healthcare Marlborough, MA
Hacktivist Hardcore Charlie says he has hacked China National Import & Export Corp
(CEIC), a Chinese government defense contractor, and stole over 500MB worth of
2012-184 WHID 2012-184: Hacker steals Chinese government defense contracts documents. https://www.zdnet.com/blog/security/hacker-steals-chinese-government-defense-contracts/11386 4/6/2012 Unknown Unknown Leakage of Information Government China
A data security breach at the Utah Health Department, believed to be the work of Eastern
European hackers, has exposed 24,000 U.S. Medicaid files bearing names, Social
2012-183 WHID 2012-183: European hackers suspected in Utah Medicaid files breach Security numbers and other private information, state officials said on Wednesday. http://articles.chicagotribune.com/2012-04-04/news/sns-rt-us-usa-hackers-utahbre83404g-20120404_1_data-security-breach-cyber-attack-hackers 4/4/2012 Unknown Unknown Leakage of Information Healthcare Salt Lake City, UT
Anonymous has hacked hundreds of Chinese government, company, and other general
2012-182 WHID 2012-182: Anonymous hacks hundreds of Chinese government sites websites. The attacks range from basic defacements to personal data being compromised. https://www.zdnet.com/blog/security/anonymous-hacks-hundreds-of-chinese-government-sites/11303 4/4/2012 Unknown Unknown Defacement Government China Yes Anonymous 485
Hackers posted on the internet the private data of Czech Prime Minister Petr Necas,
including the numbers of his three mobile telephones, after a series of cyber attacks on
2012-181 WHID 2012-181: Hackers leak Czech PM's private data government web sites, Czech media reported Wednesday. http://twocircles.net/2012apr04/hackers_leak_czech_pms_private_data.html 4/4/2012 Unknown Unknown Leakage of Information Government Czechoslovakia
Five jihadi websites that make up the core online forums promoting Al Qaeda were
knocked out 12 days ago and remain mostly offline in what appears to be a major
2012-180 WHID 2012-180: Coordinated cyberattack knocks Al Qaeda jihadi websites offline cyberattack against the group. http://www.alaskadispatch.com/article/coordinated-cyberattack-knocks-al-qaeda-jihadi-websites-offline 4/3/2012 Denial of Service Insufficient Anti-automation
Downtime Politics Pakistan Yes
websites at barnesville.com and pikecountygeorgia.com were hit by a denial of service
2012-18 WHID 2012-18: barnesville.com hit by denial of service attack attack emanating from Chicago and various points in China. http://www.barnesville.com/archives/4414-barnesville.com-hit-by-denial-of-service-attack.html 2/1/2012 Denial of Service Insufficient Anti-automation
Downtime Media Barnesville, Georgia Yes Distributed Denial of Service 2 Chicago and Unknown
China Unknown Unknown NA
A malicious attacker deliberately attempted to interfere with a crucial party leadership vote
in Canada last month, according to a company commissioned to run the online voting
2012-179 WHID 2012-179: Canadian opposition party targeted in botnet attack system used. http://www.scmagazine.com/canadian-opposition-party-targeted-in-botnet-attack/article/234644/ 4/2/2012 Denial of Service Insufficient Anti-automation
Downtime Politics Canada Yes
The Epoch Times was hit with a series of cyber attacks beginning on March 29, with an
unsuccessful distributed denial of service attack first targeting epochtimes.com, before
2012-178 WHID 2012-178: Denial of Service Attack Targets Epoch Times follow-up stories on connected servers on the morning of April 1. http://www.theepochtimes.com/n2/technology/denial-of-service-attack-targets-epoch-times-213907.html 4/2/2012 Denial of Service Insufficient Anti-automation
Downtime Media New York, NY Yes
Some crafty Internet user recently announced that he/she has detected an exploitable
2012-177 WHID 2012-177: Klout Hacked! XSS vulnerability that allows you to virtually inflate your score. http://www.digitalversus.com/klout-hacked-n23928.html 4/2/2012 Cross-site Scripting (XSS)
Improper Output HandlingFraud Social US
A computer hacker tried to steal $1.8 million from the city's bank account in late February,
but officials won't release details, citing an ongoing investigation. Read more here: http:
//www.star-telegram.com/2012/04/01/3850876/computer-hacker-tries-to-steal.
2012-176 WHID 2012-176: Computer hacker tries to steal $1.8 million from Arlington's bank account Readhtml#storylink=cpy http://www.star-telegram.com/2012/04/01/3850876/computer-hacker-tries-to-steal.html
more here: http://www.star-telegram.com/2012/04/01/3850876/computer-hacker-tries-to-steal.html#storylink=cpy 4/1/2012 Banking Trojan Insufficient Process Validation
Monetary Loss Finance Arlington, TX
All has been relatively quiet on the Anonymous front as far as defacing Web sites are
concerned. That has changed today as Anonymous China has attacked and defaced a
number of Chinese government Web sites to protest the country‰Ûªs censorship of the
2012-175 WHID 2012-175: Anonymous Takes Down And Defaces Chinese Government Web Sites Internet. http://www.webpronews.com/anonymous-takes-down-and-defaces-chines-government-web-sites-2012-03 3/30/2012 Unknown Unknown Defacement Government China
Global Payments Inc, an Atlanta-based payments processor, has been broken into by
hackers, leaving more than 50,000 card accounts potentially compromised, according to
2012-174 WHID 2012-174: Hackers Breach Credit Card Processor; 50K Cards Compromised news reports. http://www.wired.com/threatlevel/2012/03/global-payments-breached/ 3/30/2012 Unknown Unknown Leakage of Information Finance Atlanta, GA
Malware-flingers are taking advantage of vulnerable WordPress sites as part of an attack
2012-173 WHID 2012-173: Hackers booby-trap WordPress site with botnet-weaving Trojan ultimately designed to spread an information-stealing botnet agent. http://www.theregister.co.uk/2012/03/23/wordpress_vuln_botnet_exploit/ 3/23/2012 Unknown Improper Output HandlingPlanting of Malware Blogs US Wordpress
When a hacker targeted Amazon subsidiary Zappos.com in January, the attacker went
2012-172 WHID 2012-172: Zappos CTO: hacking detected ‰Û÷while it was in progress‰Ûª after company servers in both Nevada and Kentucky. http://www.techflash.com/seattle/2012/03/zappos-cto-hacking-detected-in-progress.html 3/23/2012 SQL Injection Improper Input Handling Leakage of Information Retail Nevada, US
PayPal has closed a potentially serious security hole on its site, which cyber criminals
could have used to steal passwords belonging to users of the online payment service.
Read more: http://www.computing.co.uk/ctg/news/2163065/paypal-closes-potential-flaw-
login-pages#ixzz1sKLhwvyd Computing - Insight for IT leaders Claim your free
2012-171 WHID 2012-171: PayPal closes potential flaw in login pages subscription today. http://www.computing.co.uk/ctg/news/2163065/paypal-closes-potential-flaw-login-pages 3/23/2012 Cross-site Scripting (XSS)
Improper Output HandlingAccount Takeover Finance US
The group of cyberactivists known as Anonymous blocked access to two websites linked
2012-170 WHID 2012-170: Hackers attack Mexican websites over pope's visit to the upcoming visit to Mexico by Pope Benedict XVI. http://en.europeonline-magazine.eu/hackers-attack-mexican-websites-over-popes-visit_197890.html 3/20/2012 Unknown Unknown Defacement Religious Mexico City, Mexico
The hacker known as BlackJester claims that he managed to breach a number of servers
owned by Qwest Communications International, one of the largest telecoms carrier in the
2012-170 WHID 2012-170: Qwest Datacenter "Held Hostage" by Hacker (Exclusive) United States. http://news.softpedia.com/news/Qwest-Datacenter-quot-Held-Hostage-quot-by-Hacker-Exclusive-259500.shtml 3/19/2012 Unknown Unknown Downtime Service Provider US
Computer hackers have penetrated the database of Australia's biggest internet domain
name auction house, possibly accessing client home addresses and encrypted credit card
2012-17 WHID 2012-8: Zappos website hacked; credit card database not affected, CEO says numbers http://www.theage.com.au/national/hackers-infiltrate-domain-name-auction-house-20120201-1qtgk.html 2/2/2012 Unknown Unknown Leakage of Information Retail Australia Unknown NA 1 Unknown Unknown name, email address,
Unreported
billing address, phone number and a cryptographically scrambled version of cred
The Casa Presidencial website (www.casapres.go.cr) was in temporary control of hackers
2012-169 WHID 2012-169: Presidenta's Website Hacked on Sunday night, according to Communications Minister, Francisco ChacÌ_n. http://www.insidecostarica.com/dailynews/2012/march/20/costarica12032005.htm 3/20/2012 Unknown Unknown Defacement Government Costa Rica Joomla
The Russian faction of Anonymous has claimed responsibility for a cyber-attack on a
Russian TV station's website. The outage follows a controversial documentary about
2012-168 WHID 2012-168: Doc outrage: Anonymous 'behind' web-siege on Russian TV channel Russian protestors produced by NTV. https://rt.com/news/tv-station-site-attacked-922/ 3/20/2012 Denial of Service Insufficient Anti-automation
Downtime Media Russia
There was embarrassing news for the Indian government this week as one of its ministers
was forced to admit that over 100 of its web sites had been hacked in just three mon
2012-167 WHID 2012-167: Hackers hit 112 Indian gov sites in three months
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
Hackers thought to be part of the Anonymous organization attacked and took down the
web sites of Mexico's interior department and Senate, officials in both government bodies
2012-15 WHID 2012-15: Hackers Take Down Mexico Gov't Websites to Protest Anti-Piracy Bill said. http://latino.foxnews.com/latino/news/2012/01/28/hackers-take-down-mexico-govt-websites-to-protest-anti-piracy-bill/ 1/27/2012 Denial of Service Insufficient Anti-automation
Downtime Government Mexico Yes Denial of Service 1 Unknown Unknown
For a time, fans of the "Twilight" saga who regularly visit the official website of the series'
writer Stephenie Meyer may be in for a real-life horror story. Meyer's website (www.
stepheniemeyer.com) had been found to host "Crimepack," an exploit kit that installs
2012-149 WHID 2012-149: Twilight author's website found hosting malware malware on Windows PCs, security firm GFI labs reported. http://www.gmanetwork.com/news/story/249301/scitech/technology/twilight-author-s-website-found-hosting-malware 2/24/2012 Unknown Improper Output HandlingPlanting of Malware Media US
The local domain sonyvaio.com.au has been hacked and a defacement page posted
claiming credit for the attack. A Malaysian-based group bragged on a since-removed
Facebook post, ‰ÛÏW00t SONY VAIO Australia hacked.‰Û However, Gizmodo AU
checked whois records and found the domain actually belongs to TX Computer Solutions,
2012-148 WHID 2012-148: Hackers Target Sony Australia, Hit Reseller Instead an authorised Sony reseller. http://www.gizmodo.com.au/2012/02/hackers-target-sony-australia-hit-reseller-instead/ 2/23/2012 Unknown Unknown Defacement Retail Australia
Iranian hackers attacked the websites of the Azerbaijan State Television & Radio
2012-147 WHID 2012-147: Azerbaijani TV, AZAL websites hacked by Iranians Company, AzTV, and Azerbaijani Airlines (AZAL) on 22-23 February. http://www.news.az/articles/tech/55220 2/23/2012 Unknown Unknown Defacement Media Azerbaijan
The website of a Nagoya city-run zoo was hacked Thursday and displayed messages
saying that the massacre of civilians of eastern China's Nanjing City by Japanese soldiers
in 1937 should be acknowledged, according to local media citing the city of Nagoya as
2012-146 WHID 2012-146: Nagoya zoo website hacked to display messages on Nanjing Massacre: mediasaying. http://www.shanghaidaily.com/article/article_xinhua.asp?id=52830 2/23/2012 Unknown Unknown Defacement Government Nagoya, Japan
For the second time this month, the group CabinCr3w ‰ÛÓ an affiliate of the pro-free
speech hackers Anonymous ‰ÛÓ is taking credit for infiltrating the city of Newark‰Ûªs
website and protesting corruption and police brutality, according to several city officials
2012-145 WHID 2012-145: Newark city website attacked by hacker group and statements by the group itself. http://www.nj.com/news/index.ssf/2012/02/newark_city_website_attacked_b.html 2/22/2012 Unknown Unknown Defacement Government Newark, NJ
A group of hacktivists has leaked the names, addresses, phone numbers and email
passwords of more than 100 police officers stolen from the database of the Los Angeles
2012-144 WHID 2012-144: Hackers hit Los Angeles police canine group County Police Canine Association (LACPCA) website. http://www.msnbc.msn.com/id/46480682/ns/technology_and_science-security/#.T419t5pWrUU 2/22/2012 Unknown Unknown Leakage of Information Law Enforcement Los Angeles, California
The hacking group known as Anonymous has claimed a new series of hacks against the
2012-143 WHID 2012-143: FTC sites hacked by Anonymous U.S. Federal Trade Commission and consumer rights websites. http://www.usatoday.com/tech/news/story/2012-02-17/ftc-sites-hacked-anonymous/53128914/1 2/17/2012 Unknown Unknown Defacement Government US
A number of sites in East Africa were hacked starting last week by multiple hackers, in
what appears to be an uncordinated hacking spree .The hacks come just after an
overnight hack involving 103 Government of Kenya websites by an Indonesian hacker.
This include the website of MTN, the largest mobile operator in Rwanda and a major
2012-142 WHID 2012-142: East African firms caught up in hacking spree player across the continent. http://news.idg.no/cw/art.cfm?id=10D8AA4C-9644-9A7D-E93200E945A6E32B 2/15/2012 SQL Injection Improper Input Handling Leakage of Information Retail Africa
2012-141 WHID 2012-141: Hackers siphon Penticton man‰Ûªs bank account A Penticton man is issuing a warning after $3,000 was drained from his bank account. http://www.pentictonwesternnews.com/news/139300688.html 2/14/2012 Banking Trojan Insufficient Process Validation
Monetary Loss Finance Penticton, B.C.
The group got hold of four different databases of the BTK and published the according
information on Twitter. Information about companies like Vodafone, TurkNet, Superonline,
Avea or Turkcell was published encrypted. Data from the fourth database contained clear
information on the full names of BTK employees, their user names, e-mails, passwords,
2012-140 WHID 2012-140: Anonymous Hacked BTK Database mobile, home and office phone numbers, date of birth and their ID numbers. http://www.bianet.org/english/world/136178-anonymous-hacked-btk-database 2/15/2012 SQL Injection Improper Input Handling Leakage of Information Government Istanbul
Anonymous Sweden has claimed responsibility on Twitter for the over-night shutdown of
two Irish government websites. The hacking was used in protest of new copyright
2012-14 WHID 2012-15: Hackers Take Down Irish Gov't Websites to Protest Anti-Piracy Bill legislation that is being considered by Ireland. http://www.irishcentral.com/news/Hacker-group-Anonymous-forces-Irish-government-sites-offline-over-Internet-privacy-act-138115538.html 1/25/2012 Denial of Service Insufficient Anti-automation
Downtime Government Ireland Yes DDoS 2 Unknown Unknown None None
Nasdaq.com is down for the count at the moment, apparently felled by a distributed denial-
of-service attack from a group of hackers possibly connected with Anonymous, the
2012-139 WHID 2012-139: Nasdaq Web Site Shut Down By Denial Of Service Attacks hacking collective. http://www.forbes.com/sites/ericsavitz/2012/02/14/nasdaq-web-site-shut-down-by-denial-of-service-attacks/ 2/14/2012 Denial of Service Insufficient Anti-automation
Downtime Finance US
A breach that caused Cryptome.org to infect visitors with virulent malware was one of at
least six attacks reported to hit high-profile sites or services in the past few days. Others
affected included Ticketmaster, websites for Mexico and the state of Alabama, Dutch ISP
2012-138 WHID 2012-138: Breaches galore as Cryptome hacked to infect visitors with malware KPN, and the Microsoft store in India. http://arstechnica.com/business/news/2012/02/breaches-galore-as-cryptome-hacked-to-infect-visitors-with-malware.ars 2/14/2012 Unknown Improper Output HandlingPlanting of Malware Media US
The attack saw the two hackers target a Thai government website, defacing several of its
pages. The defacements made contained an air of humour, with one of the more
prominent changes making the site list Hax.r00t as the country's president and Saadi as
its Prime Minister. Read more: http://www.ibtimes.co.
uk/articles/298390/20120214/hackers-thai-government-censorship-online-saadi-hax.
2012-137 WHID 2012-137: Hackers Target Thai Government Over Censorship Allegations htm#ixzz1sFNCqQG0 http://www.ibtimes.co.uk/articles/298390/20120214/hackers-thai-government-censorship-online-saadi-hax.htm 2/14/2012 Unknown Unknown Defacement Government Thailand
Hackers used spy software to help them steal money from the online bank accounts of
2012-136 WHID 2012-136: 700,000 kroner stolen in NemID attack eight individuals by bypassing the NemID digital signature http://www.cphpost.dk/news/national/700000-kroner-stolen-nemid-attack 2/12/2012 Banking Trojan Insufficient Process Validation
Monetary Loss Finance Copenhagen
A hacker claims to have compromised the personal information of more than 350,000
2012-135 WHID 2012-135: Hacker says porn site users compromised users after breaking into a disused website operated by pornography provider Brazzers. http://www.usatoday.com/news/nation/story/2012-02-11/hackers-anonymous-brazzers-porn/53048096/1 2/11/2012 SQL Injection Improper Input Handling Leakage of Information Entertainment Luxembourg
Hacking collective Anonymous launched on February 9 a distributed denial of service
(DDOS) attack on the website of the Croatian presidency after incumbent Ivo Josipovic
2012-135 WHID 2012-135: Anonymous attacks Croatian presidency website defended the Anti-Counterfeiting Treaty Agreement (ACTA). http://www.sofiaecho.com/2012/02/10/1764013_anonymous-attacks-croatian-presidency-website 2/10/2012 Denial of Service Insufficient Anti-automation
Downtime Government Croatia Yes Anonymous
A security researcher under the name of "WeedGrower", or "X-pOSed" has been on a roll
since the start of 2012. He has ambushed huge sites such as AOL, NASA, Hotmail,
Myspace, Xbox, USBank, Yahoo, and VISA, he has also leaked sensitive data on most of
2012-134 WHID 2012-134: Hackers Claims to compromise Intel's Sensitive Data those websites. http://thehackernews.com/2012/02/hackers-claims-to-compromise-intels.html 2/10/2012 SQL Injection Improper Input Handling Leakage of Information Technology US
Following on from the OpNigeria assault, a hacker operating under TeamPoison's banner
has targeted the United Nations (UN), releasing the data stolen in a statement posted on
2012-133 WHID 2012-133: TeamPoison Hackers Hit the United Nations Pastebin. http://www.ibtimes.co.uk/articles/295795/20120209/teampoison-hack-hackers-united-nations-un-cali.htm#ixzz1sEVVtO8X 2/9/2012 SQL Injection Improper Input Handling Leakage of Information Government US
Over the past few days, an unknown hacker or group of hackers pounded the israeltoday.
2012-132 WHID 2012-132: Israel Today hacked; Israeli army jumps into cyber war co.il domain with so many requests that it repeatedly crashed. http://israeltoday.co.il/News/tabid/178/nid/23111/language/en-US/Default.aspx 2/9/2012 Denial of Service Insufficient Anti-automation
Downtime Media Israel Yes
A United Russia party website was knocked offline Thursday after hackers from the group
2012-131 WHID 2012-131: United Russia Site Attacked by Hacker Group Anonymous Anonymous claimed to have directed a denial of service attack on the site. http://www.themoscowtimes.com/news/article/united-russia-site-attacked-by-hacker-group-anonymous/452761.html 2/10/2012 Denial of Service Insufficient Anti-automation
Downtime Government Moscow, Russia Yes Anonymous
Hackers have attacked Brazilian financial websites, including Citigroup Inc. (NYSE:C).
Citigroup Inc. (NYSE:C) Hit By Hackers Citigroup, Inc. 34.35 +0.94 (+2.81%) Intraday3
Month6 Month1 Year A group of Brazilian hackers named ‰Û÷Anonymous Brazil‰Ûª
have attacked a series of financial websites in Brazil, including Citigroup Inc. (NYSE:C),
2012-130 WHID 2012-130: Citigroup Inc. (NYSE:C) Hit By Hackers Febraban, Banco BMG and other institutions. http://www.emoneydaily.com/citigroup-inc-nysec-hit-by-hackers/69823284/ 2/6/2012 Denial of Service Insufficient Anti-automation
Downtime Finance Brazil Yes Anonymous
2012-13 WHID 2012-13: MMA notes: UFC website hacked A criminal investigation is underway after UFC.com was hacked Sunday. http://www.torontosun.com/2012/01/25/mma-notes-ufc-website-hacked 1/25/2012 DNS Hijacking Unknown Defacement Entertainment Las Vegas, NV No NA 1 Unknown Unknown
Online hackers' group Anonymous blocked temporarily on Saturday the website of
Slovenia's largest bank NLB, while thousands protested in Ljubljana against an anti-piracy
2012-129 WHID 2012-129: Hackers block Slovenian largest bank NLB's website pact. http://www.google.com/hostednews/afp/article/ALeqM5ilturtoKhGM1fSlrXKtodx5KAysw?docId=CNG.e27edd710da10fc1025f9684e4b281b4.471 2/4/2012 Denial of Service Insufficient Anti-automation
Downtime Finance Slovenia Yes Anonymous
Only hours after two of its biggest releases ever, the online collective Anonymous is taking
2012-128 WHID 2012-128: Department of Homeland Security website hacked by Anonymous credit for crashing the website of the US Department of Homeland Security. https://rt.com/usa/news/homeland-security-website-anonymous-473/ 2/4/2012 Denial of Service Insufficient Anti-automation
Downtime Government Washington, DC Yes Anonymous
A group linked to the hacker network Anonymous on Saturday said it had attacked the
Swedish government's website, bringing it down for periods of time by overloading it with
traffic. Read more: http://www.foxnews.com/scitech/2012/02/04/hackers-apparently-hit-
2012-127 WHID 2012-127: Hackers apparently hit Swedish government site swedish-government-site/#ixzz1sEEKo9es http://www.foxnews.com/scitech/2012/02/04/hackers-apparently-hit-swedish-government-site/ 2/4/2012 Denial of Service Insufficient Anti-automation
Downtime Government Stockholm, Sweden Yes Anonymous
A computer hacker managed to compromise Daniel Negreanu‰Ûªs PokerStars and e-
mail accounts, sitting down at the virtual felt under the Canadian pro‰Ûªs screen name
and recklessly playing with Negreanu‰Ûªs $100,000 in funds on account at the world‰
2012-126 WHID 2012-126: Daniel Negreanu‰Ûªs PokerStars Account Hacked Ûªs top poker site. http://www.pokernewsreport.com/daniel-negreanus-pokerstars-account-hacked-7299 2/3/2012 Unknown Unknown Monetary Loss Entertainment UK
Criminal hackers have found a way round the latest generation of online banking security
2012-125 WHID 2012-125: Hackers outwit online banking identity security systems devices given out by banks, the BBC has learned. http://www.bbc.co.uk/news/technology-16812064 2/10/2012 Banking Trojan Insufficient Process Validation
Monetary Loss Finance UK
With its website hacked thrice in the past month officials of Druk Holdings and Investments
(DHI), a Nu 45 B company and the investment arm of the government, say the problem is
2012-124 WHID 2012-124: DHI website hacked thrice in a month partly because of lapses with Bhutan Telecom. http://www.kuenselonline.com/2011/?p=26344 2/3/2012 Unknown Unknown Defacement Finance Bhutan
Ukrainian News Agency The President's website has come under hacker attack, the
President's press secretary, Daria Chepak, writes in her blog at Ukrainska Pravda.
"Unknown persons have been attacking the official website of the President of Ukraine
2012-123 WHID 2012-123: President's Website Comes Under Hacker Attack since today's night," she said. http://un.ua/eng/article/373136.html 2/1/2012 Denial of Service Insufficient Anti-automation
Downtime Government Ukraine Yes
Media giant Fairfax has confirmed that two of its microsites were hacked this month but
claims that up to 10,000 unencrypted credit card details compromised in the same attack
2012-122 WHID 2012-122: Fairfax microsites hacked were not Fairfax customers. http://www.scmagazine.com.au/News/288661,fairfax-microsites-hacked.aspx 2/1/2012 SQL Injection Improper Input Handling Leakage of Information Media Australia
Emert isn‰Ûªt alone. There is an ever-growing Apple support forum of people who have
say their iTunes accounts have been hacked. It's been going on more than a year and
now there are more than 65 pages in the forum with hundreds of replies. Most of them
ask the same questions of Apple, wondering if they can get their money back. Emert was
2012-121 WHID 2012-121: iTunes hackers are emptying accounts able to get a one-time refund. http://www.abc2news.com/dpp/money/consumer/scam_alerts/itunes-hackers-are-emptying-accounts 1/30/2012 Unknown Unknown Monetary Loss Retail Cupertino, CA
Hackers are compromising WordPress 3.2.1 blogs in order to infect their visitors with the
2012-120 WHID 2012-120: Hackers infect WordPress 3.2.1 blogs to distribute TDSS rootkit notorious TDSS rootkit, according to researchers from Web security firm Websense. http://www.techworld.com.au/article/413924/hackers_infect_wordpress_3_2_1_blogs_distribute_tdss_rootkit/?fp=16&fpid=1 2/1/2012 Unknown Improper Output HandlingPlanting of Malware Blogs Multiple
After FBI Federal agents executed a shutdown on the files sharing website Megaupload
2012-12 WHID 2012-12: Anonymous takedown FBI as Megaupload Shutdown retaliation on Thursday, the response of Internet comes rapidly from none other than Anonymous. http://www.nationalturk.com/en/anonymous-takedown-fbi-as-megaupload-shutdown-retaliation-16006 1/20/2012 Denial of Service Insufficient Anti-automation
Downtime Government United States Yes Distributed Denial of Service
6+ United StatesUnknown Unknown None NA
Hackers from the Anonymous Movement group fought out a day-long attack against
websites of Brazil's Banco Itau SA on Monday, shutting down service on several
2012-119 WHID 2012-119: Hackers Attack Website of Brazil's Itau; May Try Other Banks occasions, and threatened more action during the week. http://online.wsj.com/article/SB10001424052970204652904577193920234068442.html 1/30/2012 Denial of Service Insufficient Anti-automation
Downtime Finance Sao Paulo, Brazil Yes Anonymous
Another Latest Tip come in my Inbox today about the leak of Database of Universal Music
Portugal's website. Hacker did not mention his name,or Codename, But he enumerate the
Database and Extract it by Hacking the Site. 100's of Tables from Database and Users
Data has been leaked via a pastebin File. It includes the Usernames, Passwords and
2012-118 WHID 2012-118: Universal Music Portugal database dumped by Hackers Emails ID's of Users of Site. http://thehackernews.com/2012/01/universal-music-portugal-database.html 1/29/2012 SQL Injection Improper Input Handling Leakage of Information Entertainment Portugal
Dana White loves a good fight. But the Ultimate Fighting Championship president may
have second thoughts about mixing it up with members of the hacker collective
Anonymous on Thursday night on Twitter, where he was on the receiving end of a brutal
2012-117 WHID 2012-117: UFC president hacked after scrapping with Anonymous punch. http://www.cnn.com/2012/01/27/tech/web/ufc-anonymous-sopa/index.html 1/27/2012 Denial of Service Insufficient Anti-automation
Downtime Entertainment US Yes Anonymous
According to a statement from Ticketmaster, scalpers with ‰ÛÏsophisticated‰Û
computer programs are to blame. Scalpers targeted the site with Distributed Denial of
Service attacks, which generated extra junk traffic, resulting in the unresponsiveness of
the site. Read more at http://www.inquisitr.com/187910/scalpers-aggressively-go-after-
2012-116 WHID 2012-116: Scalpers aggressively go after Bruce Springsteen tickets, disappoint fans bruce-springsteen-tickets-disappoint-fans/#HYCdxfUHLpbzUS9E.99 http://www.inquisitr.com/187910/scalpers-aggressively-go-after-bruce-springsteen-tickets-disappoint-fans/#HYCdxfUHLpbzUS9E.99 1/29/2012 Denial of Service Insufficient Anti-automation
Downtime Retail US Yes
Here's another delicious Byte. Ucha Gobejishvili, a Georgian Security Researcher under
the handle of longrifle0x, discovered two Cross-site Scripting (XSS) vulnerabilities on the
official website of Forbes. Read more: http://null-byte.wonderhowto.com/blog/forbes-
exploited-xss-vulnerabilities-allow-phishers-hijack-sessions-steal-logins-
2012-115 WHID 2012-115: Forbes Exploited: XSS Vulnerabilities Allow Phishers to Hijack Sessions & Steal0133051/#ixzz1sDnk6Vc7
Logins Read more: Forbes Exploited: XSS Vulnerabilities Allow Phishers to Hijack Sessions http://null-byte.wonderhowto.com/blog/forbes-exploited-xss-vulnerabilities-allow-phishers-hijack-sessions-steal-logins-0133051/#ixzz1sDnUwuwm
& Steal Logins 1/27/2012 Cross-site Scripting (XSS)
Improper Output HandlingAccount Takeover Media US
The official website of the Nigeria Labour Congress (NLC) came under attack yesterday
from a group calling itself NaijaCyber Hacktivites. The hackers defaced the website and
called two leaders of the union traitors for allegedly selling out to the Federal Government
2012-114 WHID 2012-114: NLC‰Ûªs website hacked over the oil subsidy removal. http://www.thenationonlineng.net/2011/index.php/news-update/34830-nlc%E2%80%99s-website-hacked.html 1/28/2012 Unknown Unknown Defacement Government Nigeria
Three high school juniors have been arrested after they devised a sophisticated hacking
2012-113 WHID 2012-113: Students busted for hacking computers, changing grades scheme to up their grades and make money selling quiz answers to their classmates. http://www.theregister.co.uk/2012/01/27/students_hack_teachers_computers/ 1/27/2012 Stolen Credentials Insufficient AuthenticationFraud Education California
Lithuania's central bank said Friday it had been hit by a cyber-attack, but had eventually
2012-112 WHID 2012-112: Lithuanian central bank hit by cyber-attack overcome the assault on its website and other online services. http://www.google.com/hostednews/afp/article/ALeqM5ifPzsAaVafW485uqxHES1G5YjxgQ?docId=CNG.db52691d2005cab46bbe09fa2b685ee4.ee1 1/27/2012 Denial of Service Insufficient Anti-automation
Downtime Finance Vilnius, Lithuania Yes
An Israeli hacker calling himself Hannibal stole and exposed the Facebook login
credentials of 85,000 Arabs earlier this week. It's the latest retaliatory strike in a politically
motivated battle between Israeli and Arab hackers that's been going strong since the
2012-111 WHID 2012-111: Israeli Hacker Steals 85,000 Arabs' Facebook Logins beginning of the month. http://www.msnbc.msn.com/id/46133351/ns/technology_and_science-security/#.T4w5lZpWrUU 1/25/2012 Unknown Unknown Leakage of Information Social San Francisco, CA
Infamous hacking enclave Anonymous continued its quest for retribution Tuesday,
claiming responsibility for shutting down OnGuardOnline.com, a Website managed by the
2012-110 WHID 2012-110: 'Anonymous' hackers target FTC U.S. Federal Trade Commission (FTC) http://news.medill.northwestern.edu/chicago/news.aspx?id=199000 1/24/2012 Denial of Service Insufficient Anti-automation
Downtime Government Washington, DC Yes Anonymous
With construction work shutting down the inbound lanes of the Mercier Bridge later today
2012-11 WHID 2012-11: Mercier Bridge website hacked you may find yourself looking for information on the Mercier Bridge website. http://www.cjad.com/CJADLocalNews/entry.aspx?BlogEntryID=10337095 1/19/2012 Unknown Unknown Defacement Government Canada No NA 1 Unknown Unknown Unknown None None
ONLINE hackers have shut down the websites of the two of the Government's biggest
2012-109 WHID 2012-109: Hackers crash Government websites departments. http://www.herald.ie/news/hackers-crash-government-websites-2999104.html 1/25/2012 Denial of Service Insufficient Anti-automation
Downtime Government Ireland Yes Anonymous
On the afternoon of January 25, 2012 around 5:30pm Pacific Time, the world's largest
social network underwent a Denial of Service attack and service outages were reported in
2012-108 WHID 2012-108: Facebook under Denial of Service Attack, confirms AnonSec several countries. http://www.fudzilla.com/home/item/25713-facebook-under-denial-of-service-attack-confirms-anonsec 1/26/2012 Denial of Service Insufficient Anti-automation
Downtime Social San Francisco, CA Yes Anonymous Facebook
Tel Aviv - Unknown hackers immobilized the websites of two Israeli hospitals Wednesday,
after targeting them with denial of service attacks, the latest salvo in the cyber war
2012-107 WHID 2012-107: Hackers immobilize websites of two Israeli hospitals between pro-Israelis and pro-Palestinians. http://news.monstersandcritics.com/middleeast/news/article_1687401.php/LEAD-Hackers-immobilize-websites-of-two-Israeli-hospitals 1/25/2012 Denial of Service Insufficient Anti-automation
Downtime Healthcare Tel-Aviv, Israel Yes
Republican Iowa Sen. Chuck Grassley‰Ûªs twitter account was hacked today by the
2012-106 WHID 2012-106: Sen. Grassley‰Ûªs Twitter Account Hacked by SOPA Protesters group ‰ÛÏAnonymous,‰Û protesting the anti-piracy bills being considered in Congress. http://abcnews.go.com/blogs/politics/2012/01/sen-grassleys-twitter-account-hacked-by-sopa-protesters/ 1/23/2012 Brute Force Insufficient AuthenticationDisinformation Social San Francisco, CA Twitter
Kevin Bacon has warned fans to beware of hoax Twitter.com posts advertising a
2012-105 WHID 2012-105: Kevin Bacon - Kevin Bacon's Twitter Blog Hacked weightloss product after his blog was targeted by hackers. http://www.contactmusic.com/news/kevin-bacons-twitter-blog-hacked_1285736 1/22/2012 Unknown Unknown Spam Social San Francisco, CA Twitter
We spoke about it last year, and this year, it has happened again. Yes, against every
imaginable possibility, 103 government web sites were hacked by an individual calling
2012-104 WHID 2012-104: How 103 Kenya govt sites were hacked himself Direxer. http://www.nation.co.ke/Tech/How+103+govt+sites+were+hacked+/-/1017288/1312336/-/item/0/-/a8i6bj/-/index.html 1/22/2012 Brute Force Insufficient AuthenticationDefacement Government Kenya
Late Sunday evening, both "The Daily Show" and "The Colbert Report" official Twitter
2012-103 WHID 2012-103: 'The Daily Show' And 'Colbert Report' Twitter Accounts Hacked By Anonymous accounts
Sympathizers
were hacked. http://www.huffingtonpost.com/2012/01/23/the-daily-show-colbert-report-twitter-hacked_n_1223267.html 1/23/2012 Unknown Unknown Disinformation Social San Francisco, CA Twitter
Hackers' group Anonymous brought down several Polish government websites over the
weekend, including the websites of the Sejm (Poland's lower house of parliament), the
Prime Minister's Chancellery, the Ministry of Culture, the Ministry of Justice and the
2012-102 WHID 2012-102: Anonymous attacks Polish government websites Internal Security Agency. Even the prime minster's daughter's blog was targeted. http://www.wbj.pl/article-57691-anonymous-attacks-polish-government-websites.html?typ=wbj 1/23/2012 Denial of Service Insufficient Anti-automation
Downtime Government Warsaw, PL Yes Anonymous
Hackactivist outfit Anonymous has had a busy weekend and appears to have done a little
more than its trademark denial-of-service attack against CBS. According to Gizmodo,
Anonymous not only managed to take down the CBS.com website yesterday but it
2012-101 WHID 2012-101: CBS is offline and its servers are wiped managed to wipe every file it found in its servers. http://news.techeye.net/security/cbs-is-offline-and-its-servers-are-wiped#ixzz1sDE7V5ir 1/23/2012 DNS Hijacking Unknown Defacement Entertainment New York, NY Anonymous
This happened on 21 December 2012, when the hacker uncovered a coding error in the
website and used an SQL injection to log in to the administrators’ interface, the report
2012-100 WHID 2012-100: ICO fines travel firm £150,000 after hacker steals card details from more than aexplained.
million customers http://www.v3.co.uk/v3-uk/news/2357033/ico-fines-travel-firm-gbp150-000-after-hacker-steals-over-a-million-card-details 12/21/2012 SQL Injection Improper Input Handling Leakage of Information Travel
The Australian Securities & Investment Commission has warned stockbrokers and
shareholders of hacking events involving unauthorised online account access and tradin
Read more: http://www.smh.com.au/it-pro/security-it/stockbrokers-hit-by-cyber-hack-
2012-100 WHID 2012-100: Stockbrokers hit by cyber hack 20120123-1qdox.html#ixzz1sDCs9pqh http://www.smh.com.au/it-pro/security-it/stockbrokers-hit-by-cyber-hack-20120123-1qdox.html 1/20/2012 Stolen Credentials Insufficient AuthenticationMonetary Loss Finance Sydney, Australia http://www.asic.gov.au/asic/asic.nsf/byHeadline/12-05AD%20Online%20trad
A hacker or hackers took over the front page of the city website, leaving a message that
could be seen Tuesday supporting the Occupy movement and denouncing the proposed
2012-10 WHID 2012-10: Rancho Mirage city website hacked Stop Online Piracy Act. http://www.mydesert.com/article/20120117/NEWS01/120117002/Rancho-Mirage-city-website-hacked 1/17/2012 Unknown Unknown Defacement Government California Unknown NA 1 Unknown Unknown Unknown Unknown
Hackers struck twice on New Year's Day, defacing another government website on
Sunday evening and calling anew for "information security" but this time, also appearing to
2012-1 WHID-2012-1: PrivateX hacker group defaces Office of Vice President site again taunt its target. http://www.gmanetwork.com/news/story/243236/scitech/technology/privatex-hacker-group-defaces-office-of-vice-president-site-again 1/1/2012 Unknown Unknown Defacement Government Phillipines No N/A 1 Unknown Unknown
In October and December 2009, an employee of a Lookout customer was able to gain
access to the product's database by typing a URL into a Web browser, the FTC said in its
complaint. The intruder was able to gain access to personal information, including Social
2011-99 WHID 2011-99: FTC settles data breach charges against two firms Security numbers, of about 37,000 consumers, the FTC said. http://news.idg.no/cw/art.cfm?id=2761F224-1A64-67EA-E41CDB96A756125A 10/1/2009 Predictable Resource Location
Insufficient Authorization Leakage of Information Information Services Palo Alto, CA http://ftc.gov/os/caselist/1023076/110503lookoutservicesanal.pdf
Sony Corp. took further steps to contain a serious data breach: temporarily shuttering the
Website of Sony Online Entertainment and station.com, another of the technology
company's online gaming networks, even as it signaled the slow return of its PlayStation
2011-98 WHID 2011-98: Sony Darkens Another Network As Breach Investigation Widens Network to operation. http://threatpost.com/en_us/blogs/sony-darkens-another-network-breach-investigation-widens-050211 5/2/2011 Unknown Unknown Leakage of Information Entertainment Tokyo, Japan
The Pakistani programmer who dubbed himself "the guy who liveblogged the Osama raid
without knowing about it" is also the guy who got his website hacked without knowing
2011-97 WHID 2011-97: Man who liveblogged Bin Laden raid was hacked about it. http://www.computerworld.com/s/article/9216341/Man_who_liveblogged_Bin_Laden_raid_was_hacked 5/2/2011 Unknown Improper Output HandlingPlanting of Malware Blogs Berkeley, CA
2011-96 WHID 2011-96: Click-jacking on Facebook WebSense analyzes a recent click-jacking attack against FaceBook users. http://community.websense.com/blogs/securitylabs/archive/2011/05/02/a-weekend-of-click-jacking-on-facebook.aspx 5/2/2011 Clickjacking Application Misconfiguration
Link Spam Web 2.0 Palo Alto, CA
A popular sports website late last week was spotted serving up malware in what
researchers say appears to be a targeted attack and not part of a mass SQL injection
2011-95 WHID 2011-95: Researchers Catch Targeted Attack On Popular Soccer Website campaign. http://www.darkreading.com/advanced-threats/167901091/security/application-security/229402594/researchers-catch-targeted-attack-on-popular-soccer-website.html 5/2/2011 Unknown Improper Output HandlingPlanting of Malware Sports Luxembourg
District officials suspect a student, or several, swiped teachers' passwords for online grade
books, possibly using a key-logger device or keystroke-recording software that captures
2011-94 WHID 2011-94: High school hackers expose security gap in Seattle Public Schools every keystroke, including IDs and passwords http://seattletimes.nwsource.com/html/editorials/2014914193_edit02grades.html 5/1/2011 Stolen Credentials Insufficient AuthenticationDisinformation Education Seattle, WA
The Land Public Transport Commission (SPAD) website was hacked yesterday and a
screenshot of the controversial sex video allegedly involving a top politician was posted on
2011-93 WHID 2011-93: Hacker posts screenshot of sex video on SPAD website its main page. http://thestar.com.my/news/story.asp?file=/2011/5/2/nation/8591951&sec=nation 5/2/2011 Unknown Improper Output HandlingDefacement Government Malaysia
The infamous Anonymous hacking group has crippled a string of Iranian state websites
including those of the Office of the Supreme Leader, state police and the Islamic
2011-92 WHID 2011-92: Anonymous attacks Iranian state websites Revolutionary Guards in attacks launched yesterday. http://www.securecomputing.net.au/News/256057,anonymous-attacks-iranian-state-websites.aspx 5/2/2011 Denial of Service Insufficient Anti-automation
Downtime Government Iran
Internet and mobile banking at the Rabobank has been badly hit by an attack on its
computer network, the company reported on Monday. The denial of service attack, in
which the target computer is saturated with external communications requests, has made
2011-91 WHID 2011-91: Rabobank network floored by cyber attack the network unavailable to its customers. http://www.dutchnews.nl/news/archives/2011/05/rabobank_network_floored_by_cy.php 5/2/2011 Denial of Service Insufficient Anti-automation
Downtime Finance Netherlands
Subscribers to ISP news and review site DSLReports.com have been notified that their e-
mail addresses and passwords may have been exposed during an attack on the Web site
earlier this week.
The site was targeted in an SQL injection attack yesterday and about 8 percent of the
subscribers' e-mail addresses and passwords were stolen, Justin Beech, founder of
DSLReports.com, wrote in an e-mail to members. That would be about 8,000 random
accounts of the 9,000 active and 90,000 old or inactive accounts created during the site's
2011-90 WHID 2011-91: Anonymous takes down El Salvadoran sites 10-year history, Beech said in an e-mail to CNET today. http://news.cnet.com/8301-27080_3-20058471-245.html 4/28/2011 SQL Injection Improper Input Handling Leakage of Information News USA No
It's reported that a Runes of Magic player called 'augustus87' has hacked Frogster's
database and threatened to release the data that contain over 3.5 million players' info to
2011-9 WHID 2011-9: Hacker Attacked Runes of Magic Database, Holding Users' Info as Hostages public, and even shut down the game's servers unless Frogster meet his demands. http://news.mmosite.com/content/2011-01-18/hacker_attacked_runes_of_magic_database_holding_users_info_as_hostages.shtml 18-Jan-11 SQL Injection Improper Input Handling Extortion Entertainment Sacramento, CA No
This time it wasn't an "advanced persistent threat" that China was associated with: a fraud
alert issued by the FBI today implicates China in a cybercrime operation that bilked U.S.-
2011-89 WHID 2011-89: China Implicated In Hacking Of SMB Online Bank Accounts based small- to midsize businesses of $11 million over the past year. http://www.informationweek.com/news/security/vulnerabilities/229402300 4/26/2011 Banking Trojan Insufficient AuthenticationMonetary Loss Finance Yes 20 China http://www.ic3.gov/media/2011/ChinaWireTransferFraudAlert.pdf
Earlier the other day, I was browsing through the Yahoo! PH site and the Yahoo! Purple
Hunt 2.0 ad caught my attention. Curious, I clicked the ad and found my browser
2011-88 WHID 2011-88: Yahoo! PH Purple Hunt 2.0 Ad Compromised downloading a suspicious file named com.com. http://blog.trendmicro.com/yahoo-ph-purple-hunt-2-0-ad-compromised/ 4/24/2011 Malvertising Improper Output HandlingPlanting of Malware Search Engine USA No
Sony‰Ûªs PlayStation Network has been down since Wednesday and stayed kaput
throughout the weekend. Sony has admitted that the outage was due to their network
being hacked but has not given any further details. But now, a source closely connected
with Sony Computer Entertainment Europe (SCEE) reports that the attack is much deeper
than admitted by Sony. The source claims that the PSN sustained a LOIC attack (which
created a denial-of-service attack) that damaged the server. Plus, it received concentrated
2011-87 WHID 2011-87: PSN Admin Dev Accounts Got Hacked attacks on the servers holding account information and breached the Admin Dev accounts. http://www.slashgear.com/psn-admin-dev-accounts-got-hacked-source-claims-service-to-return-by-tuesday-24148081/ 4/24/2011 Brute Force Insufficient Anti-automation
Account Takeover Entertainment Tokyo, Japan No
‰ÛÏBefore the cybercriminals launched their TDoS attack, they found a way to obtain Dr.
Thousand‰Ûªs Ameritrade account information and password. Victims in these cases are
often targeted through phishing attempts or by clicking an innocuous-looking email link
that downloads malware to their system. In this manner, criminals are able to capture
account details, passwords and other personal information. Once they have access to an
account, they can then change the contact numbers and impersonate the victim when
2011-86 WHID 2011-86: Cybercrime Extracts $399,000 from Florida Dentist‰Ûªs Account communicating with the bank or broker.‰Û http://www.prweb.com/releases/2011/4/prweb8338409.htm 4/25/2011 Banking Trojan Insufficient AuthenticationMonetary Loss Online Trading Omaha, NE No USA
NEW DELHI: The website of the Indian Institute of Management-Bangalore has been
hijacked by hackers peddling erectile dysfunction products like Viagra. The website, www.
2011-85 WHID 2011-85: IIM-B website hacked iimb.ernet.in, has been out of service for at least ten days. http://timesofindia.indiatimes.com/tech/news/internet/IIM-B-website-hacked/articleshow/8080736.cms??prtpage=1 4/25/2011 Unknown Improper Output HandlingLink Spam Education No
LANCASTER, S.C. -- The Lancaster County School District says hackers may have stolen
the personal information of 25,000 students in the district's database.

Schools officials are now trying to contact everyone who might have been affected.
2011-84 WHID 2011-84:Hackers access personal info of Lancaster County students Information stored in the database goes back 10 years. http://www.wcnc.com/news/local/Personal-Information-of-Thousands-exposed-to-Internet-Hackers-120316064.html 4/19/2011 SQL Injection Improper Input Handling Leakage of Information Education South Carolina No 25,000
Prosecutors have accused a Minnesota man of hacking into other people's Facebook and
other computer accounts and stealing photos of women to post on adult websites.

Prosecutors charged Timothy Peter Noirjean, 26, of Woodbury, with 13 counts of identity
theft, alleging that from February 2010 through March 2010 he contacted women online
and duped them into providing him with personal information that allowed him to hack their
Facebook and other accounts. After hacking a Facebook account, prosecutors say
Noirjean would pose as the owner to make contact with that person's friends and try to
gain access to more computer accounts.

Read more: http://www.foxnews.com/us/2011/04/20/minn-man-accused-hacking-

2011-83 WHID 2011-83: Minn. man accused of hacking Facebook accounts facebook-accounts/#ixzz1KBSiqxBX http://www.foxnews.com/us/2011/04/20/minn-man-accused-hacking-facebook-accounts/ 4/21/2011 Social Engineering Insufficient Password Recovery
Account Takeover Web 2.0 Palo Alto, CA No Facebook
It's looking more likely that loose-knit 'hacktivist' collective Anonymous may have pulled off
the "biggest ever" attack on Sony's PlayStation network (PSN), as company engineers are
2011-82 WHID 2011-82: Sony fears Anonymous hack as PSN stays down investigating the possibility that the online gaming service has been hacked. http://www.thinq.co.uk/2011/4/21/sony-fears-anonymous-hack-psn-stays-down/ 4/21/2011 Denial of Service Insufficient Anti-automation
Downtime Entertainment Tokyo, Japan No
Being one of the region‰Ûªs leading news agencies, Al-Arabiya which is part of MBC
Group, the largest broadcasting company in the Middle East has been hacked by an
unknown group signed only with ‰Û÷Crack_Man‰Ûª stating it has been ‰Û÷powered
morocco‰Ûª.

The hacked website comes in a long lasting tradition of security flaws in the website
leading to the recurrent event of the portal being hacked during political instability hits the
region usually as an expression of disagreeing with what many consider the news
2011-81 WHID 2011-81: AlArabiya.net Hacked‰Û_Again agency‰Ûªs Western oriented liberal point of view. http://thenextweb.com/me/2011/04/21/alarabiya-net-hacked-again/ 4/21/2011 Unknown Unknown Defacement News Saudi Arabia No
Rolf Hilchner, CEO of Ashampoo, has posted on the company‰Ûªs website explaining
exactly what has happened. Apparently hackers managed to break into one of
Ashampoo‰Ûªs servers that held customer data. There was a hole in their security and
by using it Ashampoo customer names and e-mail addresses have been taken, but no
2011-80 WHID 2011-80: Ashampoo server hacked, customer names and e-mail addresses stolen payment and billing information was accessed. http://www.geek.com/articles/geek-pick/ashampoo-server-hacked-customer-names-and-e-mail-addresses-stolen-20110421/ 4/21/2011 SQL Injection Improper Input Handling Leakage of Information Retail No http://www.ashampoo.com/en/usd/dth
Players club points can be a valuable commodity when it comes to casinos, and hackers
are now taking aim at player accounts. Several cases have been reported in Las Vegas of
hackers getting into players club accounts and stealing the accumulated points.

When a gambler signs up for a player club card, they are usually rewarded with fifty or one
hundred players points. As the gambler plays at the tables and on the slot machines,
points are accumulated and used for such things as free hotel rooms and food. The points
can sometimes be used as free play on the slot machines.

The Nevada Gaming Control Board is now investigating the cases of players having their
points stolen. The Board is not only targeting the hackers, but also the casinos that have
2011-8 WHID 2011-8: Casino Gambler Databases Becoming A Key Tool For Hackers players information in their databases. http://www.casinogamblingweb.com/gambling-news/casino-gambling/casino_gambler_databases_becoming_a_key_tool_for_hackers_56344.html 19-Jan-11 SQL Injection Improper Input Handling Monetary Loss Entertainment Nevada No
Change.org, an online petitioning platform, has come under an ongoing distributed denial
of service (DDoS) attack originating from China after the site hosted a call urging Chinese
2011-79 WHID 2011-79: Change.org Victim of DDoS Attack From China authorities to release artist Ai Weiwei from custody. http://www.pcworld.com/printable/article/id,225672/printable.html 4/19/2011 Denial of Service Insufficient Anti-automation
Downtime Politics No China
The Children's Place Retail Stores Inc. said Tuesday that its customer email address
database was recently accessed by an unauthorized third party. The database is stored at
an external email service provider, according to company officials. The external service
provider confirmed that only email addresses were accessed and no other personal
2011-78 WHID 2011-78: The Children's Place, popular kid's clothing retailer, hit with database breach information was obtained. http://www.csoonline.com/article/679983/the-children-s-place-popular-kid-s-clothing-retailer-hit-with-database-breach 4/19/2011 Unknown Unknown Phishing Retail Cambridge, MA No
Politically-motivated hackers are thought to be behind a DDoS attack on alternative news
site Newsnet Scotland, launched on Monday days before Scotland is due to vote in
fiercely contested local elections.

The attack, if that's what it is, left the site unavailable from Monday afternoon into the early
2011-77 WHID 2011-77: Scottish news site hit by 'DDoS attack' in run-up to elections hours of Tuesday morning. http://www.theregister.co.uk/2011/04/19/scottish_news_site_ddos/ 4/19/2011 Unknown Application Misconfiguration
Downtime Government Scotland No
According to a story released on the Auto Trader blog page, the Auto Trader website was
subject to an attack from midday on Apil 19th until the early hours of April 20th.

The attack disrupted access to the site, causing it to run slowly or not open at all.
According to the blog the attack originated from abroad. Such attacks, called denial of
service, or DDOS attacks, are designed to disrupt web traffic and not to access personal
2011-76 WHID 2011-76: Auto Trader website attacked details. http://www.honestjohn.co.uk/news/buying-and-selling/2011-04/auto-trader-website-attacked/ 4/19/2011 Denial of Service Insufficient Anti-automation
Downtime Automotive No
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
The website of water concessionaire Manila Water was hacked early Sunday, with visitors
to the site seeing a small window indicating the breach.

WHID Analysis - looking at the html in the pages, it appears as though sql injection was
the attack vector -

<script type="text/javascript">

function show_alert()

alert("hacked! pakifix po yung blind sql po sa server nyo :D");

2011-75 WHID 2011-75: Manila Water's website hacked </script> http://www.gmanews.tv/story/218014/nation/manila-waters-website-hacked 4/17/2011 SQL Injection Improper Input Handling Defacement Energy Manila, Philippines No
In an email interview with the IDG News Service, Bigr R, said he was a former employee
of NextEra's parent company, Florida Power & Light. He said he used a bug in the Cisco
Security Device Manager software used by NextEra to break into the site. "They gave to it
public IP, so it was easy to hack into it through the Web," he said. "They used default
passwords, which I got from one of administrators. Then I obtained level 15 priv.
(superuser), and understood the topology of SCADA networks. Then it was easily to detect
2011-74 WHID 2011-74: Wind Power Company Hacked SCADA and turn it off." http://www.computerworld.com/s/article/9215881/Wind_power_company_sees_no_evidence_of_reported_hack 4/18/2011 Brute Force Insufficient AuthenticationLeakage of Information SCADA New Mexico, USA No
Login credentials for database, email and other key systems that a poster claims belong to
the European Space Agency were posted on a full disclosure mailing list over the
2011-73 WHID 2011-73: Royal Navy hacker claims to have broken into space agency site weekend. http://www.eweekeurope.co.uk/news/european-space-agency-confirms-ftp-server-hack-26976 4/18/2011 SQL Injection Improper Input Handling Leakage of Information Government San Jose, CA No
Malicious hackers have successfully breached WordPress.com servers and potentially
made off with sensitive bits of the publishing platform's underlying code. The breach could
impact premium customers using Wordpress for their websites, including Flickr, NASA,
2011-72 WHID 2011-72: WordPress Hack Could Put Premium Users at Risk Yahoo, and The New York Times. http://www.pcworld.com/article/225158/wordpress_hack_could_put_premium_users_at_risk.html 4/13/2011 Unknown Unknown Leakage of Information Blogs USA No WordPress
Malaysian online news portal Malaysiakini has been inaccessible since late afternoon
ahead of the Sarawak state election which will be held tomorrow.

Malaysiakini, together with Sarawak Report, another site critical of the Sarawakian
government under long-serving Chief Minister Taib Mahmud, have been under relentless
2011-71 WHID 2011-71: Malaysiakini under DDOS attack ahead of Sarawak election tomorrow denial-of-service (DDOS) attacks which temporarily brought them down in last few days http://www.temasekreview.com/2011/04/15/malaysiakini-under-ddos-attack-ahead-of-sarawak-election-tomorrow/ 4/15/2011 Denial of Service Insufficient Anti-automation
Downtime Government Malaysia No
The US Postal Service website received an unwelcome delivery this week of a new attack
rapidly spreading among legitimate websites. USPS became the latest victim of the so-
called "Blackhole" toolkit, a wildly popular website attack kit that's easy to use and
2011-70 WHID 2011-70: US Postal Service Website Hit With 'Blackhole' Exploit provides obfuscation features that help it evade antivirus detection. http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/229401258/us-postal-service-website-hit-with-blackhole-exploit.html 4/8/2011 Unknown Improper Output HandlingPlanting of Malware Retail Cambridge, MA No
A hacker gained access to a database with the credit card information of 18,000
2011-7 WHID 2011-7: Hacker Breaks Into UConn Husky Store Website customers of the UConn Co-op's HuskyDirect.com website, the UConn Co-op said. http://www.courant.com/business/hc-uconn-coop-data-breach-20110112,0,6878993.story 12-Jan-11 SQL Injection Improper Input Handling Leakage of Information Education Hartford, Connecticut No
Korea's major lending company and a financial unit of Hyundai Motor Group announced
on Sunday that confidential credit information on its customers was leaked during a recent
hacker attack which investigators say seems to have been carried out via servers in Brazil
2011-69 WHID 2011-69: Credit Information at Hyundai Capital Leaked to Hacker and the Philippines. http://www.arirang.co.kr/News/News_View.asp?nseq=114741&code=Ne4&category=3 4/11/2011 SQL Injection Improper Input Handling Leakage of Information Automotive No Brazil
Try this for irony: The website of web application security provider Barracuda Networks
has sustained an attack that appears to have exposed sensitive data concerning the
company's partners and employee login credentials, according to an anonymous post.

Barracuda representatives didn't respond to emails seeking confirmation of the post, which
2011-68 WHID 2011-68: Hack attack spills web security firm's (Barracuda) confidential data claims the data was exposed as the result of a SQL injection attack. http://www.theregister.co.uk/2011/04/11/barracuda_networks_attack/ 4/11/2011 SQL Injection Improper Input Handling Leakage of Information Technology No
Hackers have taken control of the iTunes accounts of many users, using them to make
fraudulent purchases.

Cyber criminals are able to crack the accounts by using brute force attacks, where an
2011-67 WHID 2011-67: Hackers attack iTunes automated system tries thousands of popular passwords with each account name. http://www.computing.co.uk/ctg/news/2039945/hackers-attack-itunes 4/4/2011 Brute Force Insufficient Anti-automation
Fraud Retail No
Epsilon--the largest distributor of permission-based email in the world--revealed that
millions of individual email addresses were exposed in an attack on its servers. While no
other information was apparently compromised, security experts are warning users to
2011-66 WHID 2011-66: Epsilon Data Breach brace for a tidal wave of more precise spear phishing attacks. http://www.pcworld.com/businesscenter/article/224192/epsilon_data_breach_expect_a_surge_in_spear_phishing_attacks.html 4/4/2011 SQL Injection Improper Input Handling Leakage of Information Marketing No
Several Sony Web sites were offline today only days after the Anonymous hacker group
threatened to target the company over its lawsuit against PlayStation 3 hacker George
2011-65 WHID 2011-65: Sony sites offline after Anonymous attack threats Hotz. http://news.cnet.com/8301-27080_3-20051482-245.html 4/6/2011 Denial of Service Insufficient Anti-automation
Downtime Entertainment No
A security researcher has identified a bully video as a malicious app exploiting yet another
2011-64 WHID 2011-64: Facebook Bully Video Actually a XSS Exploit cross-site-scripting vulnerability on Facebook with a very sophisticated payload. http://www.eweek.com/c/a/Security/Facebook-Bully-Video-Actually-a-XSS-Exploit-121829/ 4/7/2011 Cross-site Request Forgery
Insufficient
(CSRF)Process Validation
Worm Web 2.0 USA No Facebook
LiveJournal Russian blog platform again stopped working some 35-40 minutes ago. This is
already the 3rd hack attack over the past two weeks.

Popular Russian blogger and SUP expert Roustem Adagamov tweeted that LiveJournal is
2011-63 WHID 2011-63: LiveJournal under DDoS attack right now under DDoS attack right now. http://www.panarmenian.net/eng/it_telecom/news/66359/LiveJournal_under_DDoS_attack_right_now 4/6/2011 Denial of Service Insufficient Anti-automation
Downtime Blogs No
A hacker known as ‰ÛÏPredator‰Û has been able to phish information from Xbox
Live‰Ûªs Director of Policy and Enforcement, Stephen Toulouse (aka ‰ÛÏStepto‰Û ),
gaining email and address information via his personal website server and was then able
2011-62 WHID 2011-62: Another Xbox Live director hacked! to alter the Chief‰Ûªs details online. http://blog.gadgethelpline.com/xbox-live-director-hacked/ 4/6/2011 Social Engineering Insufficient Process Validation
Account Takeover Entertainment No
Attackers have launched a large-scale SQL injection attack that has compromised several
thousand legitimate Websites, including a few catalog pages from Apple's iTunes music
2011-61 WHID 2011-61: LizaMoon Mass SQL Injection Attack Points to Rogue AV Site store. http://www.eweek.com/c/a/Security/LizaMoon-Mass-SQL-Injection-Attack-Points-to-Rogue-AV-Site-852537/ 3/29/2011 SQL Injection Improper Input Handling Planting of Malware Multiple Yes LizaMoon
The Internet hacktivist collective known as "Anonymous" successfully conducted a DDoS
attack on Warner Bros Records, temporarily taking down the company website Tuesday
afternoon (12:21 p.m. PST). In addition, several reports also indicate that the company's
2011-60 WHID 2011-60: Anonymous DDoS attack takes down Warner Bros Records: #OpPayBack website was temporarily taken down Monday as well. http://www.examiner.com/anonymous-in-national/anonymous-ddos-attack-takes-down-warner-bros-records-oppayback 3/29/2011 Denial of Service Insufficient Anti-automation
Downtime Media USA No Operation Payback
User forum Whirlpool was hit by a distributed denial-of-service (DDoS) attack last night,
according to the site's hosting provider BulletProof Networks.

Although BulletProof Networks chief operating officer (COO) Lorenzo Modesto first said
that Whirlpool was the only one of its customers to be affected by the attack, he said later
that its public and private managed cloud customers were experiencing intermittent
2011-6 WHID 2011-6: Whirlpool ISP hit by DDoS attack degraded network performance also. http://www.zdnet.com.au/whirlpool-hit-by-ddos-attack-339308730.htm 21-Jan-11 Denial of Service Insufficient Anti-automation
Downtime Service Providers Australia No
The hackers who compromised MySQL.com also targeted Sun.com with a SQL injection
2011-59 WHID 2011-59: Oracle's Sun.com Hit Along with MySQL.com in SQL Injection Attack attack, exposing database names and email addresses. http://www.eweek.com/c/a/Security/Oracles-Suncom-Hit-Along-with-MySQLCom-in-SQL-Injection-Attack-727118/ 3/29/2011 SQL Injection Improper Input Handling Leakage of Information Technology USA No
A currently unpatched XSS vulnerability in the mobile API version of Facebook is currently
being exploited to post messages to users' Walls, which serve as a gateway to the
specially crafted website exploiting the flaw.

The flaw has been misused for a while now, but has only recently been used widely.
Indonesian users are currently targeted by various groups using the vulnerability to their
advantage.

"It allows any website to include, for example, a maliciously prepared iframe element that
contains JavaScript or use the http-equiv attribute‰Ûªs ‰ÛÏrefresh‰Û value to redirect
the browser to the prepared URL containing the JavaScript," explains Symantec. "Any
user who is logged into Facebook and visits a site that contains such an element will
2011-58 WHID 2011-58: Facebook XSS flaw misused for automatic Wall posting automatically post an arbitrary message to his or her wall." http://www.net-security.org/secworld.php?id=10814 3/29/2011 Cross-site Request Forgery
Insufficient
(CSRF)Process Validation
Disinformation Web 2.0 USA No Facebook
MySQL.com was hacked over the weekend via an attack which used a blind SQL injection
exploit to pull off the pawnage.

Hackers extracted usernames and password hashes from the site, which were
2011-57 WHID 2011-57: MySQL.com hacked via... SQL injection vuln subsequently posted to pastebin.com. http://www.theregister.co.uk/2011/03/28/mysql_hack/ 3/28/2011 SQL Injection Improper Input Handling Leakage of Information Technology USA No Romainia usernames, passwords
A few days ago, Google accused the government of China for the second time to have
hacked into Gmail accounts in order to quash protest. Numerous problems of Chinese
customers have been signalled over the past month for both sending and flagging
2011-56 WHID 2011-56: China accused of hacking Gmail to suppress dissent messages. http://www.htlounge.net/art/15053/china-accused-of-hacking-gmail-to-suppress-dissent.html 3/24/2011 Unknown Insufficient AuthenticationSession Hijacking Service Providers USA No China GMail
Credit card information may have been stolen for some people who bought state park
passes on line. The Maine Bureau of Parks and Lands learned in February that their
online system for the sale of state park passes, provided by a private vendor, was hacked
2011-55 WHID 2011-55: State website hacked - Officials say 1000 people affected have been notified by "malware." http://www.wabi.tv/news/18888/state-website-hacked-officials-say-1000-people-affected-have-been-notified 3/25/2011 Unknown Unknown Leakage of Information Government Maine, USA No
The Department of Internal Affairs website is now back up and running after it was shut
2011-54 WHID 2011-54: Internal Affairs website back online after outage down - only days before it was due to be hacked by international cyber activist group. http://m.nzherald.co.nz/technology/news/article.php?c_id=5&objectid=10714882 3/25/2011 Denial of Service Insufficient Anti-automation
Downtime Government New Zealand No
TripAdvisor discovered a data breach in its systems that allowed attackers to grab a
2011-53 WHID 2011-53: Expedia's TripAdvisor Member Data Stolen in Possible SQL Injection Attack portion of the Website's membership list from its database. http://mobile.eweek.com/c/a/Security/Expedias-TripAdvisor-Member-Data-Stolen-in-Possible-SQL-Injection-Attack-522785/ 3/24/2011 SQL Injection Improper Input Handling Leakage of Information Hospitality USA No
Tens of thousands of people are feared to have had their computers infected by booby-
trapped adverts on websites including the London Stock Exchange as the full extent of a
cyber-attack which began on Sunday becomes apparent.
The scam, which also involved ads on Autotrader, Vue and six other websites, began on
Sunday after cyber-criminals hacked into an ad firm's IT system.
Malicious adverts were then released which caused fake virus warnings to pop-up on
WHID 2011-53: Thousands of home computers infiltrated after hackers infect high-profile websites
computers
with booby-trapped
belonging to
ads
those surfing the affected sites.
2011-53 http://www.dailymail.co.uk/sciencetech/article-1362205/Thousands-home-computers-infiltrated-hackers-infect-high-profile-websites-booby-trapped-ads.html 3/3/2011 Malvertising Improper Output HandlingPlanting of Malware Finance Yes
SEOUL, March 4 (Xinhua) -- A fresh wave of cyber attacks hit major South Korean Web
sites, including that of the presidential office Cheong Wa Dae, on Friday, local media
reported, citing industrial sources.

Starting 10 a.m. Friday, 40 web sites, including the ones of presidential office Cheong Wa
Dae, the Ministry of Foreign Affairs and Trade and top lender Kookmin Bank, came under
distributed denial-of-service (DDoS) attacks, Yonhap News Agency reported, citing
2011-52 WHID 2011-52: S. Korea's major web sites hit by DDoS attacks AhnLab, South Korea's top information security company. http://news.xinhuanet.com/english2010/world/2011-03/04/c_13760843.htm 3/4/2011 Denial of Service Insufficient Anti-automation
Downtime Government Seoul, South Korea No
The main WordPress.com site was the target of a major DDoS attack yesterday that
knocked the popular blogging platform offline for a couple of hours, and another attack
that hit the site again Friday morning. The service is back online now, but the attacks may
be an indication that the service could be collateral damage in some politically motivated
2011-51 WHID 2011-51: WordPress Hit by Second Massive Attack in Two Days attacks against WordPress blogs. http://threatpost.com/en_us/blogs/wordpress-hit-second-massive-attack-two-days-030411 3/4/2011 Denial of Service Insufficient Anti-automation
Downtime Blogs USA No WordPress
High profile celebrity Ashton Kutcher had his Twitter account hijacked at the celebrity
infested Technology, Entertainment, Design (TED) Conference, TED2011, in Long Beach,
California, on Wednesday.

Kutcher, best known for his role on the sitcom That 70's Show and, later, as host of MTV's
Punk'd prank show, found himself Punk'd Toorcon style, when an unknown attacker
hijacked an insecure Web session to post a message to Kutcher's Twitter account,
@aplusk.

"Ashton, you've been Punk'd. This account is not secure. Dude, where's my SSL?" read
the first message, which was posted around 17:30 Pacific Time on Wednesday. A few
2011-50 WHID 2011-50: Celebrity Ashton Kutcher Firesheep'd at TED Conference moments later, another message went out to Kutcher's 6.4 million Twitter followers: https://threatpost.com/en_us/blogs/celebrity-ashton-kutcher-firesheepd-ted-conference-030311 3/3/2011 Stolen Credentials Insufficient Transport Layer
Session
Protection
Hijacking Web 2.0 USA No Twitter
2011-5 WHID 2011-5: Dominos Pizza Hacked Domimos Pizza's online ordering system in India was hacked. http://www.slipperybrick.com/2011/01/dominos-pizza-website-hacked-customer-data-leaked/ 1/23/2011 SQL Injection Improper Input Handling Leakage of Information Retail India No
Blog host WordPress.com was the target of a distributed denial-of-service (DDoS) attack
earlier today described by the company as the largest in its history.

As a result, a number of blogs--including those that are a part of WordPress' VIP service--
suffered connectivity issues. That includes the Financial Post, the National Post,
2011-49 WHID 2011-49: WordPress hit by 'extremely large' DDoS attack TechCrunch, along with the service's nearly 18 million hosted blogs. http://news.cnet.com/8301-1009_3-20038874-83.html 3/3/2011 Denial of Service Insufficient Anti-automation
Downtime Blogs USA No WordPress
The board for VOA said cyber hackers hacked into Voice of America‰Ûªs primary domain
name (VOANews.com), and then redirected visitors to another web site claiming to be run
by the "Iranian Cyber Army," Numerous related domains registered with Network Solutions
were also hacked into, and web visitors were also redirected to the web site supposedly
2011-48 WHID 2011-48: Pro-Iranian Cyber Hackers Attack Voice of America run by the ‰ÛÏIranian Cyber Army.‰Û http://www.foxbusiness.com/markets/2011/02/23/pro-iranian-cyber-hackers-attack-voice-america/ 2/23/2011 DNS Hijacking Insufficient AuthenticationDefacement Media Washington, DC No Iran
The outage of Dutch bank Rabobank last weekend was caused by a massive DDoS
2011-47 WHID 2011-47: DDoS attack forces Dutch bank offline attack. The perpetrators are still unknown. The bank reports the attack to the police. http://news.idg.no/cw/art.cfm?id=3F6822FF-1A64-6A71-CE67724BB606D61C 2/19/2011 Denial of Service Insufficient Anti-automation
Downtime Finance Denmark No
An online bank robbery in which computer crooks stole $63,000 from a Kansas car
dealership illustrates the deftness with which cyber thieves are flouting the meager
2011-46 WHID 2011-46: Kansas Car Dealership Bank Accounts Hacked security measures protecting commercial accounts at many banks. http://krebsonsecurity.com/2011/02/sold-a-lemon-in-internet-banking/ 2/23/2011 Banking Trojan Insufficient AuthenticationMonetary Loss Finance Kansas No $63,000.00
Facebook users have been subjected to another round of clickjacking attacks that force
them to authorize actions they had no intention of approving.

The latest episode in this continuing saga, according to Sophos researchers, is a set of
campaigns aimed at Italian-speaking users of the social network. The come-ons promise
shocking videos about such things as the real ingredients of Coca Cola. Instead, they are
2011-45 WHID 2011-45: Facebook users subjected to more clickjacking forced into registering their approval of the videos using Facebook's ‰ÛÏLike‰Û button http://www.theregister.co.uk/2011/02/22/facebook_clickjacking_attacks/ 2/22/2011 Clickjacking Application Misconfiguration
Fraud Web 2.0 USA No Facebook
The Lush UK website was recently compromised and the company says while the New
Zealand and Australian sites are not linked to the UK site, both have also been targeted by
hackers.

It says personal data may have been obtained by the hackers and customers should
2011-44 WHID 2011-44: Credit cards compromised as hackers target beauty site contact their banks to discuss cancelling their credit cards. http://www.radionz.co.nz/news/national/68729/credit-cards-compromised-as-hackers-target-beauty-site 2/15/2011 SQL Injection Improper Input Handling Leakage of Information Retail New Zealand No
THE BBC'S MUSIC WEBSITES have been hacked to stream malware using drive-by
downloads for anyone browsing the infected webpages.

Hackers set the drive-by malware up at the BBC's 6 Music website and the BBC 1Xtra
radio station website. Researchers at the insecurity outfit Websense found the exploits
and put its report up on its security labs blog.

"The BBC - 6 Music Web site has been injected with a malicious iframe, as have areas of
the BBC 1Xtra radio station Web site," an anonymous Websense insecurity researcher
wrote.

Websense claims the injected iframe is at the bottom of the BBC 6 Music webpage and
has been set up to automatically download some dodgy code from a .cc website.
2011-43 WHID 2011-43: BBC music websites get hacked Apparently the hack is exactly the same on the BBC's 1Xtra website. http://www.theinquirer.net/inquirer/news/2026766/bbc-music-websites-hacked 2/16/2011 Unknown Improper Output HandlingPlanting of Malware Entertainment UK No
The Irish job website RecruitIreland.com was hacked earlier this week, resulting in
breached systems and the theft of the credentials of 400,000 users.

According to media reports, the website was temporarily taken offline after the breach was
discovered on the 8th February. A statement on the website said that as per its security
guidelines and structures, it has a process in place for eventualities such as this.

It said: ‰ÛÏThe present indicators are that our database was breached to get email
2011-42 WHID 2011-42: Irish recruitment website hacked addresses and names for spamming http://www.scmagazineuk.com/irish-recruitment-website-hacked-leading-to-the-breach-of-around-400000-user-details/article/196142/ 2/8/2011 SQL Injection Improper Input Handling Leakage of Information Recruitment Ireland No email addresses 400,000
The website of the far right English Defence League remained unavailable on Friday
2011-41 WHID 2011-41: English Defence League site pulled offline after defacement following a hack attack on Wednesday. http://www.theregister.co.uk/2011/02/11/edl_defacement/ 2/11/2011 Unknown Unknown Defacement Government England No
Joseph Essas, chief technology officer at eHarmony, said Russo found a SQL injection
vulnerability in one of the third party libraries that eHarmony has been using for content
management on the company‰Ûªs advice site ‰ÛÒ advice.eharmony.com. Essas said
there were no signs that accounts at its main user site ‰ÛÓ eharmony.com ‰ÛÓ were
affected.

‰ÛÏThe SQL dump contained screen names, email addresses, and hashed passwords for
2011-40 WHID 2011-40: eHarmony Hacked account login on the Advice site. http://krebsonsecurity.com/2011/02/eharmony-hacked/ 2/10/2011 SQL Injection Improper Input Handling Leakage of Information Entertainment USA No
A website that helps drivers avoid speeding tickets is warning its 10 million registered
users that their email addresses and passwords may be in the hands of hackers who
breached the site's security. The advisory was issued on Thursday by Trapster, which
boasts more than 10 million users on its front page. The site uses crowd-sourcing
techniques to compile locations of police who are using radar to catch speeding drivers.
Trapster said the hack amounted to a ‰ÛÏsingle event,‰Û and that the company has
since taken steps to ‰ÛÏprevent this type of attack from happening again, and continue to
implement additional security measures to further protect your data.‰Û Trapster didn't
say whether it planned to begin hashing passwords, which is considered a basic security
2011-4 WHID 2011-4: Trapster Hacked precaution to prevent their disclosure. http://www.theregister.co.uk/2011/01/21/trapster_website_hack/ 20-Jan-11 Unknown Unknown Leakage of Information Web 2.0 No
At least five multinational oil and gas companies suffered computer network intrusions
from a persistent group of computer hackers based in China, according to a report
released Wednesday night by a Silicon Valley computer security firm.

According to the report, the intruders used widely available attack methods known as SQL
injection and spear phishing to compromise their targets. Once they gained access to
computers on internal company networks, they would install remote administration
software that gave them complete control of those systems. That made it possible for the
intruders to search for documents as well as stage attacks on other computers connected
2011-39 WHID 2011-39: Hackers Breach Tech Systems of Oil Companies to corporate networks. http://www.nytimes.com/2011/02/10/business/global/10hack.html?_r=1 2/10/2011 SQL Injection Improper Input Handling Leakage of Information Energy No Night Dragon 5 China
In a phone interview late Sunday evening, Hoglund said that unlike the more traditional
Web-site attacking activities of Anonymous, the hackers who infiltrated HBGary‰Ûªs
system showed real skills, even social engineering a network administrator into giving
them complete control over rootkit.com, a security research site Hoglund has long
maintained.

‰ÛÏThey broke into one of HBGary‰Ûªs servers that was used for tech support, and they
got emails through compromising an insecure Web server at HBGary Federal,‰Û
Hoglund said. ‰ÛÏThey used that to get the credentials for Aaron, who happened to be an
administrator on our email system, which is how they got into everything else. So it‰Ûªs a
case where the hackers break in on a non-important system, which is very common in
hacking situations, and leveraged lateral movement to get onto systems of interest over
2011-38 WHID 2011-38: HBGary Federal Hacked by Anonymous time.‰Û http://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous/ 7-Feb-11 SQL Injection Improper Input Handling Leakage of Information IT Services USA No
Nasdaq admitted on Saturday that unidentified hackers had succeeded in planting
malware on one of its portals.

The US stock exchange is keen to stress that trading systems were not affected by
suspicious files found on Directors Desk, a web-based dashboard application used by an
estimated 10,000 execs worldwide. In a statement, Nasdaq said that there was no
evidence that customer information had been exposed by breach.

It adds that it is likely that the Directors Desk hack was designed to plant malware on the
2011-37 WHID 2011-37: Nasdaq admits hackers planted malware on web portal systems of users via drive-by-download attacks. http://www.theregister.co.uk/2011/02/07/nasdaq_malware_breach/ 7-Feb-11 SQL Injection Improper Input Handling Planting of Malware Finance USA No
As part of the Federal Trade Commission‰Ûªs ongoing campaign to protect consumers‰
Ûª personal information, three companies whose business is reselling consumers‰Ûª
credit reports have agreed to settle FTC charges that they did not take reasonable steps to
protect consumers‰Ûª personal information, failures that allowed computer hackers to
access that data. The settlements require the companies to strengthen their data security
procedures and submit to audits for 20 years. These are the FTC‰Ûªs first cases against
credit report resellers for their clients‰Ûª data security failures.

‰ÛÏThese cases should send a strong message that companies giving their clients online
access to sensitive consumer information must have reasonable procedures to secure
it,‰Û said David Vladeck, Director of the FTC‰Ûªs Bureau of Consumer Protection. ‰
ÛÏHad these three companies taken adequate steps to ensure the use of basic computer
security measures, they might have foiled the hackers who wound up gaining access to
extensive personal information in the consumer reporting system.‰Û

According to administrative complaints issued by the FTC, the three resellers buy credit
reports from the three nationwide consumer reporting agencies (Equifax, Experian, and
TransUnion) and combine them into special reports they sell to mortgage brokers and
others to determine consumers‰Ûª eligibility for credit. Due to their lack of information
security policies and procedures, the companies allegedly allowed clients without basic
security measures, such as firewalls and updated antivirus software, to access their
reports. As a result, hackers accessed more than 1,800 credit reports without authorization
via the clients‰Ûª computer networks. In addition, even after becoming aware of the data
breaches, the companies did not make reasonable efforts to protect against future
2011-36 WHID 2011-36: Credit report resellers settle with US FTC after data losses breaches. http://www.ftc.gov/opa/2011/02/settlement.shtm 2/3/2011 Unknown Insufficient Authorization Leakage of Information Finance No Credit Records 1,800
Creators of a fake dating site have taken personal information from 250,000 Facebook
profiles - and reproduced it without the knowledge of the members of the popular social
networking site.

However, bosses at Facebook have hit out at the misuse of the information held on their
site and said they will 'take appropriate action'.

'Scraping people‰Ûªs information violates our terms. We have taken, and will continue to
take, aggressive legal action against organisations that violate these terms,' Facebook‰
2011-35 WHID 2011-35: 'Dating site' takes pictures and names of 250,000 unsuspecting Facebook users Ûªs director of policy communications, Barry Schnitt, told Wired.com. http://www.dailymail.co.uk/news/article-1353643/Facebook-profiles-hacked-Dating-site-lifts-250-000-pictures-names.html 4-Feb-11 Process Automation Insufficient Anti-automation
Disinformation Web 2.0 USA No Facebook
Al Jazeera's Arabic news website was hacked into today following its coverage of anti-
government protests in Egypt, according to the Qatar-based broadcaster.

In a release, Al Jazeera claimed that for two hours this morning ‰ÛÒ from 6.30am to 8.30
am Doha time ‰ÛÒ a banner advertisement was replaced with a slogan saying 'Together
2011-34 WHID 2011-34: Al Jazeera site 'hacked by opponents of pro-democracy movement' in Egypt for the collapse of Egypt', which linked to a page criticising the broadcaster. http://www.journalism.co.uk/news/al-jazeera-site-hacked-by-opponents-of-pro-democracy-movement-in-egypt/s2/a542649/ 4-Feb-11 Unknown Improper Output HandlingDefacement Media Dubai, Dubai No
Anonymous took down Egyptian government websites today to protest the country's
Internet censorship. Old news. Now they've moved on to Yemen, where an Egypt-style
"day of rage" is scheduled for tomorrow. Hackers have already taken down the Ministry of
2011-33 WHID 2011-33: Anonymous Hackers Attack Yemeni Government Information. http://gawker.com/5750513/anonymous-hackers-already-taking-down-yemeni-websites 2-Feb-11 Denial of Service Insufficient Anti-automation
Downtime Government Yemin No
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
Cyberattacks on national registries caused the closure of the ETS system last wednesday,
right after from Czech Republic came the news that the firm Blackstone Global Ventures
2011-32 WHID 2011-32: European Carbon Trading Systems Hacked discovered to be missing something close to 9 million US dollars of carbon allowances. http://www.estonianfreepress.com/2011/01/ets-carbon-cyberattack/ 19-Jan-11 Unknown Unknown Monetary Loss Energy No $9,000,000.00
Carbon Trading Credits http://www.ote-cr.cz/about-ote/OTE_news/tiskova-zprava-k-aktualni-situaci-v
A COMPUTER hacker from Paignton has admitted stealing $12million worth of poker
chips from an American gaming company.

Ashley Mitchell, 29, of Little Park Road, Paignton, admitted accessing the system
belonging to the Zynga Corporation and stealing 400 billion chips.

2011-31 WHID 2011-31: Hacker admits stealing $12million worth of poker chips from US gaming company
He then sold some of the virtual chips on the black market for å£53,000. http://www.thisissouthdevon.co.uk/news/HACKER-ADMITS-STEALING-12m-POKER-CHIPS/article-3170994-detail/article.html 2-Feb-11 Unknown Unknown Loss of Sales Entertainment San Francisco, CA No Paignton, UK
the vulnerability stems from a bug in one of Facebook‰Ûªs authentication mechanisms,
Rui explained.

The vulnerability enables the malicious website to impersonate any other websites to
cheat Facebook, and obtain the same data access permissions on Facebook those
websites receive. Bing.com by default has the permission to access any Facebook users'
basic information such as name, gender, etc, so our malicious website is able to de-
anonymize the users by impersonating Bing.com. In addition, due to business needs,
there are many websites requesting more permissions, including accessing to a user's
private data, and publishing content on Facebook on her behalf. Therefore, by
impersonating those websites, our website can obtain the same permissions to steal the
private data or post phishing messages on Facebook on the user's behalf.

The exploit is generic, so we do not need to write an exploit for each Facebook
2011-30 WHID 2011-30: Facebook plugs gnarly authentication flaw app/website. The only parameter we need is the app ID of a Facebook app/website. http://www.theregister.co.uk/2011/02/02/facebook_plugs_authentication_flaw/ 2-Feb-11 Content Spoofing Insufficient AuthenticationLeakage of Information Web 2.0 Palo Alto, CA No Facebook http://www.youtube.com/watch?v=chATOThshtY
The Web has been abuzz with the revelation that hacked government and military Web
sites, as well as databases of personal information are available for less than $500. As
concerning as that may be, what should keep IT admins awake at night is the broader
realization that these are only the hacked sites that were discovered on the hacker
2011-3 WHID 2011-3: Hacked Military and Government Sites Just Scratch the Surface underground. There are more, and your site could be one of them. http://www.pcworld.com/businesscenter/article/217472/hacked_military_and_government_sites_just_scratch_the_surface.html 21-Jan-11 SQL Injection Improper Input Handling Leakage of Information Government Yes 44
"The vulnerability was properly documented by our team, without exposing any
confidential user information," he writes. "This was an error based MSSQL injection, that
could allow any attacker to make a full backup of the databases used by the websever,
2011-29 WHID 2011-29: PlentyofFish Site Hacked and or gain direct access into the site." http://www.net-security.org/secworld.php?id=10514 31-Jan-11 SQL Injection Improper Input Handling Leakage of Information Entertainment Yarmouth, Nova Scotia No http://www.youtube.com/watch?v=7RBYkk5Vq4M
Care2.com, a site dedicated to environmental awareness, petitioning, and charitible
donation with more than 17 million members has been hacked, according to a message
2011-289 WHID 2011-289: Hacked! Environmental activism site Care2, users exposed from the company Friday morning. http://betanews.com/2011/12/30/hacked-environmental-activism-site-care2-users-exposed/ 12/30/2011 Unknown Unknown Leakage of Information Environmental Protection
Redwood, CA Unknown Unknown 1 Unknown Apache Web Server, PHP
Hacker collective Anonymous claims to have stolen credit card data and other sensitive
details from U.S. security think tank Stratfor, with plans to donate $1 million in stolen cash
2011-288 WHID 2011-288: Hacker group Anonymous steals sensitive info from Stratfor security firm to charity. http://venturebeat.com/2011/12/25/anonymous-hackers-steals-data-stratfor-security/ 12/24/2011 Unknown Unknown Defacement, Leakage of Information
Research Austin, TX Unknown Unknown 1 Unknown Credit card information, personally identifiable information
The accounts of millions of Chinese web users have been compromised in a series of
2011-287 WHID-2011-286: Chinese gaming sites hacked: Millions of users affected hacking attacks on several gaming websites, with account information leaking online http://www.zdnet.com/blog/asia/chinese-gaming-sites-hacked-millions-of-users-affected/579 12/22/2011 Unknown Unknown Leakage of Information Gaming China No N/A Multiple Unknown Unknown User credentials
Over six million accounts
Thousands of accounts belonging to Xbox Live customers have been hacked into by
2011-286 WHID-2011-287: Chinese gaming sites hacked: Millions of users affected online criminals who have stolen millions of pounds, it has been reported http://www.telegraph.co.uk/technology/video-games/Xbox/8906043/Xbox-Live-customers-hacked-in-fresh-cyber-fraud-case.html 11/22/2011 Phishing Insufficient AuthenticationMonetary Loss Entertainment Tempe, AZ
Amid the raging debate over the government‰Ûªs proposal to crack down on ‰
ÛÏunacceptable‰Û internet content, hackers broke into Congress websites on Friday
2011-285 WHID 2011-285: Cong site hacked, Sonia‰Ûªs profile page defaced and defaced party chief Sonia Gandhi's profile page with objectionable material. http://www.hindustantimes.com/News-Feed/newdelhi/Congress-website-hacked-Sonia-s-profile-page-defaced/Article1-780256.aspx 12/9/2011 Unknown Unknown Defacement Government India No NA 2 Unknown Unknown Unknown None None
Websites which revealed violations in Russia's legislative polls were targeted in a mass
hacking attack Sunday their operators said was aimed at preventing the exposure of mass
2011-284 WHID 2011-284: Websites downed in Russia poll 'hack attack' election fraud. http://www.google.com/hostednews/afp/article/ALeqM5hAnXDOHgstjNt-eH4tBzon2B96Aw?docId=CNG.5b3137d37ca033f82d1946db0c21911c.151 12/4/2011 Denial of Service Unknown Downtime Radio station Russia Yes Unknown 2 Russia Unknown
Hacking attacks continue to happen all over the world. This time, a hacker group, which
calls itself "Teampoison", attacked the website of the United Nations and posted personal
2011-283 WHID 2011-283: United Nations Website Hacked information belonging to UN members on Pastebin. http://www.shortnews.com/start.cfm?id=91152 11/30/2011 Unknown Unknown Leakage of Information United Nations New York N/A N/A 1 Unknown Unknown Unknown email addresses
Moreand
than
credentials
100 email addresses and login details
The Committee to Protect Journalists is concerned by reports of a cyberattack on Mexican
2011-282 WHID 2011-282: Mexican weekly goes offline after cyberattack weekly RÌ_odoce that forced its website offline on Friday. http://www.cpj.org/2011/11/mexican-weekly-goes-offline-after-cyberattack.php 11/25/2011 Denial of Service Insufficient Anti-automation
Downtime Newspaper Mexico Yes DDoS 1 Mexico Unknown Unknown 0 0
The city of Bowling Green's website is back to normal after being broken into by hackers
2011-281 WHID 2011-281: City's website hacked, no information compromised over the weekend. http://www.fox19.com/story/16137276/citys-website-hacked-no-information-compromised 11/27/2011 Unknown Unknown Defacement Government Kentucky N/A N/A 1 Unknown Unknown 0
Egypt‰Ûªs official State Television Network website was attacked on Sunday by hackers
who left a message on the site‰Ûªs main page condemning state media coverage of
2011-280 WHID 2011-280: State TV website hacked to protest clashes coverage Saturday ‰Ûªs clashes in Tahrir Square between protesters and security forces. http://english.ahram.org.eg/NewsContent/1/64/27062/Egypt/Politics-/State-TV-website-hacked-to-protest-clashes-coverag.aspx 11/20/2011 Unknown Unknown Downtime Television Egypt No N/A 1 Unknown
He arrived on Wednesday, around the same time Facebook CEO Mark Zuckerburg‰Ûªs
Facebook fan page was hacked. Roy Castillo ‰ÛÓ the ghost "friend"with a man‰Ûªs
name and a profile pic of a teenage girl wearing sunglasses ‰ÛÓ popped up in the
Facebook newsfeeds with the curt status: "Off to Danao City."

Facebook did not respond to Technolog‰Ûªs request for comment. But according to
French security site Zazak, the bug that opened the door for Roy yesterday was reported,
and slammed shut today.

Zazak reports that the hacker(s) behind Roy Castillo took advantage of a cross site
2011-28 WHID 2011-28: Mysterious 'Roy Castillo' haunts Facebook scripting vulnerability (XSS) that allows outsiders to add script to Web pages. http://technolog.msnbc.msn.com/_news/2011/01/27/5935542-mysterious-roy-castillo-haunts-facebook 27-Jan-11 Cross-site Scripting (XSS)
Improper Output HandlingSpam Web 2.0 No Facebook
Valve Corporation has become the latest game company to fall victim to a major hacking
intrusion that has left gamers' personal information and potentially even credit card
2011-279 WHID 2011-279: Steam game service hacked, credit card theft investigated numbers exposed. http://ingame.msnbc.msn.com/_news/2011/11/10/8742607-steam-game-service-hacked-credit-card-theft-investigated 11/11/2011 SQL Injection Improper Input Handling Leakage of Information Entertainment Maple Valley, WA
A hacker claiming to be part of the network Anonymous broke into the mayor of St. Louis's
website and left a message of support for anti-Wall Street protesters threatened with
2011-278 WHID 2011-278: St. Louis mayor's website hacked by Occupy sympathizer eviction from their campsite. http://www.wtvr.com/sns-rt-us-protests-hacking-stlouistre7a90c4-20111109,0,3618302.story 11/9/2011 Unknown Unknown Defacement Government St. Louis, MO 1 Unknown Personal Information2000
A Fujitsu computer system run by about 200 Japanese local governments has been hit by
2011-277 WHID 2011-277: Cyber attacks hit Fujitsu local government system a series of cyber attacks and is in a vulnerable condition, the company said Thursday. http://news.yahoo.com/cyber-attacks-hit-fujitsu-local-government-system-075757705.html 11/10/2011 Denial of Service Insufficient Anti-automation
Downtime Government Fukuoka, Japan Yes
DNS servers from multiple Brazilian ISPs were compromised to direct users to malicious
2011-276 WHID 2011-276: Hackers poison Brazilian ISP DNS to infect users with banking Trojan websites http://news.techworld.com/security/3317148/hackers-poison-brazilian-isp-dns-to-infect-users-with-banking-trojan/ 11/9/2011 DNS Hijacking Unknown Planting of Malware Service Providers Brazil
KPN announced this week that it has suspended issuing certificates after discovering the
breach of a PKI-related Web server with a distributed denial-of-service tool that apparently
2011-275 WHID 2011-275: Certificate Authority Uncovers Old Breach had been sitting on the server for at least four years. http://www.informationweek.com/news/security/attacks/231902582 11/8/2011 Unknown Unknown Monetary Loss Retail Amersfoort, NE
A Turkish hacker has claimed credit for bringing down the website of a French satirical
weekly that published an issue named ‰ÛÏCharia Hebdo,‰Û with a caricature of the
2011-274 WHID 2011-274: Turkish hacker shuts down French magazine website for Islamic prophet cartoonIslamic prophet Muhammad on the cover. http://www.taiwannews.com.tw/etn/news_content.php?id=1751509 11/7/2011 Unknown Unknown Downtime Media France
Large denial of service attacks have rocked Palestinian, severing internet service to the
2011-273 WHID 2011-273: DoS attack takes Palestinians offline West Bank and Gaza late last week. http://www.itnews.com.au/News/279230,dos-attack-takes-palestinians-offline.aspx 11/7/2011 Denial of Service Insufficient Anti-automation
Downtime Government Nablus, PS Yes
Hacktivist group Anonymous has attacked the websites of El Salvador's presidency and
government ministries, forcing several to be shut down. The group's "Operation Justice El
Salvador" comes two weeks after Anonymous threatened several government websites,
according to Australian reports. The website of the presidency was suspended at the
weekend after it was bombarded with 30 million hits on Saturday in a denial-of-service
2011-272 WHID 2011-272: Anonymous downs official sites in El Salvador (DoS) attack. http://www.computerweekly.com/Articles/2011/11/07/248383/Anonymous-downs-official-sites-in-El-Salvador.htm 11/7/2011 Denial of Service Insufficient Anti-automation
Downtime Government El Salvador Yes Operation Justice El Salvador
A report on the firm's security blog, called Malware City, claims that a hacking attack
2011-271 WHID 2011-271: Hacked MIT server is blamed for brute force web site attacks against the MIT.edu infrastructure started with a malicious script on one MIT server. http://www.theinquirer.net/inquirer/news/2122546/hacked-mit-server-blamed-brute-force-web-site-attacks 11/3/2011 Unknown Unknown Planting of Malware Education Cambridge, MA
New social engineering attacks are tricking Facebook users into exposing anti-CSRF
tokens associated with their sessions. These security codes allow attackers to make
2011-270 WHID 2011-270: Attackers Trick Facebook Users Into Exposing Secret Security Codes unauthorized requests through the victim's browser. http://www.pcworld.com/businesscenter/article/242711/attackers_trick_facebook_users_into_exposing_secret_security_codes.html 10/27/2011 Social Engineering Insufficient Process Validation
Account Takeover Web 2.0 Palo Alto, CA
For those who aren't normally lurking the FarmVille forums, they've been in an uproar over
a FarmVille player known as Ek Ù€±n Man. According to several forum users, this player
has been posting messages on their Walls via the FarmVille app, but none of them are
2011-27 WHID 2011-27: FarmVille possibly hacked actually friends with him. http://blog.games.com/2011/01/26/farmville-possibly-hacked/ 1/26/2011 Unknown Insufficient Authorization Disinformation Web 2.0 No
The source of the passwords turned out to be blogging site Bloggtoppen.se, which was
vulnerable to an SQL injection attack. Its user database, which included details for
approximately 94,000 accounts, was published back in September on a site called
2011-269 WHID 2011-269: Massive Swedish Hacks Leak 400,000 Account Details Flashback, and then distributed via Twitter, as well. http://www.pcworld.com/businesscenter/article/242700/massive_swedish_hacks_leak_400000_account_details.html 10/27/2011 SQL Injection Improper Input Handling Leakage of Information Blogs Sweden
Hackers have hit the website of Nigeria's top anti-corruption agency over a government
2011-268 WHID 2011-268: Hackers hit Nigeria anti-fraud agency website official suggesting tighter Internet control in Africa's most populous nation. http://www.google.com/hostednews/ap/article/ALeqM5gM03EX-AyBLqhTSCq3aFLSG0KZ2Q?docId=9d74815d22d84a989110e038db9f9330 10/28/2011 Unknown Unknown Defacement Government Lagos, Nigeria
Anonymous then began a series of denial-of-service attacks aimed at Freedom Hosting,
and most particularly Lolita City. The user database of the site was extracted using a SQL
2011-267 WHID 2011-267: Anonymous shuts down hidden child abuse hub injection attack, ars technica reports. http://www.theregister.co.uk/2011/10/24/anonymous_fight_child_abuse_network/ 10/24/2011 SQL Injection Improper Input Handling Leakage of Information File Sharing
The personal details of 715,000 people who booked a flight through website
CheapTickets.nl in 2008 and 2009 are in the hands of a hacker, website webwereld.nl
2011-266 WHID 2011-266: Air travel website Cheaptickets.nl hacked reports on Monday. http://www.dutchnews.nl/news/archives/2011/10/air_travel_website_cheapticket.php 10/24/2011 SQL Injection Improper Input Handling Leakage of Information Travel Weert, NL
UK based hotel search engine Yakoozo.com ground to a halt recently after being subject
to a major cyber-attack by users of the notorious image posting website 4chan. The attack
took place on 12/10/2011 when internet users visiting Yakoozo where faced with explicit
pornographic images, defaced pages and abusive text throughout the yakoozo website.
4Chan users coordinated the attack from the websites community posting real-time
threads issuing instruction, orders and commands to users. This resulted in large traffic
spikes, whilst up to 100 hackers breached website security. It is believed the attackers
used SQL injection techniques to gain access, similar to the attacks on Nokia, world
governments and countless other high profile attacks. Administrators have now removed
2011-265 WHID 2011-265: 4Chan Hackers Attack Yakoozo.com the threads from their website. http://www.webwire.com/ViewPressRel.asp?aId=147869 10/12/2011 SQL Injection Improper Input Handling Defacement Search Engine United Kingdom
Security experts are warning web users to ensure they use strong passwords and vary
their credentials from site to site after a new hacking group published log-in details of what
2011-264 WHID 2011-264: Team Swastika group hacks 10,000 global Facebook account details it claimed to be more than 10,000 Facebook users. http://www.v3.co.uk/v3-uk/news/2117965/team-swastika-hacks-global-facebook-accounts 10/18/2011 Unknown Unknown Leakage of Information Web 2.0 Palo Alto, CA
Adidas said it became aware of a "sophisticated, criminal cyber-attack" on its various web
sites on 3 November but the firm claimed it found no evidence that customers' data had
2011-263 WHID 2011-263: Adidas websites go offline after security breach been stole http://www.theinquirer.net/inquirer/news/2123016/adidas-websites-offline-security-breach 11/3/2011 Unknown Unknown Downtime Retail TBA
A vulnerability in an obscure WordPress add-on script that was discovered in August is
currently being used to compromise more than 1.2 million websites -- and could be easily
used to siphon data out of databases hosted on servers also hosting the compromised
2011-262 WHID 2011-262: Hackers 'Timthumb' Their Noses At Vulnerability To Compromise 1.2 Million Sites
websites, security experts warned today. http://www.darkreading.com/database-security/167901020/security/news/231902162/hackers-timthumb-their-noses-at-vulnerability-to-compromise-1-2-million-sites.html 11/2/2011 Remote File Inclusion Improper Input Handling Planting of Malware Multiple Multiple Yes WordPress Timthumb
Hacktivists mistakenly attacked a French rugby fansite instead of their intended target, the
2011-261 WHID 2011-261: Hackers mistake French rugby site for German stock exchange German stock exchange. http://www.theregister.co.uk/2011/11/04/french_rugby_site_hacktivist_maul/ 11/4/2011 Denial of Service Insufficient Anti-automation
Downtime Sports France 1 Germany
A Boston Police Department website was hacked. At least 2,000 names and passwords
2011-260 WHID 2011-260: Boston police website hacked, user info posted online have been posted online. http://www.msnbc.msn.com/id/45001308/ns/local_news-boston_ma/#.TqV6OXEzLdo 10/22/2011 Unknown Unknown Leakage of Information Law Enforcement Boston, Massachusettes
The Tunisian Internet Agency (Agence tunisienne d'Internet or ATI) is being blamed for the
presence of injected JavaScript that captures usernames and passwords. The code has
been discovered on login pages for Gmail, Yahoo, and Facebook, and said to be the
2011-26 WHID 2011-26: Tunisian government harvesting usernames and passwords reason for the recent rash of account hijackings reported by Tunisian protesters. http://www.thetechherald.com/article.php/201101/6651/Tunisian-government-harvesting-usernames-and-passwords 4-Jan-11 Content Injection Insufficient Transport Layer
Stolen
Protection
Credentials Web 2.0 No GMail
UK based hotel search engine Yakoozo.com ground to a halt recently after being subject
2011-259 WHID 2011-259: 4Chan Hackers Attack Yakoozo.com to a major cyber-attack by users of the notorious image posting website 4chan. http://www.webwire.com/ViewPressRel.asp?aId=147869 12/10/2010 SQL Injection Improper Input Handling Defacement Search Engine England
An infection that causes poorly configured websites to silently bombard visitors with
2011-258 WHID 2011-258: Mass ASP.NET attack causes websites to turn on visitors malware attacks has hit almost 614,000 webpages, Google searches show. http://www.theregister.co.uk/2011/10/14/mass_website_inection_grows/ 10/14/2011 SQL Injection Improper Input Handling Planting of Malware United Kingdom Yes
Malicious hackers exploit vulnerabilities in phpmyadmin to gain access to WineHQ‰Ûªs
2011-257 WHID 2011-257: WineHQ database hacked, passwords stolen database. Usernames and passwords were stolen. http://www.zdnet.com/blog/security/winehq-database-hacked-passwords-stolen/9604 10/12/2011 Unknown Unknown Leakage of Information Technology Saint Paul, MN phpmyadmin
Sony locked the accounts of some 93,000 individuals on the Playstation Network (PSN),
the Sony Entertainment Network (SEN), and Sony Online Entertainment (SOE) services
following a mass log-in attempt using username-password combinations obtained from an
2011-256 WHID 2011-256: Sony Detects Suspicious Behavior, Locks 93,000 Online Accounts unnamed source. http://threatpost.com/en_us/blogs/sony-detects-suspicious-behavior-locks-93000-online-accounts-101211 10/12/2011 Brute Force Insufficient Anti-automation
Account Takeover Entertainment Tokyo, Japan yes
Citigroup acknowledged on Thursday that unidentified hackers had breached its security
2011-255 WHID 2011-255:Unijobs.com.au website hacked, more than 600 passwords exposed and gained access to the data of hundreds of thousands of its bank card customers. http://news.com.com/2100-1017-245372.html?legacy=cnet 10/7/2011 SQL Injection Improper Input Handling Leakage of Information Australia No 600
The international group used a virus called Zeus to access Pins for bank accounts in
Europe and the US. The money was then transferred to other accounts and withdrawn
2011-254 WHID 2011-254: Computer hackers stole å£44million by discovering bank Pins from cash machines. http://www.metro.co.uk/news/877460-computer-hackers-stole-44million-by-discovering-bank-pins 10/3/2011 Banking Trojan Insufficient AuthenticationMonetary Loss Finance
California-based hosting provider InMotion has suffered a compromise that resulted in the
defacement of thousands of home pages of websites hosted on their infrastructure, which
2011-253 WHID 2011-253: Thousands of sites compromised following hosting provider hack were allegedly set to serve malware. http://www.net-security.org/secworld.php?id=11703 9/28/2011 Unknown Improper Output HandlingPlanting of Malware Hosting Providers Santa Monica, CA Yes
Hacker group The Script Kiddies successfully hacked another news organization when it
logged onto USA Today's Twitter page and posted false statements Sunday evening. USA
2011-252 WHID 2011-252: Hacker group briefly hits USA Today's Twitter page Today promptly removed the messages and posted a statement about the hack. http://www.cnn.com/2011/09/26/us/usa-today-twitter-hack/ 9/27/2011 Unknown Unknown Disinformation Web 2.0
The website for the open-source MySQL database was hacked and used to serve
2011-251 WHID 2011-251: MySQL.com Hacked to Serve Malware malware to visitors Monday. http://www.pcworld.com/businesscenter/article/240609/mysqlcom_hacked_to_serve_malware.html 9/26/2011 Unknown Improper Output HandlingPlanting of Malware Technology Sweden
Australian web host NetRegistry has been hit with a continuing Distributed Denial of
Service (DDoS) attack leaving many customers unable to access their websites or virtual
2011-250 WHID 2011-250: NetRegistry suffers DDoS attack private servers (VPS) over the course of the day. http://itechreport.com.au/2011/09/26/netregistry-suffers-ddos-attack/ 9/26/2011 Denial of Service Insufficient Anti-automation
Downtime Hosting Providers Australia
The Mail & Guardian Online, one of South Africa‰Ûªs oldest news website, has been
taken offline.

Mail & Guardian editor Nic Dawes said on Twitter that the website is ‰Û÷under sustained
attack by hackers‰Ûª and that it was taken offline to protect the security of their users.
2011-25 WHID 2011-25: Mail & Guardian website taken down after hacker attack According to Dawes the attacks originate in Russia. http://mybroadband.co.za/news/security/17999-Mail-Guardian-website-taken-down-after-hacker-attack.html 26-Jan-11 Unknown Unknown Downtime News South Africa No Russia
Computer hackers have left the Jonesboro Public Library high and dry after stealing over
2011-249 WHID 2011-249: Jonesboro Police investigate hacking of library bank accounts $37,000 http://www.kait8.com/story/15513612/jonesboro-police-investigate-hacking-of-library-bank-accounts 9/22/2011 Banking Trojan Insufficient AuthenticationMonetary Loss Finance Jonesboro, AR
The popular file sharing web sites were compromised for a brief period of a few hours, with
2011-248 WHID 2011-248: uTorrent.com hacked, serving scareware the links to the BitTorrent client replaced by a scareware (Security Shield) download. http://www.zdnet.com/blog/security/utorrentcom-hacked-serving-scareware/9413 9/19/2011 Unknown Improper Output HandlingPlanting of Malware File Sharing Santa Ana, CA
Websites of some Japanese government agencies were hit by cyberattacks over the
weekend, temporarily blocking access to them, Kyodo news agency reported Monday,
2011-247 WHID 2011-247: Japan govt websites hit by cyberattacks citing national police. http://www.google.com/hostednews/afp/article/ALeqM5iR92sOHnpWdW86haDoaKWwijvpnA?docId=CNG.12aaa9e587061958aecf129b4e395403.21 9/19/2011 Denial of Service Insufficient Anti-automation
Downtime Government Japan
It was reported today that hundreds of the company‰Ûªs sites were compromised.
Visitors coming to those sites from search engines were redirected to a page containing
2011-246 WHID 2011-246: Hundreds of Go Daddy sites hacked, redirected to malware malware. http://www.myce.com/news/hundreds-of-go-daddy-sites-hacked-redirected-to-malware-51876/ 9/17/2011 Malware Insufficient AuthenticationPlanting of Malware Hosting Providers Yes
A hacker known in the cybercriminal underground as ‰ÛÏsoldier‰Û has stolen $3.2
million from major U.S. corporations in the past six months, according to researchers at
anti-virus firm Trend Micro. The attacker, believed to be in his early 20s and residing in
Russia, used various toolkits, such as SpyEye and Zeus, to plunder millions of dollars from
corporate bank accounts since January, Jamz Yaneza, threat research manager at Trend
2011-245 WHID 2011-245: Hacker "soldier" steals $3.2 million from U.S. companies Micro, told SCMagazineUS.com on Thursday http://www.scmagazineus.com/hacker-soldier-steals-32-million-from-us-companies/article/212070/ 9/15/2011 Banking Trojan Insufficient AuthenticationMonetary Loss Finance Yes
Hacker group Anonymous after having created havoc throughout the cyber space in
recent times, has once again got activated with the hacking of government sites in Mexico,
2011-244 WHID 2011-244: Anonymous group hacks Mexican government websites under operation OpIndependencia
reports Reuters. http://socialbarrel.com/anonymous-group-hacks-mexican-government-websites-under-operation-opindependencia/20602/ 9/16/2011 Denial of Service Insufficient Anti-automation
Downtime Government Mexico, MX
Spanish national police have reactivated their website following attacks by hacking
supergroup Anonymous. The assault on policia.es on Thursday coincided with the
publication of the names of 30 bodyguards working for Spanish prime minister Jose
2011-243 WHID 2011-243: Spanish feds mend website clobbered by Anonymous Rodriguez Zapatero. http://www.theregister.co.uk/2011/09/16/spain_police_hacktivism_attack/ 9/16/2011 Denial of Service Insufficient Anti-automation
Downtime Law Enforcement Spain
The website of the Foundation was fully destroyed as a result of DDOS attack. An initial
investigation revealed that the hacker attack has been committed from Armenia. The
2011-242 WHID 2011-242: Armenians hack website of US-based Karabakh Foundation website was restored in short. http://www.news.az/articles/tech/44625 9/16/2011 Denial of Service Insufficient Anti-automation
Downtime Politics Absecon, US Armenia
A hacker has used a zero day flaw to steal email addresses, hashed passwords and read
2011-241 WHID 2011-241: BitCoin forum hacked by donor personal messages from the bitcointalk.org forum. http://www.scmagazine.com.au/News/271688,bitcoin-forum-hacked-by-donor.aspx 9/12/2011 SQL Injection Improper Input Handling Leakage of Information User Forum Dallas, TX
Russia's embassy in London said on Sunday its website crashed in a suspected hacking
attack just before Prime Minister David Cameron begins the first visit by a British leader to
2011-240 WHID 2011-240: Russia's embassy in UK says hackers hit website Moscow since the 2006 killing in London of a Kremlin critic. http://www.reuters.com/article/2011/09/11/us-russia-britain-website-idUSTRE78A1P620110911 9/11/2011 Denial of Service Insufficient Anti-automation
Downtime Government Plano, TX
A fast-moving Twitter worm is in circulation, using Google‰Ûªs goo.gl redirection service
2011-24 WHID 2011-24: Twitter worm hits goo.gl, redirects to fake anti-virus to push unsuspecting users to a notorious scareware (fake anti-virus) malware campaign. http://www.zdnet.com/blog/security/twitter-worm-hits-googl-redirects-to-fake-anti-virus/7938 20-Jan-11 Unknown Unknown Planting of Malware Web 2.0 No Twitter
The NBC News Twitter account, @NBCNews, was hacked late Friday, resulting in false
reports about an airplane attack at Ground Zero, the Manhattan site of the original 9/11
attacks. The Twitter account was quickly taken offline, and has since been restored, with
2011-239 WHID 2011-239: NBC Twitter account hacked, issued false reports the false tweets removed. http://technolog.msnbc.msn.com/_news/2011/09/09/7692776-nbc-twitter-account-hacked-issued-false-reports 9/9/2011 Unknown Unknown Disinformation Web 2.0
A frustrated hacker has defaced the web site of the University of Vermont after multiple
Cross-site Scripting (XSS) vulnerability disclosures allegedly went ignored. The hacker
Codeine said the university was advised of XSS holes exactly one month ago but failed to
patch the holes despite allegedly claiming to be doing so soon after the disclosure. The
2011-238 WHID 2011-238: US uni warned, then hacked disclosure was posted on PacketStorm.org. http://www.scmagazine.com.au/News/271391,us-uni-warned-then-hacked.aspx 9/8/2011 SQL Injection Improper Input Handling Defacement Education San Francisco, CA
Turkguvenligi managed to hack NetName's DNS servers through a SQL injection attack,
which involves putting commands into a web-based form to see if the back-end database
responds. If those commands aren't scanned for malicious code, an attacker could gain
access to the system. In the case of NetNames, Turkguvenligi put a redelegation order
into the company's system and changed the address of the master DNS servers that
2011-237 WHID 2011-237: Turkish Hackers Strike Websites With DNS Hack served data for the websites, according to a statement from NetNames. http://www.pcworld.com/businesscenter/article/239501/turkish_hackers_strike_websites_with_dns_hack.html 4/21/2011 SQL Injection Improper Input Handling Defacement Retail Yes
Another hacking group hits the scene. This time they're not even attempting a message or
purpose. A new faction that claims to be an offshoot of Anonymous named Hollywood
Leaks has targeted celebrity emails and Twitter accounts. According Chen the group isn't
particularly tech savvy, "they say they've broken into accounts mostly by guessing bad
2011-236 WHID 2011-236: Hollywood is being hacked by Anonymous offshoot security questions." http://www.cbsnews.com/8301-501465_162-20100452-501465.html 9/1/2011 Credential/Session Prediction
Insufficient Password Recovery
Leakage of Information Entertainment
There have been a lot of reports over the past day of Xbox 360 accounts being hacked
and user accounts being locked. The common ground is an Xbox account and Windows
2011-235 WHID 2011-235: Xbox 360 Accounts Being Hacked Live ID, with users reporting fraudulent charges on their accounts. http://www.evdoinfo.com/content/view/3711/64/ 8/31/2011 Brute Force Insufficient Anti-automation
Account Takeover Entertainment Redmond, WA
The famed whistle blowing organisation Wikileaks has admitted that its website, Wikileaks.
org, had suffered at the hands of an organised Distributed Denial of Service (DDoS)
2011-234 WHID 2011-234: DDoS Attack Sends Wikileaks.org Website Down attack. http://www.webhostdir.com/news/ShowItem.aspx?ID=90625 8/31/2011 Denial of Service Insufficient Anti-automation
Downtime News San Mateo, CA
In a statement on the Nokia community pages, which have since been closed amid the
hack, the phone giant warns that members‰Ûª personal information, including dates of
birth and email addresses, may have been stolen. The statement details how database
tables containing the personal information were accessed by exploiting a vulnerability in
2011-233 WHID 2011-233: Nokia developer forums hacked: 'Significant number' of records stolen the bulletin board software, through means of ‰ÛÏan SQL injection attack‰Û . http://www.zdnet.com/blog/btl/nokia-developer-forums-hacked-significant-number-of-records-stolen/56456 8/29/2011 SQL Injection Improper Input Handling Leakage of Information Technology Cambridge, MA
A fundraising drive organized by Texas Congressman Ron Paul was disrupted because
2011-232 WHID 2011-232: Ron Paul's Fundraising Drive Disrupted by DDoS Attack his campaign website became the target of a distributed denial-of-service (DDoS) attack. http://news.softpedia.com/news/Ron-Paul-s-Fundraising-Drive-Disrupted-by-DDoS-Attack-218265.shtml 8/23/2011 Denial of Service Insufficient Anti-automation
Monetary Loss Politics San Antonio, TX
Researchers at web security firm Websense said deepwater.com, Transocean's official
website, has been hosting malicious exploit code that attempts to install malware on the
2011-231 WHID 2011-231: Firm at heart of biggest oil spill spews toxic web attack machines of people who visit the site. http://www.theregister.co.uk/2011/08/25/transocean_website_compromise/ 8/25/2011 Unknown Improper Output HandlingPlanting of Malware Energy Jersey City, NJ
One of the most prominent victims is pizza.de. During one attack, the company registered
attacks from approximately 50,000 IP addresses generating 20,000 ‰ÛÒ 30,000 requests
2011-230 WHID 2011-230: Botnet attacks pizza delivery service per second over the course of three hours. http://www.pcworld.com/businesscenter/article/239501/turkish_hackers_strike_websites_with_dns_hack.html 8/25/2011 Denial of Service Insufficient Anti-automation
Downtime Retail Germany
Following the recent uprising in Tunisia, thousands of demonstrators took to the streets in
Egypt yesterday to demand an end to President Hosni Mubarak's rule. The online
collective known as Anonymous has joined in the protests by orchestrating distributed
2011-23 WHID 2011-23: Anonymous attacks websites in Egypt denial of service attacks against key Egyptian websites. http://news.netcraft.com/archives/2011/01/26/anonymous-attacks-websites-in-egypt.html 26-Jan-11 Denial of Service Insufficient Anti-automation
Downtime Government Egypt Yes Operation: Egypt
A recent data breach at Yale University marks the latest example of a security flaw
exposed by "Google hacking," which involves querying the popular search engine for
2011-229 WHID 2011-229: Yale Social Security Numbers Exposed In Latest Case Of 'Google Hacking' website vulnerabilities. http://www.huffingtonpost.com/2011/08/24/yale-social-security-numbers-google-hacking_n_935400.html 8/24/2011 Abuse of Functionality Insecure Indexing Leakage of Information Education New Haven, CT
A report by ZDNet says the HSBC Korea website was also hacked, as was the Epson
Korea website where 350,000 users information was leaked, prompting the company to
2011-228 WHID 2011-228: Epson Korea Website Hacked urge customers to change their passwords. http://www.thewhir.com/web-hosting-news/082411_South_Korean_Domain_Registrar_Gabia_Epson_Korea_Websites_Hacked 8/24/2011 Unknown Unknown Leakage of Information Retail Seoul, KR
Gabia (www.gabia.com), a South Korean domain registrar was hacked on Saturday,
affecting the online connection with 100,000 registered domains, according to a report
2011-227 WHID 2011-227: South Korean Domain Registrar Gabia Hacked Monday by the Korea Herald. http://www.thewhir.com/web-hosting-news/082411_South_Korean_Domain_Registrar_Gabia_Epson_Korea_Websites_Hacked 8/24/2011 Unknown Unknown Downtime Hosting Providers South Korea
A hacker who goes by the name of mrNRG recently broke into the Nokia Developer forum,
2011-226 WHID 2011-226: Nokia Developer forum hacked and defaced it by redirecting anyone who visited it to another page http://www.ubergizmo.com/2011/08/nokia-developer-forum-hacked/ 8/22/2011 Unknown Improper Output HandlingDefacement Technology Cambridge, MA
Hackers calling themselves "Electr0n" have defaced the nic.ly website, the main registry
which administers .ly domain names (the ".ly" stands for "Libya") and replaced it with a
2011-225 WHID 2011-225: Hackers deface Libya's top level domain registry with anti-Gadaffi message defiant message http://nakedsecurity.sophos.com/2011/08/22/hackers-deface-libya-anti-gadaffi/ 8/22/2011 Unknown Unknown Defacement Hosting Providers Tripoli, LY
The internet banking service of HSBC Korea was temporarily shut down on Saturday after
2011-224 WHID 2011-224: Foreign bank‰Ûªs net banking attacked by hacker its official Web site was attacked by hackers, HSBC Korea said. http://joongangdaily.joins.com/article/view.asp?aid=2940509 8/22/2011 Unknown Improper Output HandlingDefacement Finance Central District, HK
The attack seems to have exploited vulnerabilities in the popular WordPress blogging
platform. VDI apparently had not upgraded two out-dated plug-ins, leaving security holes
2011-223 WHID 2011-223: Anonymous AntiSec Breaches Defense Contractor Vanguard Network wide open for the cyber-attackers to waltz through. http://www.eweek.com/c/a/Security/Anonymous-AntiSec-Breaches-Defense-Contractor-Vanguard-Network-502551/ 8/18/2011 Unknown Unknown Leakage of Information Technology Houston, TX
Visitors to the MetService website this week may have been exposed to a computer virus,
2011-222 WHID 2011-222: MetService website hacked during busiest week after its ad server was hacked. http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10745663 8/17/2011 Malvertising Insufficient Process Validation
Planting of Malware Media New Zealand
The website for the French-language newspaper Le Devoir was hacked early Tuesday
morning. Whoever took over the newspaper site published an article stating that Premier
2011-221 WHID 2011-221: French newspaper Le Devoir hacked, posts fake story about Charest's death Jean Charest had died of a heart attack -- something which is completely false. http://montreal.ctv.ca/servlet/an/local/CTVNews/20110816/mtl_ledevoir_110816/20110816/?hub=MontrealHome 8/16/2011 Unknown Insufficient Process Validation
Disinformation Media Montreal, CA
A hacker used social networking sites Facebook and Friends Reunited to crack passwords
used by his neighbours for online banking services, and stole å£35,000 over two years.
Read more: http://www.computing.co.uk/ctg/news/2101779/hacker-social-media-steal-
neighbours-accounts#ixzz1VyFC9D5A Computing - Insight for IT leaders Claim your free
2011-220 WHID 2011-220: Hacker used social media to steal from neighbours' accounts subscription today. http://www.computing.co.uk/ctg/news/2101779/hacker-social-media-steal-neighbours-accounts 8/15/2011 Brute Force Insufficient Password Recovery
Account Takeover Finance
Mark Zuckerberg's Facebook page was hacked on Tuesday to promote an alternative
business plan for the social network site.

Unknown pranksters defaced the page with a message suggesting that Facebook ought to
allow ordinary users to invest in the site in a "social way", rather than getting its financing
from the banks.

It's unclear how the hack took place, but weak password security by the team of minions
2011-22 WHID 2011-22: Zuckerberg's Facebook page hacked maintaining the page is the most likely explanation. http://news.cnet.com/8301-27080_3-20029630-245.html 26-Jan-11 Predictable Resource Location
Insufficient AuthenticationDisinformation Web 2.0 No Facebook
They performed a SQL injection (SQLi) attack against the site and were able to extract
more than 2,000 records containing names, usernames, passwords (plain text), emails,
2011-219 WHID 2011-219: Anonymous hacks BART, creating even more innocent victims phone numbers, addresses and zip codes. http://nakedsecurity.sophos.com/2011/08/15/anonymous-hacks-bart-creating-even-more-innocent-victims/ 8/14/2011 SQL Injection Improper Input Handling Leakage of Information Government Oakland, CA
Anonymous has apparently made good on a promise to wreak havoc on the Web site of
the Bay Area Rapid Transit System today, although not exactly as planned. Read more:
http://news.cnet.com/8301-1023_3-20092221-93/anonymous-defaces-bart-site-leaks-user-
2011-218 WHID 2011-218: Anonymous defaces BART site, leaks user data data/#ixzz1VyASpfWT http://news.cnet.com/8301-1023_3-20092221-93/anonymous-defaces-bart-site-leaks-user-data/ 8/14/2011 Unknown Improper Output HandlingDefacement Government Oakland, CA
The Hong Kong stock exchange was forced to suspend trading in stocks including HSBC
Holdings after hackers broke into the exchange's website on Wednesday, preventing
2011-217 WHID 2011-217: Hong Kong stock exchange website hacked investors from accessing company announcements made during the midday break. http://www.ciol.com/Global-News/Global-News/News-Reports/Hong-Kong-stock-exchange-website-hacked/153268/0/ 8/10/2011 Denial of Service Insufficient Anti-automation
Downtime Finance Hong Kong
A serious security hole in eBay.de enabled attackers to steal other users' cookies and take
control of their accounts. It is not believed that this particular flaw affected any other
2011-216 WHID 2011-216: Potential account theft with XSS hole in eBay.de national eBay sites. http://www.h-online.com/security/news/item/Potential-account-theft-with-XSS-hole-in-eBay-de-1320908.html 8/10/2011 Cross-site Scripting (XSS)
Improper Output HandlingSession Hijacking Web 2.0 Campbell, CA
Meanwhile, TeaMp0isoN attacked the NASA discussion forum, saying it is vulnerable to
2011-215 WHID 2011-215: Hacker group hits NASA site SQL injection. http://www.thehackernews.com/2011/08/teamp0ison-nasa-forum-is-vulnerable-sql.html 8/9/2011 SQL Injection Improper Input Handling Leakage of Information Government
RIM's corporate blog has been defaced with threats as part of a protest against the
2011-214 WHID 2011-214: BlackBerry blog hacked with riot-related threats BlackBerry maker's plans to hand over information on London rioters to the police. http://www.theregister.co.uk/2011/08/09/blackberry_blog_riot_hack/ 8/9/2011 Unknown Improper Output HandlingDefacement Technology Plano, TX
A malware infection, based on known flaws, has hit millions of e-commerce Web pages in
2011-213 WHID 2011-213: Malware Wave Infects Six Million e-Commerce Pages the past two weeks http://www.eweekeurope.co.uk/news/malware-wave-infects-six-million-e-commerce-pages-36281 8/8/2011 Known Vulnerability Application Misconfiguration
Planting of Malware Multiple Multiple Yes Willysy osCommerce
AntiSec said that it had compromised servers at Brooks-Jeffrey, a Mountain Home, Ark.
company that runs a computer store and online marketing firm. Brooks-Jeffrey Marketing
builds websites for sheriff's agencies throughout the southern United States. "It took less
than 24 hours to root BJM's server and copy all their data to our private servers," AntiSec
2011-212 WHID 2011-212: AntiSec hackers dump data after hacking police websites said in a statement posted Saturday. http://www.computerworld.com/s/article/9218961/AntiSec_hackers_dump_data_after_hacking_police_websites 8/7/2011 Unknown Unknown Leakage of Information Law Enforcement Yes AntiSec
North Korea's cash-strapped government has begun deploying hackers who pilfer points
at South Korean gaming sites which they then convert into cash, according to The New
2011-211 WHID 2011-211: North Korean Hackers Stealing Gaming Money for Government York Times. http://www.ibtimes.com/articles/193025/20110805/north-korean-hackers-north-korea-gaming-korea-gaming-hackers-south-korea-online-gaming-chinese-gold.htm 8/5/2011 Process Automation Insufficient Anti-automation
Monetary Loss Entertainment South Korea
The Zimbabwe Stock Exchange's website has been hacked, forcing the ZSE to
2011-210 WHID 2011-210: Zimbabwe Stock Exchange website hacked temporarily close the website pending investigations and maintenance of the site. http://bulawayo24.com/index-id-news-sc-national-byo-6207-article-zimbabwe+stock+exchange+website+hacked.html 8/4/2011 Unknown Unknown Downtime Finance Harare, ZW
On January 22, 2011 a Fedora contributor received an email from the Fedora

Accounts System indicating that his account details had been changed. He

contacted the Fedora Infrastructure Team indicating that he had received

the email, but had not made changes to his FAS account. The Infrastructure

Team immediately began investigating, and confirmed that the account had

2011-21 WHID 2011-21: Fedora servers breached after external compromise indeed been compromised. http://www.theregister.co.uk/2011/01/25/fedora_server_compromised/ 22-Jan-11 Brute Force Insufficient AuthenticationSession Hijacking Technology No
A total of 117 Indian government websites were defaced by hackers from January to June
this year, prompting the government to take additional security measures, a federal
2011-209 WHID 2011-209: Over 100 Indian Govt. Websites Defaced Since January minister told Parliament. http://www.pcworld.com/businesscenter/article/237286/over_100_indian_govt_websites_defaced_since_january.html 8/4/2011 Unknown Improper Output HandlingDefacement Government India Yes 117
The Moroccan activist website Mamfakinch! came under a distributed denial-of-service
(DDoS) attack on Sunday 31 July, 2011, which blocked access to its main platform for
2011-208 WHID 2011-208: Morocco: Activist Website Sustains DDoS Attack several hours. The website is now back online. http://globalvoicesonline.org/2011/08/03/morocco-militant-website-sustains-ddos-attack/ 7/31/2011 Denial of Service Insufficient Anti-automation
Downtime Politics San Francisco, CA
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
While a number of websites and mailing lists have fallen victim to attacks intent on stealing
personal information or just proving that the hack was possible, whoever managed to
penetrate the security of the Hershey's Chocolate website had a much more insidious
2011-207 WHID 2011-207: Hershey's Website Hacked... To Change Recipe goal: changing recipes. http://consumerist.com/2011/08/hersheys-website-hacked-to-change-recipe.html 8/3/2011 Unknown Unknown Disinformation Retail Cambridge. MA
Anonymous is building a bigger, more vicious weapon to replace its current DDoS tool.
The new attack program, called #RefRef, is being developed in time for the Blackhat
conference in Las Vegas and was recently tested on the currently unhappy Pastebin
2011-206 WHID 2011-206: Anonymous attacks PasteBin to test new DDoS attack tool website. http://www.digitaltrends.com/web/anonymous-attacks-pastebin-to-test-new-ddos-attack-tool/ 8/2/2011 Denial of Service Improper Input Handling Downtime Technology
More details have emerged of an e-commerce software flaw linked to the theft of credit
card information from numerous websites. A security flaw in osCommerce, an open
source e-commerce package, created a means for criminals to compromise 90,000 web
pages with redirection scripts that ultimately directed surfers towards a site serving up an
2011-205 WHID 2011-205: Sneaky Trojan exploits e-commerce flaws exploit toolkit designed to compromise visitors' PCs. http://www.theregister.co.uk/2011/08/01/banking_trojan_exploits_ecommerce_website_flaws/ 8/1/2011 Directory Traversal Improper Input Handling Planting of Malware Retail Yes osCommerce Flaw 90,000 osCommerce
LiveJournal is weathering a massive web attack that has meant service disruptions for
people who read and write the more than 16 million journals hosted on the community and
2011-204 WHID 2011-204: LiveJournal groans under 'immense' DDos attack blogging service. http://www.theregister.co.uk/2011/07/27/livejournal_ddos_attack/ 6/27/2011 Denial of Service Insufficient Anti-automation
Downtime Web 2.0 San Francisco, US
A simple SQL injection was apparently all it took to break into the server. Anonymous says
2011-203 WHID 2011-203: Anonymous hacks NATO servers that it will be putting more "interesting data" online over the next few days. http://www.h-online.com/security/news/item/Anonymous-hacks-NATO-servers-1284000.html 7/22/2011 SQL Injection Improper Input Handling Leakage of Information Politics Brussels, BE
Well, seems like LulzSec has returned, and moved beyond the DDOS attack! Not content
to merely shut down one of Rupert Murdoch's paper's websites, the hacking group has
instead planted a bizarro-Onionesque account of the mogul's death-by-palladium on a
2011-202 WHID 2011-202: LulzSec Hacks The Times with Brutal Murdoch Death Notice Times redesign page masquerading as The Sun. http://gizmodo.com/5822392/anonymous-hacks-the-sun-with-brutal-murdoch-death-notice 7/18/2011 Local File Inclusion (LFI)Improper Input Handling Disinformation Media USA
The website of the Special Broadcasting Service (SBS) has been victim of a hacking
2011-201 WHID 2011-201: Hacked SBS links to risky content attack over the weekend, with users visiting the site exposed to malware. http://www.zdnet.com.au/hacked-sbs-links-to-risky-content-339318734.htm 7/18/2011 Unknown Improper Output HandlingPlanting of Malware Media Findon, AU
TOKYO (Dow Jones)-Toshiba Corp. (6502.TO) said Saturday that its U.S. sales
subsidiary's server has been hacked and e-mail addresses and passwords for 681
customers have been compromised. Read more: http://www.foxbusiness.
2011-200 WHID 2011-200: Toshiba: US Unit's Server Has Been Hacked com/industries/2011/07/16/toshiba-us-units-server-has-been-hacked/#ixzz1VmhuIq1l http://www.foxbusiness.com/industries/2011/07/16/toshiba-us-units-server-has-been-hacked/ 7/16/2011 Unknown Unknown Leakage of Information Technology Irvine, CA
Users of the 4chan online message board managed to get access to the online student
information system used by a New Jersey school district after the school's administrative
2011-20 WHID 2011-20: Hackers Get Access to New Jersey School Data System password was posted to 4chan last week. http://www.pcworld.com/businesscenter/article/217601/hackers_get_access_to_new_jersey_school_data_system.html 24-Jan-11 Brute Force Insufficient Anti-automation
Session Hijacking Education New Jersey No
Cosmetics company Lush has warned customers that its UK website has been hacked
repeatedly over the past three months, exposing credit-card details to fraudulent use. The
website of cosmetics retailer Lush has been hacked repeatedly over the last three months.
Lush did not release technical details of the attack, nor specify the number of customers
compromised or the security techniques used to handle the data involved, but anecdotal
evidence indicates that some customers have been the victims of fraud. The company
sent an email statement to customers on Thursday outlining the incident and urging them
2011-2 WHID 2011-2: Attacks on Lush website expose credit-card details to contact their banks. http://www.zdnet.co.uk/news/security/2011/01/21/attacks-on-lush-website-expose-credit-card-details-40091520/ 1/20/2011 SQL Injection Improper Input Handling Credit Card Leakage Retail United Kingdom No
LADY Gaga has called in police after thousands of her fans‰Ûª personal details were
stolen from her website. Her record label Univeral acted after the site was hacked into by
US cyber attackers SwagSec. Read more: http://www.mirror.co.
uk/celebs/news/2011/07/16/lady-gaga-website-hacked-and-fans-details-stolen-115875-
23274356/#ixzz1VmgaY2wp Go Camping for 95p! Vouchers collectable in the Daily and
2011-199 WHID 2011-199: Lady Gaga website hacked and fans' details stolen Sunday Mirror until 11th August . Click here for more information http://www.mirror.co.uk/celebs/news/2011/07/16/lady-gaga-website-hacked-and-fans-details-stolen-115875-23274356/ 7/16/2011 SQL Injection Improper Input Handling Leakage of Information Entertainment United Kingdom
According to the Pastebin post, the members of Anonymous who are involved in the
AntiSec hacking campaign were able to gain initial access to IRC Federal by using a SQL
2011-198 WHID 2011-198: AntiSec leaks secret IRC Federal security data injection attack. http://blogs.computerworld.com/18593/anonymous_hacks_fbi_contractor_antisec_leaks_secret_irc_federal_security_data?source=rss_blogs 7/10/2011 SQL Injection Improper Input Handling Leakage of Information Government Washington, DC
The group incapacitated IRC Federal‰Ûªs website with a Denial of Service (DoS) attack
early on July 8, and simultaneously breached the website‰Ûªs networks. They also
2011-197 2011-197: Anonymous Hackers Attack Government-Contracted Company IRC Federal posted information stolen in the cyber-attack on PasteBin, a text posting website. http://www.theepochtimes.com/n2/technology/anonymous-hackers-attack-government-affiliated-company-irc-federal-58864.html 7/9/2011 Denial of Service Insufficient Anti-automation
Downtime Government Scottsdale, AZ
Kiplinger Washington Editors Inc., the publisher of Kiplinger‰Ûªs Personal Finance,
warned customers that hackers breached its computer network at least as early as June
2011-196 WHID 2011-196: Kiplinger Warns Customers Hackers Got Account, Credit Card Information 25 and stole account data, including credit card numbers. http://www.bloomberg.com/news/2011-07-08/kiplinger-warns-customers-hackers-got-account-information-1-.html 7/9/2011 Unknown Unknown Leakage of Information Finance Washington, DC
For the second time in a week, a hacker has broken into systems connected with voting in
2011-195 WHID 2011-195: Florida Election Servers Hacked Again Florida, stolen data, and released it to the public. http://www.informationweek.com/news/security/attacks/231001248 7/8/2011 SQL Injection Improper Input Handling Leakage of Information Government Florida
‰ÛÏWe‰Ûªre still trying to uncover all the details,‰Û said McKinney, ‰ÛÏbut it looks
like we got a virus in one of the computers, then when we connected with Rabobank for a
wire transfer, it got mirrored and sent out other transfers. We‰Ûªre looking into how it got
around all of the security measures.‰Û Read more: http://www.sanluisobispo.
2011-194 WHID 2011-194: Hacker tries to steal $83,000 from Atascadero city bank account com/2011/07/07/1674252/atascadero-bank-account-hacked.html#ixzz1VmEgzLAp http://www.sanluisobispo.com/2011/07/07/1674252/atascadero-bank-account-hacked.html 7/8/2011 Banking Trojan Insufficient Anti-automation
Monetary Loss Finance Atascadero, CA
The Post says the hackers obtained user IDs and e-mail addresses, but ‰ÛÏno
passwords or other personal information was affected.‰Û The paper is pursuing the
2011-193 WHID 2011-193: Washington Post Jobs website hacked matter with law enforcement. A letter to customers about the hack is after the jump. http://www.poynter.org/latest-news/romenesko/138263/washington-post-jobs-website-hacked/ 7/7/2011 Unknown Unknown Leakage of Information Media USA
A disgruntled customer appears to have taken control of PayPal UK's Twitter account and
2011-192 WHID 2011-192: PayPal UK Twitter account hacked has used it to complain about the service in a series of angry tweets on the service. http://www.guardian.co.uk/technology/blog/2011/jul/05/paypal-uk-twitter-hack-customer 7/5/2011 Unknown Unknown Account Takeover Retail San Francisco, CA
Sony Music Ireland has said it is looking into an incident on its website after three fake
news stories appeared on its homepage this morning. The website has been removed and
2011-191 WHID 2011-191: Sony Music Ireland website hacked the www.sonymusic.ie domain is re-directing to the company's Facebook page. http://www.rte.ie/news/2011/0705/sony.html 7/5/2011 Unknown Unknown Disinformation Entertainment McLean, VA
For some hours Monday, a hacker group "hijacked" the Twitter account of US-based news
outfit Fox News, using its Twitter account to post fake messages, including those that
2011-190 WHID 2011-190: Hacker group ‰Û÷hijacks‰Ûª news site‰Ûªs Twitter account, claims Obama claimedis dead US President Barack Obama II was shot dead. http://www.gmanews.tv/story/225234/technology/hacker-group-hijacks-news-sites-twitter-account-claims-obama-is-dead 7/4/2011 Unknown Unknown Disinformation Web 2.0 San Francisco, US
Living Social doesn't do server side quantity validation (at least they didn't yesterday).
Who cares you say? Well Amazon.com for one. Their latest offer of a $20 gift certificate for
$10 has the explicit restriction of ONE per customer and no gifts. You see, Amazon
actually only wants to discount their product for new customers or existing customers only
on $20 of merchandise. If Amazon knew there was a way to buy say 100 vouchers and
2011-19 WHID 2011-19: Living Social Hacked (Update) receive $2000 of Amazon merchandise for $1000, they would probably blow a gasket. http://www.deepgreencrystals.com/archives/2011/01/living-social-h.html 1/19/2011 Hidden Parameter Manipulation
Improper Input Handling Monetary Loss Retail No
Three hours ago Anonymous tweeted that they managed to steal 27 usernames and
passwords from Apple.com (from this link here) when attacked with a basic SQL injection.
Now, at this time only 27 accounts have been compromised and they aren‰Ûªt
usernames pertaining to the public. Nonetheless, it‰Ûªs alarming given Apple‰Ûªs
claims about security ‰ÛÓ to be hacked using a simple SQL based method ‰ÛÓ as well
2011-189 WHID 2011-189: Anonymous Teases SQL-Based Apple Hack With 27 Stolen Account Names as the fact that Anonymous claims Apple could be their next target. http://gadgetsteria.com/2011/07/03/anonymous-teases-sql-based-apple-hack-with-27-stolen-account-names-says-they-could-be-next-target/ 7/3/2011 SQL Injection Improper Input Handling Leakage of Information Technology Cupertino, US
Two days after a hacker defaced its site, the World Wildlife Fund Philippine chapter
2011-188 WHID 2011-188: WWF site attacked again; hacker leaves 'tips' suffered another attack Friday, with the hacker leaving behind tips to improve its security. http://www.gmanews.tv/story/224956/technologoy/wwf-site-attacked-again-hacker-leaves-tips 7/1/2011 SQL Injection Improper Input Handling Leakage of Information Politics Provo, US
The Iowa heist is part of latest wave of cyber-crime: account takeover fraud. In it, crime
gangs, many located in Eastern Europe, target small towns, community banks and civic
2011-187 WHID 2011-187: Hackers hit church's collection plate organizations which often lack high-tech defenses. http://www.cbsnews.com/stories/2011/06/30/eveningnews/main20075926.shtml 6/30/2011 Banking Trojan Insufficient AuthenticationMonetary Loss Finance Des Moines, IA
ZDNet China revealed that the attacker exploited a cross-site scripting (XSS) vulnerability
to run a malware program in Weibo's Web pages, causing the number of affected users to
increase multiple fold. While no personal information was breached, users were reminded
2011-186 WHID 2011-186: First Weibo Attack is CSRF Worm to clear their cache for security purposes. http://www.zdnetasia.com/no-data-breach-in-first-weibo-attack-62301014.htm 6/30/2011 Cross-site Request Forgery
Improper
(CSRF)
Output HandlingWorm Web 2.0 Beijing, CN
A group known as Lulz Security (LulzSec) has announced that it has hacked into the
Zimbabwe government website (http://www.gta.gov.zw) and taken material on ‰
2011-185 WHID 2011-185: Hacking group targets Zimbabwe government website ÛÏeverything‰Û there is to know about the government‰Ûªs internet database. http://www.swradioafrica.com/news290611/hacking290611.htm 6/29/2011 Unknown Unknown Leakage of Information Government Harare, ZW
A magazine subscriptions database which held personal information of members of the
2011-184 WHID 2011-184: Magazine's database of US military personnel is hacked US armed forces has been hacked into, according to an American media company. http://www.guardian.co.uk/technology/2011/jun/29/hackers-us-military-magazine-defense-news 6/29/2011 SQL Injection Improper Input Handling Leakage of Information Media McLean, VA
Updated MasterCard's website became difficult to reach on Tuesday following the launch
of an apparent denial of service attack. Twitter user @ibomhacktivist claimed
responsibility for the reported assault, which it said had been motivated by Mastercard's
decision to suspend an account maintained by WikiLeaks in the wake of the whistle-
blowing site's decision to start releasing leaked US diplomatic cables last November. Or
2011-183 WHID 2011-183: Mastercard blitzed again in further DDoS attack something like that. http://www.theregister.co.uk/2011/06/28/mastercard_ddos_again/ 6/28/2011 Denial of Service Insufficient Anti-automation
Downtime Finance Cambridge, MA
Groupon, a leading daily deals store which entered into the Indian markets via acquisition
of Kolkata based local deals shop SoSasta.com, suffered a ‰ÛÏsecurity issue‰Û on
their systems. The break-in happened over the weekend and it is highly likely that all
2011-182 WHID 2011-182: Groupon India (SoSasta.com) Suffers Security Issue, User Account Informationusernames
Possibly Compromised
and passwords were stolen. http://techie-buzz.com/tech-news/groupon-india-sosasta-com-suffers-security-issue-user-account-information-possibly-compromised.html 6/27/2011 Unknown Unknown Leakage of Information Web 2.0 India
Hacker group Anonymous said on Thursday it has launched DDoS (distributed denial of
service) attacks on some Turkish government websites, in protest against government
plans to introduce Internet filtering. The move comes a few days before Turkey holds
2011-181 WHID 2011-181: Anonymous hacktivists assault Turkish government websites parliamentary elections on Sunday. http://news.techworld.com/security/3285182/anonymous-hacktivists-assault-turkish-government-websites/ 6/10/2011 Denial of Service Insufficient Anti-automation
Downtime Government Ankara, TR
We don't know what specific flaws were exploited in this attack, but seeing that it is a
webmail server the most likely method was SQL injection. It is extremely important to keep
web servers patched and up to date, especially if they are running Linux using commonly
2011-180 WHID 2011-180: Hackers break into Tony Blair's webmail server, disclose former PM's address book
exploited CMSs, webmail solutions and blogging software. http://nakedsecurity.sophos.com/2011/06/25/hackers-break-into-tony-blairs-webmail-server-disclose-former-pms-address-book/ 6/25/2011 SQL Injection Improper Input Handling Leakage of Information Hosting Providers United Kingdom
The Facebook account of Nicolas Sarkozy was hacked over the weekend to post the false
2011-18 WHID 2011-18: French president recovers from Facebook hack rumour that the French president would not seek re-election next year. http://www.theregister.co.uk/2011/01/24/french_pres_facebook_hack/ 24-Jan-11 Stolen Credentials Insufficient AuthenticationDisinformation Web 2.0 Palo Alto, CA No Facebook
Hackers may now have access to the personal information for 60-thousand T&T
Supermarket customers.The company is warning people who used T&T's website this
2011-179 WHID 2011-179: T & T Supermarket website hacked month. http://www.news1130.com/news/local/article/245594--t-t-supermarket-website-hacked 6/24/2011 Unknown Unknown Leakage of Information Retail Brampton, CA
After being hacked by LulzSec several weeks ago, PBS appears to have learned nothing.
A new hack by ‰ÛÏWarv0x‰Û (AKA Kaihoe) uses the same basic SQL injection
technique LulzSec has been using on their many victims, and once again has exposed
2011-178 WHID 2011-178: Part II: PBS Hacked Again. Entire Database Exposed With Simple SQL Injection PBS.org‰Ûªs entire database. http://gadgetsteria.com/2011/06/24/part-ii-pbs-hacked-again-entire-database-exposed-with-simple-sql-injection/ 6/24/2011 SQL Injection Improper Input Handling Leakage of Information Media Arlington, VA
NATO said that one of its websites was the subject of a probable data breach, but it did
2011-177 WHID 2011-177: NATO website 'hacked' not contain any classified data. http://timesofindia.indiatimes.com/tech/news/internet/NATO-website-hacked/articleshow/8973297.cms 6/24/2011 Unknown Unknown Leakage of Information Government Brussels, BE
Hackers briefly disabled three websites belonging to the Brazilian government early on
Wednesday in the latest of an international wave of cyber attacks on companies and
2011-176 WHID 2011-176: Brazil government latest victim of hacker attack organizations. http://www.reuters.com/article/2011/06/22/us-cybersecurity-brazil-hackers-idUSTRE75L31K20110622 6/22/2011 Denial of Service Insufficient Anti-automation
Downtime Government Brazil
Due to the recent events at MtGox.com, we at Britcoin have decided to move our servers
to a new location," read a Britcoin statement. "MtGox suffered an SQL injection [a form of
hacking attack that creates direct access to databases and files] which means access to
2011-175 WHID 2011-175: LulzSec rogue suspected of Bitcoin hack the site's funds were in the hands of the malicious hacker. http://www.guardian.co.uk/technology/2011/jun/22/lulzsec-rogue-suspected-of-bitcoin-hack 6/22/2011 SQL Injection Improper Input Handling Monetary Loss Finance Mountain View, CA
Two attacks on consecutive days left Web host and domain name registry Network
Solutions' customers unable to access their Web sites and servers. A distributed denial-of-
service (DDoS) attack was carried out against Network Solutions on yesterday afternoon,
and again this morning, according to a post on the company's official blog by spokesman
Shashi Bellamkonda. Read more: http://news.cnet.com/8301-31021_3-20073054-
2011-174 WHID 2011-174: Network Solutions suffers two DDoS attacks 260/network-solutions-suffers-two-ddos-attacks/#ixzz1Q7eXdQJd http://news.cnet.com/8301-31021_3-20073054-260/network-solutions-suffers-two-ddos-attacks/ 6/21/2011 Denial of Service Insufficient Anti-automation
Downtime Service Providers Herndon, VA
Mischief makers LulzSec say they have downed the website of the UK's Serious
Organised Crime Agency (Soca). The site www.soca.gov.uk disappeared completely from
the web this afternoon and is now timing out regularly although is occasionally accessible.
The site appears to be the victim of a DDoS attack. Read more: http://www.thinq.co.
2011-173 WHID 2011-173: LulzSec takes out Serious Organised Crime Agency uk/2011/6/20/lulzsec-takes-out-serious-organised-crime-agency/#ixzz1Q7c7o8M0 http://www.thinq.co.uk/2011/6/20/lulzsec-takes-out-serious-organised-crime-agency/ 6/20/2011 Denial of Service Insufficient Anti-automation
Downtime Government United Kingdom
According to a plain text post on Pastebin, Idahc claims that they found a SQL injection on
sonypictures.fr but they will not publish the entire database and that they didn't upload a
shell. They said that this was a POC while claiming not to be black hats. They said data
retrieved from the site includes personal user information and there are a total of 177172
2011-172 WHID 2011-172: Sony Pictures French Website Hacked... Again! email addresses. http://tech2.in.com/news/general/sony-pictures-french-website-hacked-again/226062 6/20/2011 SQL Injection Improper Input Handling Leakage of Information Entertainment France
The hacking group LulzSec has hit the US government for the second time in a week,
taking down the website of the CIA. A spokesperson told Reuters that its website was
taken down, but that the group were prevented from accessing any sensitive data.
According to the news agency, this attack was similar to the attack on the Senate in that
2011-171 WHID 2011-171: CIA website taken down by DDoS attack hackers broke into the public site and downloaded information. http://www.scmagazineuk.com/cia-website-taken-down-by-ddos-attack/article/205403/ 6/16/2011 Denial of Service Insufficient Anti-automation
Downtime Government Vienna, VA
Over the last two days MindBodyOnline.com has joined the ranks of those attacked by
Internet hackers. Using a Denial of Service Attack hackers have successfully shutdown
the online software program which provide services to thousands of day spas, massage
2011-170 WHID 2011-170: Internet hackers take down major online spa management system facilities, yoga and pilates studios and similar clients in over 50 countries. http://www.examiner.com/massage-therapy-in-national/internet-hackers-take-down-major-online-spa-management-system 6/17/2011 Denial of Service Insufficient Anti-automation
Downtime Retail Sunnyvale, CA
On Saturday, Google Bangladesh appeared to have been hacked. When some users went
to the Google site, they saw a message from the TiGER-M@TE hacker group that the site
was taken over.

Reports came in at the Google Webmaster Help forum where we learned the issue was
around DNS servers being taken over and some users who replied on those DNS servers
2011-17 WHID 2011-17: DNS Hack Brings Down Google Bangladesh For Many were being taken from Google.com.bd to this hacked version. http://www.seroundtable.com/google-bangladesh-dns-hack-12773.html 10-Jan-11 DNS Hijacking Application Misconfiguration
Defacement Search Engine Bangladesh No
Over the past few months, a slew of hacks, DDoS attacks and data breaches have rocked
the gaming world. After the infamous hack of the PlayStation Network, many thought that it
would be the end of the attacks, but publishers like Nintendo, Bethesda, Codemasters and
Epic have all suffered from various breaches in security. The hackers have struck again,
this time infiltrating Sega‰Ûªs database. Only moments ago, Sega sent out an email to
2011-169 WHID 2011-169: Sega Pass Database Hacked, Account Information Compromised their Sega Pass users informing them of the hack http://playstationlifestyle.net/2011/06/17/sega-pass-database-hacked/ 6/17/2011 SQL Injection Improper Input Handling Leakage of Information Entertainment United Kingdom
Lulz Security continues grabbing the lime light with its hacking activities and this time its
latest target is the public website of the U.S. Central Intelligence Agency (CIA). There
recent attack brought the CIA website down for couple of hours and remained inaccessible
for all that time, however,the hack claim could not immediately be verified. It was not clear
if the distortion was due to LulzSec's efforts or due to the large number of internet users
trying to check the site. The group claimed the attack to be carried out by them on its
2011-168 WHID 2011-168: Hacker Group Lulz Security attacks CIA's website Twitter feed where they displayed a message saying "Tango down - cia.gov - for the lulz," http://www.siliconindia.com/shownews/Hacker-Group-Lulz-Security-attacks-CIAs-website-nid-84765.html?utm_source=clicktrack&utm_medium=banner&utm_campaign=DontMiss
6/16/2011 Denial of Service Insufficient Anti-automation
Downtime Government Vienna, VA
The U.S. Senate site was hacked again yesterday, Reuters reports. According to the news
service, hackers breached the site and stole information, though the type of data taken
was not divulged. Martina Bradford, the U.S. Senate's deputy sergeant at arms, confirmed
the breach to Reuters yesterday. However, she said, the hackers are "getting nothing" of
value and the Senate so far has "been able to stay ahead of the hackers and keep them
out of the main separate network." Read more: http://news.cnet.com/8301-13506_3-
2011-167 WHID 2011-167: Report: U.S. Senate site hacked again 20071538-17/report-u.s-senate-site-hacked-again/#ixzz1PY70GqZ8 http://news.cnet.com/8301-13506_3-20071538-17/report-u.s-senate-site-hacked-again/ 6/16/2011 Unknown Unknown Leakage of Information Government Washington, DC
Notorious hackivist group Lulzsec has brought down Australian domain registrar and web
hosts Distribute.IT and publicly published a list of 62,000 international email addresses
2011-166 WHID 2011-166: Lulzsec gets hacking downunder and passwords. http://www.theregister.co.uk/2011/06/17/lulzsec_release_aus_data/ 6/11/2011 Unknown Unknown Leakage of Information Hosting Providers Australia
A local gaming company is the latest to fall victim to online hackers. In a statement posted
on its website Tuesday, BioWare said a hacker gained unauthorized access to the
decade-old BioWare community server system associated with the Neverwinter Nights
2011-165 WHID 2011-165: Alberta gaming company hit by hackers forums. http://www.torontosun.com/2011/06/17/alberta-gaming-company-hit-by-hackers 6/17/2011 Unknown Unknown Leakage of Information Entertainment Alberta, CA
Hackers struck Malaysian websites for a second day on Friday, an Internet regulator said,
as the country scrambled to bring its government portal back online after the latest
2011-164 WHID 2011-164: Hackers strike Malaysian websites for a 2nd day outbreak in a cyberwar waged by online activists. http://www.reuters.com/article/2011/06/17/malaysia-hackers-idUSL3E7HH1D220110617 6/17/2011 Denial of Service Insufficient Anti-automation
Downtime Government Malaysia
The number of websites targeted by LulzSec is steadily increasing. After targeting
Bethesda, Sony and a whole lot of websites, they have now launched a series of
distributed denial of service (DDoS) attacks on Escapist magazine, as well as other
2011-163 WHID 2011-163: LulzSec Targets Gaming Websites in its Titanic Takeover Tuesday gaming websites. They have termed the day ‰ÛÒ Titanic Takeover Tuesday. http://tech2.in.com/news/general/lulzsec-targets-gaming-websites-in-its-titanic-takeover-tuesday/225312 6/15/2011 Denial of Service Insufficient Anti-automation
Downtime Entertainment Yes Titanic Takeover Tuesday
Games developer Epic Games has reset user passwords following the discovery of a hack
attack against its websites. Criminal miscreants made off with email addresses and
encrypted passwords of forum users after breaking into Epic's forum site. Epic's main web
site was also hit, according to an email sent by the firm over the weekend and forwarded
2011-162 WHID 2011-162: Games co Epic resets passwords after hack attack by readers to El Reg. http://www.theregister.co.uk/2011/06/13/games_firm_epic_breach/ 6/13/2011 Unknown Unknown Leakage of Information Entertainment Cary, NC
Lowyat.net founder and chief executive officer Vijandren Ramadass said an SQL injection
(a code injection technique that exploits a security vulnerability in the database) could be
2011-161 WHID 2011-161: Price watch portal hacked used on the price watch portal to retrieve the entire database remotely. http://thestar.com.my/news/story.asp?file=/2011/6/11/nation/8883275&sec=nation 6/11/2011 SQL Injection Improper Input Handling Leakage of Information Retail Ipoh, MY
Another day, another hack. This time, the Web site for UK game developer Codemasters
has been compromised. In a Thursday note posted on the company's forums,
Codemasters said that hackers gained unauthorized entry to Codemasters.com on Friday,
June 3. "As soon as the intrusion was detected, we immediately took codemasters.com
and associated web services offline in order to prevent any further intrusion," a
2011-160 WHID 2011-160: Hackers Hit UK Game Publisher Codemasters spokeswoman said. http://www.pcmag.com/article2/0,2817,2386727,00.asp 6/3/2011 Unknown Unknown Leakage of Information Entertainment United Kingdom
Political Hacktivism. North Korea is accusing South Korean Internet users of hacking into
one of its websites, calling the behavior a provocation aimed at undermining its national
dignity. The North's government-run Uriminzokkiri website said Tuesday that South
Korean Internet users recently deleted articles on the site and posted messages
2011-16 WHID 2011-16: North Korea: South Korea Cyber Attack Accusation After Website Hacked slandering the North's dignity. http://www.huffingtonpost.com/2011/01/11/north-korea-accuses-south_1_n_807436.html 11-Jan-11 Unknown Unknown Defacement Government North Korea No South Korea
The same Lebanese hacker who targeted Sony Europe on Friday has now dumped a
database from Sony Portugal. The hacker claims to be a grey hat, not a black hat,
according to his post to pastebin.com. "I am not a black hat to dump all the database I am
Grey hat" Instead of dumping the entire database like many previous Sony attackers,
idahc only dumped the email addresses from one table in Sony's database. He claims to
have discovered three different flaws on SonyMusic.pt, including SQL injection, XSS
2011-159 WHID 2011-159: Sony Portugal latest to fall to hackers (cross-site scripting) and iFrame injection. http://nakedsecurity.sophos.com/2011/06/09/sony-portugal-latest-to-fall-to-hackers/ 6/9/2011 SQL Injection Improper Input Handling Leakage of Information Entertainment Muenchen, DE
Citigroup acknowledged on Thursday that unidentified hackers had breached its security
2011-158 WHID 2011-158: Citigroup Card Customers‰Ûª Data Hacked and gained access to the data of hundreds of thousands of its bank card customers. http://dealbook.nytimes.com/2011/06/09/citigroup-card-customers-data-hacked/ 6/9/2011 Predictable Resource Location
Insufficient Authorization Leakage of Information Finance New York, NY
The British goverment‰Ûªs Secrect Intelligence Service department called MI6 has
carried out a rather amusing, but also very important website hack. The terrorist
organization al-Qaeda has a number of ways to get new recruits, or teach existing
members how to make bombs, and generally cause upset and violence in whatever area
of the world they operate. One such information point is a new English-language online
magazine that had information on how to make bombs using common househols items in
2011-157 WHID 2011-157: MI6 replace al-Qaeda bomb-making instructions with cupcake recipes your kitchen. http://www.geek.com/articles/geek-cetera/mi6-replace-al-qaeda-bomb-making-instructions-with-cupcake-recipes-2011066/ 6/6/2011 Unknown Unknown Disinformation Information Services Yemen
A local MP's Twitter account fell victim to part of a hoax about Prime Minister Stephen
Harper Tuesday. False information on the hacked Conservative Party website said the
prime minister was rushed to Toronto General Hospital by helicopter after his wife called
2011-156 WHID 2011-156: Conservative Party website hacked 911. http://www.newsdurhamregion.com/news/article/178825 6/7/2011 Unknown Unknown Disinformation Government Ottawa, CA
Despite its vaunted technological knowhow, even the Massachussetts Institute of
Technology (MIT) was not spared from hackers who broke into its website and posted the
stolen data online. The hacker named Cyber_Owner broke into MIT's International Liaison
2011-155 WHID 2011-155: Hacker breaks into MIT website Program site (ilp.mit.edu), The Hacker News reported Wednesday. http://www.gmanews.tv/story/222877/technology/hacker-breaks-into-mit-website 6/8/2011 SQL Injection Improper Input Handling Leakage of Information Education Cambridge, MA
VietNamNet Bridge ‰ÛÒ Just within several days of early June, technology and security
forums have reckoned hundreds of ‰ÛÏ.vn‰Û websites which have been hacked,
2011-154 2011-154: Hundreds of websites in Vietnam hacked including the websites of government agencies and ministries. http://english.vietnamnet.vn/en/science-technology/9213/hundreds-of-websites-in-vietnam-hacked.html 6/6/2011 Unknown Improper Output HandlingDefacement Government Hanoi, VN
nfraGard Atlanta Members Alliance said Sunday that about 180 passwords belonging to
members of the FBI partner organization have been stolen and leaked to the Internet.
Paul Farley, president of the organization, told The Associated Press (AP) that the logins
belonged to members of the local chapter of InfraGard, a public-private partnership
devoted to sharing information about threats to U.S. physical and Internet infrastructure.
"Someone did compromise the website," Farley told AP. "We do not at this time know how
2011-153 WHID 2011-153: FBI Partner Organization Website Hacked the attack occurred or the method used to reveal the passwords." http://www.redorbit.com/news/technology/2059174/fbi_partner_organization_website_hacked/ 6/6/2011 SQL Injection Improper Input Handling Leakage of Information Government Atlanta, GA
A distributed denial-of-service (DDoS) attack against Atlassian's hosting provider took the
company's Software-as-a-Service (SaaS) platform down for a few hours this morning, with
2011-152 WHID 2011-152: DDoS attack takes down Atlassian's SaaS platform services returning this afternoon. http://www.zdnet.com.au/atlassian-downed-by-ddos-attack-339316263.htm 6/6/2011 Denial of Service Insufficient Anti-automation
Downtime Technology Saint Louis, MO
According to police, Joseph B. Campbell used phishing to trick his victims -- some of
whom he knew from high-school -- into divulging their passwords. He'd get email
addresses from their Facebook pages, and then send his victims phoney electronic
greeting cards that would ask them for login information for Web mail accounts, said
2011-151 WHID 2011-151: Hacker Arrested for Stealing Nude Photos Thomas Edwards, chief of police with the Belleair Police Department. http://www.computerworld.com/s/article/9217319/Police_Man_stole_nude_photos_from_hacked_e_mail_accounts 6/6/2011 Phishing Insufficient AuthenticationLeakage of Information Hosting Providers
Trend‰Ûªs researchers in Taiwan also identified attacks that exploit a vulnerability in the
Microsoft Hotmail web email service. ‰ÛÏRather than clicking a malicious link, even the
simple act of previewing the malicious email message can compromise a user‰Ûªs
account‰Û , noted Villeneuve. ‰ÛÏThis phishing email pretended to be from the
2011-150 WHID 2011-150: Yahoo!, Hotmail accounts targeted by hackers Facebook security team.‰Û http://www.infosecurity-us.com/view/18446/yahoo-hotmail-accounts-targeted-by-hackers/ 6/6/2011 Cross-site Scripting (XSS)
Improper Output HandlingSession Hijacking Hosting Providers Redmond, WA
An IT analyst has uncovered the lingering remnants of a 2009 breach of security on the
website of the major retailer: secret code hidden on the website that redirected the user's
browser to a site that served up malware.

"Somebody managed to deface the site and inject that code, so that anyone visiting the
site would have loaded the malicious code from this other site," explained Mike Menefee,
2011-15 WHID 2011-15: Hacker Code Lingered on Home Depot Website founder of security website Infosec Island, which discovered the hack. http://www.foxnews.com/scitech/2011/01/11/home-depot-website-compromised/ 1/11/2011 Unknown Improper Output HandlingPlanting of Malware Retail No
The company suspended its Brazilian music entertainment website while it looks into a
possible breach, it said today. Sony also is investigating a hacker group‰Ûªs claim that it
2011-149 WHID 2011-149: Sony Investigating Two Possible Hacker Attacks, Suspends Brazil Music Site stole data related to the company‰Ûªs game operation. http://www.bloomberg.com/news/2011-06-07/sony-says-brazil-music-website-suspended-after-suspected-attack-by-hackers.html 6/7/2011 Unknown Unknown Downtime Entertainment Brazil
Well, well, well, what do we have here? The fight against corruption in India spawned a
twitter app to spread the word the other day. The Twitterverse went on a mission of
findingmanmohan yesterday, and today, an anonymous group has hacked a particular
government website with a message to Mr. Prime Minister and others (Kapil Sibal
2011-148 WHID 2011-148: India‰Ûªs fight against corruption mounts, govt website hacked probably). http://asiancorrespondent.com/56835/hacked-india%E2%80%99s-fight-against-corruption-goes-berserk-govt-website-hacked/ 6/7/2011 Unknown Improper Output HandlingDefacement Government New Delhi, India
Nintendo acknowledged a security breach in a statement yesterday, explaining that its U.
S. servers came under cyber-fire a few weeks ago, but stressed that no personal user
2011-147 WHID 2011-147: Now Nintendo Admits It Was Hacked, Says No Customer Data Stolen data was in breach. http://techland.time.com/2011/06/06/now-nintendo-admits-it-was-hacked-says-no-customer-data-stolen/#ixzz1OWrKxZOC 6/6/2011 Unknown Unknown Leakage of Information Entertainment Redmond, WA http://pastebin.com/QFJN82X4
In addition to the attack detailed above, the hacking group known as LulzSec has
compromised SonyPictures.RU through another SQL injection flaw. No personal
information was disclosed in the attack; it appears to have been designed just to continue
to point out security flaws in Sony's infrastructure to create PR problems for the media
2011-146 WHID 2011-146: LulzSec has compromised SonyPictures.RU giant. In the note, LulzSec left a message: "In Soviet Russia, SQL injects you..." http://nakedsecurity.sophos.com/2011/06/04/sony-europe-hacked-by-lebanese-hacker-again/ 6/5/2011 SQL Injection Improper Input Handling Leakage of Information Entertainment Russian Federation
By my count this is unlucky hack number 13 for Sony. A Lebanese hacker known as Idahc
dumped another user database at Sony Europe containing approximately 120 usernames,
2011-145 WHID 2011-145: Sony Europe hacked by Lebanese hacker... Again passwords (plain text), mobile phone numbers, work emails and website addresses. http://nakedsecurity.sophos.com/2011/06/04/sony-europe-hacked-by-lebanese-hacker-again/ 6/4/2011 SQL Injection Improper Output HandlingLeakage of Information Entertainment Belgium
Reportedly, a related online scam has been detected as XSS (cross-site scripting). It (the
scam) lets cyber-criminals to run a malware program on the attacked site via an end-
user's Web-browser through values created within the attacked website's URL, forms of
the web, alternatively during instances wherein websites invite visitors to post content
2011-144 WHID 2011-144: IC3 Cautions of Osama-Related XSS Assaults straight away. http://www.spamfighter.com/News-16247-IC3-Cautions-of-Osama-Related-XSS-Assaults.htm 6/6/2011 Cross-site Request Forgery
Insufficient
(CSRF)Process Validation
Link Spam Web 2.0 Apple Valley, CA
Anonymous has hacked into Iranian government servers and procured over 10,000 email
messages from the Ministry of Foreign Affairs. The Ministry‰Ûªs website is still down as
of this writing, and the servers are under Anonymous control. One of the Iranian members
of Anonymous involved with the operation sent me a message from the compromised
2011-143 WHID 2011-143: Anonymous steals 10,000 Iranian government emails, plans DDoS attack email servers as evidence that they were still under Anonymous control. http://thenextweb.com/industry/2011/06/03/anonymous-steals-10000-iranian-government-emails-plans-ddos-attack/ 6/3/2011 Unknown Unknown Downtime Government Iran
"SonyPictures.com was owned by a very simple SQL injection, one of the most primitive
and common vulnerabilities, as we should all know by now. From a single injection, we
accessed EVERYTHING. Why do you put such faith in a company that allows itself to
become open to these simple attacks? What's worse is that every bit of data we took
wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext,
which means it's just a matter of taking it. This is disgraceful and insecure: they were
2011-142 WHID 2011-142: New Sony Hack Claims Over a Million User Passwords asking for it." http://techland.time.com/2011/06/02/new-sony-hack-claims-one-million-user-passwords/ 6/2/2011 SQL Injection Improper Input Handling Leakage of Information Entertainment Tokyo, Japan
Computer hackers in China broke into the Gmail accounts of several hundred people,
including senior U.S. government officials, military personnel and political activists, Google
2011-141 WHID 2011-141: Google says Chinese hackers broke into Gmail Inc. said Wednesday. http://www.huffingtonpost.com/huff-wires/20110601/us-tec-google-hacking-attack/ 6/1/2011 Cross-site Request Forgery
Insufficient
(CSRF)Process Validation
Account Takeover Hosting Providers Mountain View, CA http://www.eweek.com/c/a/Security/Adobe-Patches-XSS-ZeroDay-Flaw-in-F
Several dealers have been in touch with Car Dealer with tales of woe after their accounts
2011-140 WHID 2011-140: Scammers targeting dealers‰Ûª Auto Trader accounts and ripping off buyers with the online classified website were compromised. http://www.cardealermagazine.co.uk/publish/scammers-targeting-dealers-auto-trader-accounts-and-ripping-off-buyers/52641 6/2/2011 Unknown Unknown Disinformation Automotive Overland Park, KS
FOX23 distributes top secret information to school districts so they can post school
closings to our website. Tuesday morning, that information fell into the wrong hands, and
for five minutes students in Broken Arrow thought they had a day off school.

This morning at 7:33 Broken Arrow mom Becki Santucci heard a ding in her purse.

‰ÛÏI got a text message saying Broken Arrow schools are closed.‰Û

The sender, ‰ÛÏFOX23. (It was) my email alert about school closings.‰Û

But school was not closed. Someone logged on to FOX23.com and posted the closing
2011-14 WHID 2011-14: Hacker Hits FOX23 School Closings without anyone's permission. http://www.fox23.com/news/local/story/Hacker-Hits-FOX23-School-Closings/nJlTwic8fEqLIhxpEs2Vow.cspx 11-Jan-11 Unknown Unknown Disinformation Media Oklahoma, USA No
The Department of Interior and Local Government's (DILG's) website is still down as of
Wednesday morning, following a hack on Tuesday that led the site to display the logo of a
2011-139 WHID 2011-139: DILG website still down porn site as one of its "news items". http://www.gmanews.tv/story/222221/technology/dilg-website-hacked 6/1/2011 Unknown Improper Output HandlingDefacement Government Makati, PH
The flagship website of China's resurgent New Left movement was brought down by
hackers yesterday, interrupting its ferocious campaign against critics of Chairman Mao
Zedong. Read more: http://www.smh.com.au/technology/security/dark-forces-attack-
2011-138 WHID 2011-138: 'Dark forces' attack Chinese leftist website in resurgent culture war chinese-leftist-website-in-resurgent-culture-war-20110531-1fere.html#ixzz1O3stL6am http://www.smh.com.au/technology/security/dark-forces-attack-chinese-leftist-website-in-resurgent-culture-war-20110531-1fere.html 6/1/2011 Denial of Service Insufficient Anti-automation
Downtime Politics Beijing, China
Hacking group LulzSec broke into the site after it cracked the security on the media
2011-137 WHID 2011-137: Hacked PBS reports Tupac, Biggie alive stalwart website, and obtained access credentials held in databases. http://www.scmagazine.com.au/News/258976,hacked-pbs-reports-tupac-biggie-alive.aspx 5/30/2011 SQL Injection Improper Input Handling Leakage of Information News Arlington, VA
Apple is facing mounting criticism as a possible iTunes hack attack has seen customers'
gift certificate accounts drained.
Several pages on Apple's forums highlight the security flaw, with dozens of users blaming
a Sega app called Kingdom Conquest for removing funds ‰ÛÒ even if they have never
downloaded the game. Various other apps have also been blamed for draining accounts
2011-136 WHID 2011-136: Apple under fire as hacked iTunes complaints swell using a similar technique. http://www.pcpro.co.uk/news/security/367855/apple-under-fire-as-hacked-itunes-complaints-swell 6/7/2011 Unknown Unknown Monetary Loss Technology Cambridge, MA
Honda Canada has informed thousands of its Honda and Acura customers that some of
2011-135 WHID 2011-135: Hackers steal owner data from Honda their personal information was stolen when its systems were hacked. http://www.cbc.ca/news/technology/story/2011/05/27/honda-hackers-data.html 5/27/2011 SQL Injection Improper Input Handling Leakage of Information Automotive Toronto, Canada
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
Codemasters, best known as the publisher of the Operation Flashpoint and Grid games,
acknowledged to GamesIndustry that hackers were able to breach its security on May 20
2011-134 WHID 2011-134: Codemasters Admits Weekend Hack Attack and gain access to user data, which was then posted online. http://www.escapistmagazine.com/news/view/110400-Codemasters-Admits-Weekend-Hack-Attack 5/20/2011 SQL Injection Improper Input Handling Leakage of Information Entertainment United Kingdom
A group of Nigerian hackers who call themselves ‰ÛÏNaija Cyber Hacktivists‰Û broke
into the Niger Delta Development Committee‰Ûªs website, a Nigerian agency set up to
2011-133 WHID 2011-133: Nigerian government agency website hacked by ‰ÛÏCyberhacktivists‰Û develop the region, yesterday. http://thenextweb.com/africa/2011/05/26/nigerian-government-agency-website-hacked-by-cyberhacktivists/ 5/26/2011 Unknown Improper Output HandlingDefacement Government Nigeria
Recently, several Turkish online news portals suffered cyber-attack. The website of
Birgun, a left-wing daily newspaper operated from Istanbul was the first news portal to
2011-132 WHID 2011-132: Turkish Online News Sites Face Cyber-attack suffer cyber-attack. http://www.release-news.com/index.php/technology/112749-turkish-online-news-sites-face-cyber-attack.html 5/25/2011 Denial of Service Insufficient Anti-automation
Downtime News Turkey
On the weekend, it was Sony BMG Greece that was compromised and today, it was Sony
Music Japan. Unfortunately, Sony didn‰Ûªt learn from the BMG Greece issue as the
same exploit, an SQL injection flaw was used to compromise Sony Music Japan. At this
time, there is no indication of any data being compromised or stolen. The folks that were
able to perform this exploit was Lulz Security, a group of hackers whose self proclaimed
2011-131 WHID 2011-131: Hackers Compromise Sony Music Japan mission is to identify and highlight security flaws in networks. http://www.coated.com/hackers-compromise-sony-music-japan/ 5/25/2011 SQL Injection Improper Input Handling Leakage of Information Entertainment Tokyo, Japan
A server belonging to NIIT GIS Limited, an NIIT Technologies subsidiary, was
compromised last week using a SQL injection attack by a hacking group calling itself the
‰Û÷Tigers of Indian Cyber‰Ûª (TIC). TIC posted the disclosure in an open security
forum giving proof of concept, and a complete list of account credentials. It has since
come to light that NIIT GIS‰Ûª server was compromised ‰ÛÓ not the servers at NIIT
2011-130 WHID 2011-130: NIIT Technologies GIS subsidiary‰Ûªs server hacked Technologies. http://searchsecurity.techtarget.in/news/2240036131/NIIT-Technologies-GIS-subsidiarys-server-hacked 5/25/2011 SQL Injection Improper Input Handling Leakage of Information Technology USA
An IBM site for developers was defaced over the weekend, with attackers replacing some
of the web pages on the site with ones containing their own messages, IBM confirmed
2011-13 WHID 2011-13: Hackers deface IBM DeveloperWorks website Monday. http://www.cio.co.uk/news/3256323/hackers-deface-ibm-developerworks-website/ 11-Jan-11 Unknown Unknown Defacement Technology USA No
Hactivist collective launches DDoS attack against the business lobbying group over it‰
Ûªs support for the legislation to fight online infringement that many fear will great expand
2011-129 WHID 2011-129: Anonymous Targets US Chamber of Commerce the govt‰Ûªs ability to filter the Internet. http://www.zeropaid.com/news/93531/anonymous-targets-us-chamber-of-commerce-for-protect-ip-act/ 5/24/2011 Denial of Service Insufficient Anti-automation
Downtime Government Richmond, Canada
Criminals recently spent more than a week siphoning e-mail messages from Hotmail
2011-128 WHID 2011-128: Hackers Steal Hotmail Messages Thanks to Web Flaw users' accounts, thanks to a programming bug in Microsoft's website. http://www.pcworld.com/businesscenter/article/228609/hackers_steal_hotmail_messages_thanks_to_web_flaw.html 5/24/2011 Cross-site Request Forgery
Insufficient
(CSRF)Process Validation
Leakage of Information Hosting Providers Redmond, WA
The problems keep coming for Sony. On Tuesday the company confirmed that someone
had hacked into its website and stolen about 2,000 customer names and e-mail
addresses. Close to 1,000 of the records have already been posted online by a hacker
calling himself Idahc, who says he's a "Lebanese grey-hat hacker." Idahc found a common
Web programming error, called an SQL injection flaw, that allowed him to dig up the
records on the Canadian version of the Official Sony Ericsson eShop, an online store for
2011-127 WHID 2011-127: Sony says hacker stole 2,000 records from Canadian site mobile phones and accessories. http://www.computerworld.com/s/article/9217028/Sony_says_hacker_stole_2_000_records_from_Canadian_site?taxonomyId=140 5/24/2011 SQL Injection Improper Input Handling Leakage of Information Entertainment Canada
Yet another official reseller of SSL certificate authority Comodo has suffered a security
breach that allowed attackers to gain unauthorized access to data. Brazil-based
2011-126 WHID 2011-126: New hack on Comodo reseller exposes private data ComodoBR is at least the fourth Comodo partner to be compromised this year. http://www.theregister.co.uk/2011/05/24/comodo_reseller_hacked/ 5/24/2011 SQL Injection Improper Input Handling Leakage of Information Technology Lansing, MI
TrafficShop.com is currently experiencing a denial-of-service attack, according to the
site‰Ûªs sales manager, Chris 2.0. The perpetrators of the attack are unknown at this
2011-125 WHID 2011-125: TrafficShop.com Experiencing DDoS Attack time but attempts to access the site result in a white screen. http://news.avn.com/articles/TrafficShop-com-Experiencing-DDoS-Attack-436445.html 5/23/2011 Denial of Service Insufficient Anti-automation
Downtime Retail Netherlands
everal Stanford websites were taken offline May 9 after being targeted by hackers looking
to sell cheap software. The affected sites, currently offline and inaccessible, are those for
2011-124 WHID 2011-124: Hackers target student group websites the Stanford Concert Network, the Green Alliance for Innovative Action and the ASSU. http://www.stanforddaily.com/2011/05/23/hackers-target-student-group-websites/ 5/23/2011 Unknown Improper Output HandlingLink Spam Education Stanford, WA
2011-123 WHID 2011-123: Thai Democrat website hacked A website of the Democrat Party, set up to attract young people, was hacked on Sunday ni http://www.bangkokpost.com/news/politics/238438/democrat-website-hacked 5/23/2011 Unknown Improper Output HandlingDefacement Government Bangkok, Thailand
In what seems to be a neverending nightmare it appears that the website of Sony BMG in
Greece has been hacked and information dumped. An anonymous poster has uploaded a
user database to pastebin.com, including the usernames, real names and email addresses
2011-122 WHID 2011-122: Sony BMG Greece the latest hacked Sony site of users registered on SonyMusic.gr. http://nakedsecurity.sophos.com/2011/05/22/sony-bmg-greece-the-latest-hacked-sony-site/ 5/22/2011 SQL Injection Improper Input Handling Leakage of Information Entertainment Greece
The state highway police's website was allegedly hacked by an unknown person, who
changed the accident figures to show a steep decline in the number of deaths for the year
2011-121 WHID 2011-121: State highway police website hacked 2010. http://www.hindustantimes.com/State-highway-police-website-hacked/Article1-700790.aspx 5/23/2011 Unknown Unknown Disinformation Government New Delhi, India
It has been reported that the official website of Nepal Government (http://www.nepalgov.
gov.np/) has been hacked by anonymous group #OpEverest using the Denial of Service
2011-120 WHID 2011-120: Nepal Government‰Ûªs official Website Hacked attack. http://www.groundreport.com/Media_and_Tech/Nepal-Government-s-official-Website-Hacked/2939137 5/22/2011 Denial of Service Insufficient Anti-automation
Downtime Government Nepal
A South Korean web hosting company that allegedly hosted an illegal gambling site is in
trouble with authorities for organising a series of ‰ÛÏcyber attacks‰Û on competing
illegal online casinos in order to grab gambling business from rival gangsters.

Between November 21st and December 15th, 2010, Lee, 32, head of the computer server
company along with Park, 37, a hacker working for an Incheon based crime gang which
2011-12 WHID 2011-12: Cyber Criminals Attack A Hundred Online Casino Sites owned the gambling site, organised distributed denial-of-service attacks (DDoS http://www.onlinepoker.net/poker-news/general-poker-news/cyber-criminals-attack-online-casino-sites/9141 13-Jan-11 Denial of Service Insufficient Anti-automation
Monetary Loss Entertainment South Korea No South Korea
Sony has been hacked, and one of its servers used to host a phishing site, according to
2011-119 WHID 2011-119: Sony site used for phishing Finnish company F-Secure. http://www.zdnet.co.uk/blogs/security-bullet-in-10000166/sony-site-used-for-phishing-10022513/ 5/20/2011 Unknown Improper Output HandlingPhishing Entertainment Tokyo, Japan
So-net Entertainment Corp., an Internet service provider subsidiary of Sony Corp. (6758.
TO, SNE), said an online intruder accessed its customer rewards site earlier this week and
stole customers' redeemable gift points worth about 100,000 yen ($1,225). Read more:
http://www.foxbusiness.com/industries/2011/05/20/online-intruder-broke-sony-internet-
2011-118 WHID 2011-118: Online Intruder Broke Into Sony Internet Subsidiary's User Accounts subsidiarys-user-accounts/#ixzz1O2GNDqzB http://www.foxbusiness.com/industries/2011/05/20/online-intruder-broke-sony-internet-subsidiarys-user-accounts/ 5/20/2011 Brute Force Insufficient Anti-automation
Monetary Loss Entertainment Tokyo, Japan
Colombian hacker collective "Anonymous" hacked the website of the country's Senate
Friday, replacing the page with an alternative website protesting a new law regarding
2011-117 WHID 2011-117: Colombia's Senate website hacked internet copyright. http://colombiareports.com/colombia-news/news/16402-colombias-senate-website-hacked.html 5/20/2011 Unknown Improper Output HandlingDefacement Government Columbia
We described above a new way of the Denial of Serå_vice attack. We do believe this
method of the attack poses an increased risk to all the DNS servers as there are no
proå_tecå_tive counå_terå_meaå_sures availå_able. The seriå_ouså_ness of the
sitå_uå_aå_tion is underå_lined with the fact that this kind of attack was observed on the
2011-116 WHID 2011-116: New attack vector in DDoS observed Interå_net as fully working. http://www.zone-h.org/news/id/4739 5/19/2011 Denial of Service Insufficient Anti-automation
Downtime Multiple USA
The privacy vulnerability, which can affect all Facebook users if a hacker has enough time,
allows for privacy-protected photos to be accessed without being the user's "friend". Read
more: http://www.smh.com.au/technology/security/security-experts-go-to-war-wife-
2011-115 WHID 2011-115: Facebook privacy vulnerability targeted-20110517-1eqsm.html#ixzz1O2AO9MCX http://www.smh.com.au/technology/security/security-experts-go-to-war-wife-targeted-20110517-1eqsm.html 5/17/2011 Predictable Resource Location
Insufficient Authorization Leakage of Information Web 2.0 USA
The attack started on Wednesday 11 May and left the website "struggling to cope with
average hourly traffic 1,000 times greater than normal," according to the union. Curiously,
the attack failed to hit the radar screens of Arbor Networks, the firm that supplies traffic
2011-114 WHID 2011-114: Civil-service union hit by invisible DDoS is back up management and DDoS mitigation tools to the vast majority of the world's biggest telcos http://www.theregister.co.uk/2011/05/18/pcs_ddos_folow_up/ 5/18/2011 Denial of Service Insufficient Anti-automation
Downtime Politics United Kingdom
The French battle against illegal file sharers suffers a setback as its surveillance agency
2011-113 WHID 2011-113: French Anti-piracy Agency Hit By A Simple Hack TMG is hacked http://www.eweekeurope.co.uk/news/french-anti-piracy-agency-hit-by-a-simple-hack-29557 5/18/2011 Predictable Resource Location
Insufficient Authorization Leakage of Information Government France
Sony's PlayStation Network is under fire again, with a new security breach hitting the
beleaguered company. Just days after the network was resurrected following a massive
data breach, there is mounting evidence that hackers have circumvented protections put in
place via a password reset page. According to the Nyleveia gaming website, hackers have
discovered an exploit that allows them to change user passwords using only a PlayStation
Network account email and date of birth - information which could have been harvested
2011-112 WHID 2011-112: Hackers breach Sony's password reset system during the recent attack. http://www.pcauthority.com.au/News/257912,hackers-breach-sonys-password-reset-system.aspx 5/19/2011 Stolen Credentials Insufficient Password Recovery
Account Takeover Entertainment Japan
An unidentified hacker has broken into the computer system of a small South Korean
brokerage house to steal the firm's customer data, the financial regulator said Thursday,
adding concerns over financial firms' computer security maintenance. The Financial
Supervisory Service (FSS) said the hacker infiltrated the computer server of Leading
Investment & Securities Co. and stole 12,000 customers' personal data last week. The
stolen data includes their names, social security numbers, addresses and phone numbers,
2011-111 WHID 2011-111: Hacker steals customer data from small brokerage it said. http://english.yonhapnews.co.kr/business/2011/05/19/85/0503000000AEN20110519004500320F.HTML 5/19/2011 SQL Injection Improper Input Handling Leakage of Information Finance Seoul, South Korea
Facebook has recently launched new security features to block spam, but merely after its
2011-110 WHID 2011-110: Facebook Fails to Stop Spammers... Again inception, tons of new ones have emerged, bypassing these security implementations. http://tech2.in.com/news/social-networking/facebook-spammers-bypassing-new-security-features/219322 5/17/2011 Clickjacking Application Misconfiguration
Link Spam Web 2.0
A software security issue with a popular US-based web hosting provider is reportedly
allowing hackers to secretly add dozens of web pages to military, educational, financial
2011-11 WHID 2011-11: Educational, government and military sites hit by hackers and government sites in a bid to promote so-called pharma retailing sites. http://www.infosecurity-magazine.com/view/15209/educational-government-and-military-sites-hit-by-hackers/ 17-Jan-11 Known Vulnerability Application Misconfiguration
Link Spam Hosting Providers Utah No cPanel
The prominent Public and Commercial and Services union (PCS) is struggling to get its
website back online after being hit by a huge DDoS attack nearly a week ago. Government
aside, sustained attacks against websites with a political theme are extremely rare in UK,
and what has befallen the PCS ‰ÛÒ whose members include large numbers of public
sector and government workers - could rank as the first time the country has seen a large-
scale ideological attack of this kind. Starting on 11 May, the union‰Ûªs website was hit by
traffic 1,000 times its normal level, taking the site down. As of 16 May, the site is still
unavailable beyond a static homepage that announces the problem, with a fix unlikely for
2011-109 WHID 2011-109: PCS Union website downed by ideological DDoS at least a day or two. http://www.computerworlduk.com/news/public-sector/3280224/pcs-union-website-downed-by-ideological-ddos/ 5/17/2011 Denial of Service Insufficient Anti-automation
Downtime Politics United Kingdom
According to the Met, using the alias 'Colonel Root', Woodham hacked into web hosting
company ‰Û÷Punkyhosting' in April 2009. It detected the attack and made attempts to
prevent it. In response, Woodham repeatedly attacked the company over a number of
weeks, causing it to cease trading. He then sent a taunting email gloating about his
2011-108 WHID 2011-108: Teenagers prosecuted for hacking and bringing down web hosting company actions. http://www.scmagazineuk.com/teenagers-prosecuted-for-hacking-and-bringing-down-web-hosting-company/article/202997/ 4/1/2009 Unknown Unknown Downtime Hosting Providers
Hackers inserted malicious code on the first article on the Geek.com homepage, among
others, the researchers say. "As this is first article is highlighted --and 'Call of Duty' is a
very popular game -- one can assume that many people have fallen victim to this attack,"
the blog says. The article was published on May 13th. and the malicious Iframe is injected
2011-107 WHID 2011-107: Geek.com Site Hacked Via Exploit Kit at the bottom of the page, the researchers say. http://www.darkreading.com/security/attacks-breaches/229500721/geek-com-site-hacked-via-exploit-kit.html 5/17/2011 Unknown Improper Output HandlingPlanting of Malware Technology USA
Hackers have broken into two websites belonging to Japanese video games maker
Square Enix. The company confirmed that the e-mail addresses of up to 25,000 customers
2011-106 WHID 2011-106: Final Fantasy maker Square Enix hacked who had registered for product updates may have been stolen as a result. http://www.bbc.co.uk/news/technology-13394968 5/13/2011 SQL Injection Improper Input Handling Leakage of Information Entertainment
A group of hackers has gained access to a database of fox.com email accounts and last
night took over the Twitter accounts of two Fox-affiliates: WFQX in Michigan‰Ûªs Upper
Peninsulas and KADN in Lafayette, LA. Calling itself Lulz Security, the group posted
defamatory tweets under the accounts of WFQX and KADN and, using its own Twitter
account (@LulzSec), has today been teasing future attacks. ‰ÛÏLots of Facebook
2011-105 WHID 2011-105: Hackers Take Over Twitter Accounts of Fox-Affiliates logins,‰Û the group tweeted this morning. http://www.mediabistro.com/tvspy/hackers-take-over-twitter-accounts-of-fox-affiliates_b9977 5/10/2011 Stolen Credentials Insufficient AuthenticationAccount Takeover Web 2.0 USA
Software scammers offering cheap Adobe software have hacked into numerous web
pages of NASA, just days before its final launch of the shuttle Endeavor, and Stanford
2011-104 WHID 2011-104: NASA website hacked University. http://articles.timesofindia.indiatimes.com/2011-05-11/internet/29531808_1_nasa-website-shuttle 5/11/2011 Unknown Improper Output HandlingLink Spam Government USA
bianet.org became the target of a heavy cyber attack that started at 3.30 pm on Tuesday
(18 May). Broadcasting was resumed at 11.20 pm after the attack has been continuing
non-stop. This cyber attack was not related to a hacking attempt. Access to the bianet.org
site was prevented due to a Distributed Denial-of-Service (DDoS) caused by a very large
number of computers that were connected to the server at the same time. Our information
suggests that this was an organized attack and that tens of thousands of computers were
2011-103 WHID 2011-103: bianet. org Hit by Massive Cyber Attack controlled for the attack via Trojans. http://www.bianet.org/english/freedom-of-expression/130062-bianet-org-hit-by-massive-cyber-attack 5/18/2011 Denial of Service Insufficient Anti-automation
Downtime News Istanbul, Turkey
A group that has issued calls for pro-democracy protests in China said its Google-hosted
2011-102 WHID 2011-102: Group says its website calling for democracy protests in China was hacked site was hacked Thursday, amid a far-reaching government crackdown on activists. http://www.washingtonpost.com/world/group-says-its-website-calling-for-democracy-protests-in-china-was-hacked/2011/05/12/AFBAEtxG_story.html 5/12/2011 Unknown Unknown Data Loss Hosting Providers Beijing, China
Hackers have broken into a Fox.com extranet site, designed as a repository of research
statistics, programming details and ratings for clients and affiliates, and stolen the emails
2011-101 WHID 2011-101: Fox.com hacked and passwords for hundreds of Fox Broadcasting employees. http://www.politico.com/blogs/onmedia/0511/Foxcom_hacked.html 4/29/2011 Unknown Unknown Leakage of Information News USA
Updated Finnish police closed on investigation on Tuesday after arresting 17 people
suspected of involvement in a banking Trojan scam used to siphon off hundreds of
2011-100 WHID 2011-100: Banking Trojan gang busted by Finnish police thousands of euros held in accounts with Nordea Bank. http://www.theregister.co.uk/2011/05/10/finnish_banking_trojan_investigation/ 5/10/2011 Banking Trojan Insufficient AuthenticationMonetary Loss Finance Sweden 1.2 million Euros
Seacoast Radiology in Rochester, New Hampshire, announced last week it had informed
over 231,000 patients that their details were accessed after their server was hacked back
in November.

Although the names, dates of birth, addresses, Social Security numbers and medical
procedure codes could have been accessed by the hackers, Don Wood, Seacoast
Radiology‰Ûªs business manager, has said that there has been no report of identity theft
2011-10 WHID 2011-10: US Hospital Server Hacked by ‰Û÷Call of Duty: Black Op‰Ûªs‰Ûª Fans as a result of the hack. http://www.dedicatedserverdir.com/news/ShowItem.aspx?ID=74516 17-Jan-11 Unknown Unknown Leakage of Information Health Rochester, New Hampshire
No
Online activists have attacked and at least momentarily disabled several Tunisian
government websites in the latest act of protest against the country's embattled
leadership.

As of Monday afternoon, local time, at least eight websites had been affected, including
those for the president, prime minister, ministry of industry, ministry of foreign affairs, and
the stock exchange.

The attack, which began on Sunday night, coincided with a national strike, planned to take
place on Monday, that organisers said would be the biggest popular event of its size since
Zine El Abidine Ben Ali assumed the presidency.

The strike comes on the day that school students return from their holiday.

Ben Ali's administration has tightly restricted the flow of information out of Tunisia since
widespread protests began on December 17, following 26-year-old Mohamed Bouazizi's
suicide attempt. But reports of civil disobedience and police action filtered out on Twitter
on Monday, with some users reporting the use of tear gas by security forces.

The loosely organised hacker group Anonymous claimed responsibility for the cyber
attack, which it called "Operation Tunisia", an apparent arm of the group's broader effort -
termed "Operation Payback" - aimed at taking retribution against governments and
businesses viewed as hostile to the similarly amorphous document-leaking group
2011-1 WHID 2011-1: Hackers hit Tunisian websites WikiLeaks. http://english.aljazeera.net/news/africa/2011/01/201113111059792596.html 1/2/2011 Denial of Service Insufficient Anti-automation
Downtime Government Tunisia Yes Operation Tunisia 8
Up to 125million people worldwide have accounts set up on the site.
But computer security experts say hackers are easily hijacking accounts by pretending
they are a customer who has forgotten their password.
As with many websites, iTunes tells users to select a socalled 'security question' from a list
of options when they first set up their account.
These are fairly basic and include 'what is your mother's maiden name?' and 'where did
you spend your honeymoon?'.
Customers who have forgotten their passwords are prompted with the question they first
selected when they set up their profile - as long as they give the correct answer, they can
access the account.
Security analysts claim this is leaving the website wide open to fraud.
Hackers simply pretend they are a customer who has forgotten their password and can
easily work out the answer to the personal question using information that users have
2010-99 WHID 2010-99: Got an iTunes account? That's music to a cyber fraudster's ears posted on social-networking websites such as Facebook and Twitter. http://www.dailymail.co.uk/news/article-1280354/Got-iTunes-account-Thats-music-cyber-fraudsters-ears.html 22-May-10 Brute Force Insufficient Password Recovery
Session Hijacking Web 2.0 USA No
A former college student has been charged with using the school's computer network to
control a botnet and launch distributed denial-of-service (DDoS) attacks against
2010-98 WHID 2010-98: Man charged with attacking O'Reilly, Coulter websites conservative websites belonging to Bill O'Reilly, Ann Coulter and Rudy Giuliani. http://www.scmagazineus.com/man-charged-with-attacking-oreilly-coulter-websites/article/170524/ 19-May-10 Denial of Service Insufficient Anti-automation
Downtime Media USA No USA
Microsoft this week filed two lawsuits in federal court in Seattle against alleged
perpetrators of a new, technologically advanced form of online advertising click fraud
being dubbed "click laundering."

According to Microsoft, click fraud is an online advertising scam that occurs when a person
or computer program imitates a legitimate user and clicks on an online ad for the purpose
of generating a fraudulent ‰ÛÏcharge-per-click,‰Û without having any interest in the ad.

Click laundering, meanwhile, is a more advanced form of click fraud designed to outwit
2010-97 WHID 2010-97: Microsoft files two lawsuits for "click laundering" fraud detection systems by hiding the origin of fake clicks. http://www.scmagazineus.com/microsoft-files-two-lawsuits-for-click-laundering/article/170621/ 20-May-10 Cross-site Request Forgery
Abuse(CSRF)
of Functionality Fraud Technology USA No
Facebook engineers are finishing a patch for a critical vulnerability that exposed user
birthdays and other sensitive data even when they were designated as private, a security
researcher said Wednesday.

At time of writing, much of the CSRF (cross-site request forgery) bug appeared to have
been patched, Keith said. However, as noted earlier by IDG News, attackers still could
exploit the flaw to control a user's "like" functions, which are used to endorse ads and
other types of content.

The flaw involved a piece of code Facebook engineers dubbed "post_form_id," which is
used to ensure that commands can be issued only by browsers that have previously
logged into the website. Keith discovered a simple way to bypass the security token: by
2010-96 WHID 2010-96: Facebook scrambles to close CSRF hole exposing private data omitting it altogether, Facebook servers no longer attempted to validate browsers. http://www.theregister.co.uk/2010/05/19/facebook_private_data_leak/ 19-May-10 Cross-site Request Forgery
Insufficient
(CSRF)Process Validation
Leakage of Information Web 2.0 USA No Facebook http://www.itworld.com/security/108279/facebook-fixing-embarrassing-privac
Carders.cc, a German online forum dedicated to helping criminals trade and sell financial
data stolen through hacking, has itself been hacked. The once-guarded contents of its
servers are now being traded on public file-sharing networks, leading to the exposure of
potentially identifying information on the forum‰Ûªs users as well as countless passwords
2010-95 WHID 2010-95: Fraud Bazaar Carders.cc Hacked and credit card accounts swiped from unsuspecting victims. http://krebsonsecurity.com/2010/05/fraud-bazaar-carders-cc-hacked/ 18-May-10 Misconfiguration Improper Filesystem Permissions
Leakage of Information Hacking Germany No
Dutch hacker Darkc0ke hijacked a radio station database containing 22,000 e-mail
addresses and threatened to publish them unless the station play Rick Astley's "Never
Gonna Give You Up," a variation of an Internet meme known as "rickrolling."

"It was a joke," Darkc0ke said via e-mail. "They didn't play the song. Why can't they do
someone a favor, just for once?" Darkc0ke said he cracked the database using a basic
SQL injection to exploit a security vulnerability. The hacker is known for breaking into
databases. Last year, he stole a database containing 46,000 e-mail addresses from the
2010-94 WHID 2010-94: Hacker steals 22,000 e-mail address, demands Astley tune Dutch magazine Autoweek. http://news.idg.no/cw/art.cfm?id=B143BFED-1A64-6A71-CE6E57CCCFC37786 19-May-10 SQL Injection Improper Input Handling Leakage of Information Media Netherlands No
A huge attack by a rogue Facebook application last weekend infected users' PCs with
popup-spewing adware, a security researcher said Monday.

On Saturday, AVG Technologies received more than 300,000 reports of the malicious
Facebook app, said Roger Thompson, AVG's chief research officer. AVG came up with its
tally by counting the number of reports from its LinkScanner software, a free browser add-
on that detects potentially poisoned pages.

"It was stunning, really, the number," said Thompson in an interview via instant message
late Monday. "And stunning that it was not viral or wormy [but that] Facebook did it all by
itself."

The volume of reports on Saturday's rogue Facebook software was highest during the
nine-hour period between midnight and 9 a.m. Eastern, with spikes of approximately
40,000 per hour coming at 7 a.m. and noon. For the day, AVG received more than
300,000 reports, triple that of AVG's second-most-reported piece of spyware.

According to Thompson, Facebook eradicated the rogue application about 15 hours after
the attack started. Facebook's only acknowledgment of the attack came on its security
page, where a "Tip of the Week" Monday morning read: "Don't click on suspicious-looking
2010-93 WHID 2010-93: Huge 'sexiest video ever' attack hits Facebook links, even if they've been sent or posted by friends." http://www.computerworld.com/s/article/9176905/Huge_sexiest_video_ever_attack_hits_Facebook 18-May-10 Rogue 3rd Party App Insufficient Process Validation
Planting of Malware Web 2.0 USA No Facebook
An attacker has discovered a serious flaw in a website set up to encourage the use of
smart cards for public transportation in the Netherlands, resulting in the leakage of
personal information of more than 168,000 travelers.

The website offered a coupon for a free trip using the OV smart card system and was set
up to promote the new system which is being slowly rolled out throughout the region.
According to Webwerld, a tech publication based in the Netherlands, the names,
addresses and telephone numbers of individuals who signed up were publicly available as
a result of the flaw.

Information about the flaw was exposed by an anonymous hacker who gave the magazine
a video demonstrating the error using a SQL injection attack. The hacker told the
magazine that he made the flaw publicly available because there is no excuse for simple
2010-92 WHID 2010-92: SQL Injection attack used in breach of 168,000 Netherlands travelers website mistakes. The website has since been taken offline. http://itknowledgeexchange.techtarget.com/security-bytes/sql-injection-attack-used-in-breach-of-168000-netherlands-travelers/ 18-May-10 SQL Injection Improper Input Handling Leakage of Information Government Netherlands No
Twitter users had a big shock on Monday when they checked into the micro-blogging
service. Their follower and following numbers were at 0, meaning they were suddenly very
unpopular or something was seriously wrong with the site.

It was the latter, of course. To kill a bug that allowed a user to force other users to follow
him or her, Twitter temporarily reset all follower/following counts to zero, according to the
2010-91 WHID 2010-91: Twitter software bug forces followers Twitter Status blog. Everything was back to normal by 11 a.m. Pacific. http://www.pcworld.com/article/195962/ 10-May-10 Misconfiguration Insufficient Process Validation
Disinformation Web 2.0 USA No Twitter
A Facebook message sent out on Saturday from the account of company board member
Jim Breyer to over 2,300 "friends" turns out to have been too good to be true.

The message, an invitation to an event at which attendees would be given a "Facebook

phone number," was a phishing attack, designed to capture information from recipients.

The incident underscores the risk of supplying Facebook with data that might be better
kept private.

Facebook's appeal to cybercriminals arises from the high level of trust that users extend to
Facebook messages, which are generally presumed to come from friends.

Compromising someone's Facebook account also provides immediate access to a pool of

2010-90 WHID 2010-90: Facebook Board Member's Account Compromised new potential victims: the friends of the person whose account has been hacked. http://www.informationweek.com/news/software/showArticle.jhtml?articleID=224701441 10-May-10 Unknown Insufficient AuthenticationPhishing Web 2.0 USA No Facebook
Details of a political website, the Pakistani National Response Center for Cyber Crimes,
part of the Federal Investigation Authority, being hacked has been reported when a
2010-9 WHID 2010-9: Pakistani cyber crime website hit by hacker who is able to access database sensitive site was hit by a hacker who managed to gain access to the email database. http://www.scmagazineuk.com/pakistani-cyber-crime-website-hit-by-hacker-who-is-able-to-access-database/article/160969/ 11-Jan-10 SQL Injection Improper Input Handling Defacement Government Pakistan No
Early this morning, we received reports that WordPress blogs were hacked on Linux
shared-hosting at DreamHost, as well as other hosting companies. This is dangerous
scareware which tries to install a virus on your visitor's computer.

WordPress, Zencart and other php-based platforms were hit. Our earliest hacked site
report is of 5/6/2010 @ 9:17am.

This malware was just detected and is not showing up on website malware scanners yet.
We have notified sucuri.net of this latest infection so that they can immediately update
2010-89 WHID 2010-89: Breaking News: WordPress Hacked with Zettapetta on DreamHost their malware detections systems. http://www.wpsecuritylock.com/breaking-news-wordpress-hacked-with-zettapetta-on-dreamhost/ 6-May-10 Unknown Improper Output HandlingPlanting of Malware Service Providers USA No
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
Websenseå¨ Security Labs‰ã¢ ThreatSeeker‰ã¢ Network has discovered that the
popular Web site, phpnuke.org, has been compromised.

PHP-Nuke is a popular Web content management system (CMS), based on PHP and a
database such as MySQL, PostgreSQL, Sybase, or Adabas. Earlier versions were open
source and free software protected by GNU Public License, but since then it has become
commercial software. As it is still very popular in the Internet community, it is not surprising
that it has become a target of blackhat attacks.

The injected iframe hijacks the browser to a malicious site, where through several steps of
2010-88 WHID 2010-88: phpnuke.org has been compromised iframe redirections the user finally ends up on a highly obfuscated malicious page. http://community.websense.com/blogs/securitylabs/archive/2010/05/07/phpnuke-org-has-been-compromised.aspx 7-May-10 Unknown Improper Output HandlingPlanting of Malware Technology USA No PHPNuke
A young mother who had accused her ex-boyfriend of rape hacked into his Facebook site
to post a threat to herself to bolster her fakery.

Zoe Williams was described as "really wicked" by the judge, who jailed her for four
months.

A court heard she tried to set up her ex-boyfriend partner after accused him of raping her
2010-87 WHID 2010-87: Facebook hacker jailed after falsely accusing boyfriend of rape several times after the end of their five-year relationship in 2007. http://www.telegraph.co.uk/technology/facebook/7685381/Facebook-hacker-jailed-after-falsely-accusing-boyfriend-of-rape.html 6-May-10 Brute Force Insufficient AuthenticationDisinformation Web 2.0 USA No USA Facebook
A section of the Web site for China's state-run Xinhua news agency was found to be
distributing malware last month, according to a Google malware scanning service that is
still labeling the site as potentially harmful.

The "news center" section of the Xinhua's Web site, which displays a feed of the agency's
stories, was found to have one scripting exploit and one Trojan on it during a scan,
according to a Google Safe Browsing diagnostic page. No suspicious content was found
on the site during a scan about ten days later, but the section of Xinhua's Web site is still
2010-86 WHID 2010-86: China State News Agency Web Site Hit With Malware being labeled potentially harmful in Google search results. http://news.yahoo.com/s/pcworld/20100506/tc_pcworld/chinastatenewsagencywebsitehitwithmalware 6-May-10 Unknown Improper Output HandlingPlanting of Malware Government China No
Facebook has again come under fire for not doing enough to protect personal information
after a security flaw allowed users to eavesdrop on private chat sessions.

The flaw also allowed Facebook members to view other people's pending friend requests.

The social networking site, which has more than 400 million active users, was forced to
suspend the live chat function until engineers were able to fix the problem.

The flaw was in the Facebook feature that allows users to view their own privacy settings
and could be easily exploited to view others' private information, according to TechCrunch
2010-85 WHID 2010-85: Facebook flaw exposes live chats blogger Steve O'Hear, who alerted the social networking site. http://www.infosecurity-magazine.com/view/9245/facebook-flaw-exposes-live-chats/ 6-May-10 Predictable Resource Location
Insufficient Authorization Leakage of Information Web 2.0 USA No Facebook
Cross-site scripting , html injection and redirect on bugs.php.net and phpbuilder.com

Screenshots and proof of concept

Redirect from php site to google POC and XSS

Sample xss alert on phpbuilder.com

2010-84 WHID 2010-84: PHP Website XSS Defacement And now what about http://doc.php.net/phd/ar/phd/ ? http://security-sh3ll.blogspot.com/2010/05/php-website-xss-defacement.html 2-May-10 Cross-site Scripting (XSS)
Improper Output HandlingDefacement Technology USA No
High-profile technology blog TechCrunch has been taken offline by hackers.

A message on the site said that it had been "compromised by a security exploit" but did
not specify any further details.

"We're working to identify the exploit and will bring the site back online shortly," the
message read.

The site went down at around 0620 GMT and was replaced by various messages
2010-83 WHID 2010-83: High-profile tech blog is hacked including a link to a site directing people towards adult material. http://news.bbc.co.uk/2/hi/technology/8480306.stm 26-Jan-10 Unknown Improper Output HandlingDefacement Media No
A hacker has busted the security of eight Victorian Government websites in a string of
minor attacks on Sunday.

Purportedly hailing from an Indonesian hacking group, the hacker made unobtrusive
defacements by inserting a text document into the homepages of six local council sites
2010-82 WHID 2010-82: Victorian councils, libraries taught security in hack and two libraries. http://www.networkworld.com/news/2010/050310-victorian-councils-libraries-taught-security.html 3-May-10 Unknown Improper Output HandlingDefacement Government Australia No Indonesia
Network Solutions' security team is battling a mysterious attack that has silently infected a
"huge" number of the websites it hosts with malicious code.

The mass compromise affects sites running WordPress, Joomla, and plain-vanilla HTML,
according to reports here and here from Securi Security and Stop Malvertising. Many of
the infected sites include encoded javascript that secretly attempts to install malware on
2010-81 WHID 2010-81: Network Solutions customers hit by mass hack attack visitors' computers. http://www.theregister.co.uk/2010/04/19/network_solutions_mass_hack/ 19-Apr-10 Unknown Improper Output HandlingPlanting of Malware Service Providers USA No WordPress http://blog.sucuri.net/2010/04/network-solutions-hacked-again.html
Updated Websites operated by the US Treasury Department are redirecting visitors to
websites that attempt to install malware on their PCs, a security researcher warned on
Monday.

The infection buries an invisible iframe in bep.treas.gov, moneyfactory.gov, and bep.gov

that invokes malicious scripts from grepad.com, Roger Thompson, chief research officer of
AVG Technologies, told The Register. The code was discovered late Sunday night and
2010-80 WHID 2010-80: Hacked US Treasury websites serve visitors malware was active at time of writing, about 12 hours later. http://www.theregister.co.uk/2010/05/03/treasury_websites_attack/ 3-May-10 Unknown Improper Output HandlingPlanting of Malware Government USA No
A report on BBC News said that visitors to Spain's EU presidency website were greeted by
an image of comedy character Mr Bean instead of the Spanish Prime Minister Jose Luis
Rodriguez Zapatero. The government said that the site - www.eu2010.es - had not been
attacked and that a hacker had taken a screenshot of the homepage to make a photo
montage using a cross-site scripting (XSS) vulnerability. Visitors found an image of Mr
2010-8 WHID 2010-8: Cross-site scripting vulnerabilities see two political websites hacked Bean complete with a benign smile and the words ‰Û÷Hi there'. http://www.scmagazineuk.com/cross-site-scripting-vulnerabilities-see-two-political-websites-hacked/article/160597/ 5-Jan-10 Cross-site Scripting (XSS)
Improper Output HandlingDefacement Government Spain No
On April 30, a group of hackers, who sign as "Romanian National Security" attacked three
of the most important media sites in Italy: La Stampa, Corriere della Sera and RAI. The
Romanian hackers left a message inviting Italian journalists to avoid confusions between
Romanians and gypsies.

The same group attacked in the last month the sites of the Daily Telegraph and Le Monde.
However, unlike the British and French media, the Italian mass media did not mention the
attack. Our HotNews.ro corresponded to Italy interviewed Italin Matteo Cavallini,
responsible for IT security in the Commerce Ministry. He was one of the first Italians to
2010-79 WHID 2010-79: Italian expert: the attack of Romanian hackers against La Stampa and Corriere newspapers was the most
raise the awareness aboutrelevant in the
the attack lastRomanians
of the eight yearshackers. http://english.hotnews.ro/stiri-regional_europe-7212366-italian-expert-the-attack-romanian-hackers-against-stampa-and-corriere-newspapers-was-the-most-relevant-the-last-eight-years.htm
30-Apr-10 Unknown Improper Output HandlingDefacement Media Italy No Romania
The Butler County Sheriff will investigate an alleged hacking incident that brought down
election computers in that county last night, and slowed the reporting of votes.

The Board of Election tells our partners at the Journal News that the problem affected the
reporting of vote totals, not the counting of votes itself.

The BOE says three services crashed during the incident and two unidentified sites were
2010-78 WHID 2010-78: Butler County Election Website Hacked deliberately diverting traffic from the website. The BOE believes the attack was deliberate. http://www.local12.com/news/local/story/Butler-County-Election-Website-Hacked/zsQw7iXCgkuoDeMvyY3dGA.cspx 5-May-10 Unknown Improper Output HandlingDowntime Government USA No
The New York City-based spokesman for Kwame Kilpatrick complained this afternoon that
www.friendsofkwame.com is not working properly, and he suspects hackers.

Mike Paul said he is investigating the matter seriously and will pursue prosecution if the
site he is promoting on Kwame Kilpatrick‰Ûªs behalf indeed has been tampered with by
2010-77 WHID 2010-77: Kilpatrick's site down, spokesman suspects hackers outsiders. http://www.freep.com/article/20100505/NEWS01/100505073/1322/Kilpatricks-site-down-spokesman-suspects-hackers 5-May-10 Unknown Unknown Downtime Government USA No
Local elections officials say their website was hacked as they tried to communicate the
results of the Tuesday, May 4, primary election ‰ÛÓ crashing the site several times and
delaying the announcement of vote tallies.

‰ÛÏWe have crashed three servers, and in examining those servers, there are two
unidentified sites that are deliberately diverting traffic,‰Û said Butler County Board of
Elections Director Betty McGary as her frenzied staff struggled to post election results.

‰ÛÏOur servers are under attack, we feel,‰Û McGary said, stressing that the problem
2010-76 WHID 2010-76: Website hacked, election officials say pertained only to transmitting totals to the public, not accurately counting the votes. http://www.middletownjournal.com/news/election/website-hacked-election-officials-say-687529.html 5-May-10 Denial of Service Insufficient Anti-automation
Downtime Government USA No
A RUSSIAN-born hacker is attempting to sell Facebook IDs for as little as $25 per 100
usernames, social-media blog Mashable reports, citing researchers at VeriSign's
iDefense.

The hacker, who calls himself Kirllos, has obtained 1.5 million Facebook IDs, or one for
2010-75 WHID 2010-75: Russian-born hacker selling 1.5m Facebook usernames every 300 people who use the social networking website. http://www.news.com.au/technology/russian-born-hacker-selling-15m-facebook-usernames/story-e6frfro0-1225857706897 24-Apr-10 Stolen Credentials Unknown Session Hijacking Web 2.0 USA No Facebook
London(ZimEye) Another Zimbabwe news website, the ZimDiaspora has been hacked by
online criminals. As at Saturday, the website was no longer functioning and one of the
editors speaking to ZimEye Saturday said that neither he nor the Hosting company were
able to restore the site at the moment.

Despite the hosting company‰Ûªs apparent desperation Saturday, ZimEye was able to
trace the notorious hackers to a location in the Indonesian town of Bandug. The hackers
specialise in hacking websites made by the Joomlah software on which the Zimdiaspora is
2010-74 WHID 2010-74: Another Zimbabwe news website attacked by hackers built. They have also declared it openly that this is their field of speciality. http://www.zimeye.org/?p=16521 24-Apr-10 Unknown Unknown Downtime Media Zimbabwe No Indonesia Joomla
As if the record industry hasn't tasted enough bitter irony lately, a bunch of album leaks
over the weekend apparently came from a service used by music labels to share files with
radio stations, media, and other trusted insiders.

According to a post on AbsolutePunk, somebody signed up for an account with Play MPE
under false pretenses, claiming to be an Australian music critic. Then this person--
apparently a teenage boy--figured out how to access music he wasn't entitled to, including
upcoming releases by The Black Keys, Macy Gray, Hole, The Gaslight Anthem, and many
other artists.

The AbsolutePunk story referred to this kid as a hacker, but looking at his self-described
exploits, that term might be a little too strong. It's not as if he did any sophisticated DRM
cracking. Rather, he noticed that that the URL in the Web-based download file had the
characters "songid=" followed by a bunch of numbers. By changing the numbers, he was
2010-73 WHID 2010-73: Report: Music insider site source of leaked songs apparently able to to get other song downloads that he wasn't supposed to see. http://news.cnet.com/8301-13526_3-20003331-27.html 23-Apr-10 Predictable Resource Location
Insufficient Authorization Monetary Loss Entertainment USA No
Yesterday was a big day for social-oversharing site Blippy, which lets members
automatically post their purchases to the Internet. The company announced $11.2 million
in funding and was profiled in The New York Times.

Overnight, at least one Internet power user figured out a way to search for Blippy
members‰Ûª credit card numbers on Google. A fairly obvious search for ‰ÛÏfrom card‰
2010-72 WHID 2010-72: Blippy users‰Ûª credit card numbers found on Google Û this morning returned 127 results that included full credit card numbers. http://venturebeat.com/2010/04/23/blippy-credit-card-citibank/ 23-Apr-10 Unintentional Information
Insecure
Disclosure
Indexing Leakage of Information Web 2.0 No
A fire alarm company in Arkansas lost more than $110,000 this month when hackers stole
2010-71 WHID 2010-71: Fire Alarm Company Burned by e-Banking Fraud the firm‰Ûªs online banking credentials and drained its payroll account. http://krebsonsecurity.com/2010/04/fire-alarm-company-burned-by-e-banking-fraud/ 7-Apr-10 Banking Trojan Insufficient AuthenticationMonetary Loss Finance USA No $110,000.00
Turkish hackers have attacked several Armenian websites ahead of annual
commemorative remembrances of the Armenian Genocide.

On April 12th, more than 250 sites were impacted when cyber terrorists attacked a server
hosting sites including www.ArmeniaChat.com, www.ArmeniaSearch.com according to the
owner of the sites (who wishes to remain anonymous), ANCA Communications Director
Elizabeth Chouljian told PanARMENIAN.Net

The attackers also took down www.armenian.com, which is the website for Armenian
Directory Yellow pages. Attackers attempted to hack into a second server which hosts
www.ArmGate.com but were unsuccessful. All the websites attacked were offline for a
2010-70 WHID 2010-70: Armenian websites attacked Turkish hackers period of two days due to the damage caused by the attack. http://www.panarmenian.net/eng/it_telecom/news/47183/ 12-Apr-10 Brute Force Insufficient Anti-automation
Downtime Government Armenia No Turkey
A hacker attack at payroll processing firm Ceridian Corp. of Bloomington has potentially
revealed the names, Social Security numbers, and, in some cases, the birth dates and
bank accounts of 27,000 employees working at 1,900 companies nationwide. The attack
2010-7 WHID 2010-7: Hacker attacks Ceridian; data from 27,000 at risk was against the Powerpay payroll system. http://www.startribune.com/business/83505102.html?elr=KArksUUUU 20-Jan-10 SQL Injection Improper Input Handling Leakage of Information Finance Minnesota, USA No 27,000
One of Walmart official web sites, www.walmartcommunity.com (for their Community
Action Network) has SPAM links. The attackers probably injected the spam in one of their
2010-69 WHID 2010-69: Walmart web site hacked and hosting spam templates files. After a bit of search, we found all of them inside the footer.php http://blog.sucuri.net/2010/04/walmart-web-site-hacked-and-hosting.html 15-Apr-10 Unknown Unknown Link Spam Retail USA No WordPress
Part of the Daily Telegraph's website has been hacked, apparently by people in Romania
who were aggrieved at its identification of "gypsies" and "Romanians".

Its "Short Breaks" and Wine And Dine sections were both hacked, with the Short Breaks
site still up at 12.55pm today, with a picture of a Romanian flag claiming to be for the
"Romanian National Security", some comments in Romanian and the remark in English at
the bottom that "Guess what, gypsies aren't romanians, morons." It also links to a Russian
site which plays an MP3 called The Lonely Shepherd.

Sunbelt Software, which first noticed the hack, said that it had alerted the Telegraph when
it noticed the hack.

2010-68 WHID 2010-68: Daily Telegraph website hacked The method used to hack into the site is not known. http://www.guardian.co.uk/media/2010/apr/15/daily-telegraph-hacking 15-Apr-10 Unknown Unknown Defacement Media United Kingdom No Romania
On April 5th, the attackers via a compromised Slicehost server opened a new issue,
INFRA-2591. This issue contained the following text:

ive got this error while browsing some projects in jira http://tinyurl.com/XXXXXXXXX
[obscured]

Tinyurl is a URL redirection and shortening tool. This specific URL redirected back to the
Apache instance of JIRA, at a special URL containing a Cross-site Scripting (XSS) attack.
The attack was crafted to steal the session cookie from the user logged-in to JIRA. When
this issue was opened against the Infrastructure team, several of our administators clicked
2010-67 WHID 2010-67: Apache.org hit by targeted XSS attack, passwords compromised on the link. This compromised their sessions, including their JIRA administrator rights. http://blogs.zdnet.com/security/?p=6123&tag=nl.e539 9-Apr-10 Brute Force Improper Output HandlingSession Hijacking Technology USA No
The 9.6 million players of the Facebook game FarmTown are being warned about fake
security warnings popping up that are designed to mislead people into paying for antivirus
protection they don't need.

"We are aware and have reported to the developers that many of our players have
encountered the malware/spyware while on the FarmTown Site," the moderator of a user
forum for FarmTown maker SlashKey warned over the weekend. "We believe at this time
that it is harmless to your computer and a result of one or more of the ads on the site, but
you should NOT follow any links to any software claiming to 'clean your system.'"

Sophos' Graham Cluley said it appeared that third-party advertising displayed underneath
the FarmTown playing window is to blame.

"In all likelihood, hackers have managed to poison some of the adverts that are being
2010-66 WHID 2010-66: Ads to blame for malware in Facebook's FarmTown? served to FarmTown by the outside advert provider," Cluley wrote on his blog. http://news.cnet.com/8301-27080_3-20002267-245.html 12-Apr-10 Malvertising Improper Output HandlingPlanting of Malware Web 2.0 USA No Facebook
A deliberate brute force attack, a criminal act, knocked NewsBusters offline since late
Friday morning. More information to come, but now we‰Ûªre back and we thank you for
bearing with us as our tech team worked studiously to restore the site.

Read more: http://newsbusters.org/?q=blogs/nb-staff/2010/04/10/newsbusters-back-here-

2010-65 WHID 2010-65: NewsBusters Knocked Offline s-some-what-you-ve-missed#ixzz0kuulCcnh http://newsbusters.org/?q=blogs/nb-staff/2010/04/10/newsbusters-back-here-s-some-what-you-ve-missed 9-Apr-10 Denial of Service Insufficient Anti-automation
Downtime Media USA No
A large number of bloggers using Wordpress are reporting that their sites recently were
hacked and are redirecting visitors to a page that tries to install malicious software.

According to multiple postings on the Wordpress user forum and other blogs, the attack
doesn‰Ûªt modify or create files, but rather appears to inject a Web address ‰ÛÓ ‰
ÛÏnetworkads.net/grep‰Û ‰ÛÓ directly into the target site‰Ûªs database, so that any
attempts to access the hacked site redirects the visitor to networkads.net. Worse yet,
because of the way the attack is carried out, victim site owners are at least temporarily
locked out of accessing their blogs from the Wordpress interface.

It‰Ûªs not clear yet whether the point of compromise is a Wordpress vulnerability (users
of the latest, patched version appear to be most affected), a malicious Wordpress plugin,
or if a common service provider may be the culprit. However, nearly every site owner
2010-64 WHID 2010-64: Hundreds of Wordpress Blogs Hit by ‰Û÷Networkads.net‰Ûª Hack affected so far reports that Network Solutions is their current Web hosting provider. http://krebsonsecurity.com/2010/04/hundreds-of-wordpress-blogs-hit-by-networkads-net-hack/ 9-Apr-10 Predictable Resource Location
Application Misconfiguration
Planting of Malware Blogs No WordPress
Romanian police have arrested 70 suspected cybercrooks, thought to be members of
three gangs which allegedly used compromised eBay accounts to run scams.

The alleged fraudsters obtained login credentials using phishing scams before using these
trusted profiles to tout auctions for non-existent luxury goods (luxury cars, Rolex watches
and even a recreational aircraft). Buyers handed over the loot but never received any
2010-63 WHID 2010-63: Police cuff 70 eBay fraud suspects goods in return. http://www.theregister.co.uk/2010/04/07/romania_cybercrime_bust/ 6-Apr-10 Stolen Credentials Insufficient AuthenticationFraud Retail USA No Romania eBay
A rash of home foreclosures and abandoned dwellings had already taken its toll on the tax
revenue for the Village of Summit, a town of 10,000 just outside Chicago. Then, in March,
computer crooks broke into the town‰Ûªs online bank account, making off with nearly
$100,000. According to Rivera, the theft took place Mar. 11, when her assistant went to
log in to the town‰Ûªs account at Bridgeview Bank. When the assistant submitted the
credentials to the bank‰Ûªs site, she was redirected to a page telling her that the bank‰
Ûªs site was experiencing technical difficulties. What she couldn‰Ûªt have known was
that the thieves were stalling her so that they could use the credentials she‰Ûªd supplied
2010-62 WHID 2010-62: Computer Crooks Steal $100,000 from Ill. Town to create their own interactive session with the town‰Ûªs bank account. http://www.krebsonsecurity.com/2010/04/computer-crooks-steal-100000-from-ill-town/ 11-Mar-10 Banking Trojan Insufficient AuthenticationMonetary Loss Finance Illinois, USA No
A stunning new report issued last night by a team of U.S. and Canadian researchers
highlights a critical development in the world of cyber crime: the use of popular services
like Twitter, Google (GOOG) and Yahoo (YHOO) to camouflage and carry out infiltrations
2010-61 WHID 2010-61: How Chinese Hackers Exploit Twitter, Google and Yahoo at the highest level of international government and business. http://blogs.bnet.com/business-news/?p=856 6-Apr-10 Abuse of Functionality Abuse of Functionality Leakage of Information Web 2.0 No China http://www.scribd.com/doc/29435784/SHADOWS-IN-THE-CLOUD-Investiga
SPAMMERs use an Open Redirection vuln in a CNN ad site. The clever touch was
providing a link that exploits redirect functionality supported by CNN‰Ûªs ad servers. The
link is structured as follows:

http://ads.cnn.com/event.ng/Type=click&Redirect=http:/bit.ly/cP‰ÛÒXW

Clicking on the link sends a request to CNN which instructs the browser to send a second
request to the redirect URL ‰ÛÒ in this case the shortened http:/bit.ly/cP‰ÛÓXW. The
host site would not be aware of the misuse ‰ÛÒ the spammer is simply abusing
legitimate ad-serving functionality.

This technique provides several advantages to the spammer:

1) The URL from cnn.com might give the impression that there was a genuine CNN-
worthy story to be found

2) The reputable site name would allay fears of anything malicious lurking at the end of
the click.

3) Most URL filtering solutions would not block the initial request to cnn.com (although
reputable solutions would have been updated in real time about the follow on link which
2010-60 WHID 2010-60: CNN redirect exploited by scammers would be blocked) http://blog.commtouch.com/cafe/email-security-news/cnn-redirect-exploited-by-scammers/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+CommtouchCafe+(Commtouch+Caf̩)
6-Apr-10 Redirection Improper Input Handling Link Spam Media USA No
Attacker(s) conducted a DDoS attack against the Florida Candidate for Governor Paula
Dockery's website. In essence, what is happening is someone is sending approximately
40,000 requests per second to the website/server, then immediately closing them‰Û_ It is
the equivalent of 2.4 million people a minute browsing to the site and closing it
immediately. In essence this saturates the number of connections available to legitimate
people trying to get to the server, causing them to time-out when they visit the site. In
2010-6 WHID 2010-6: Cyber hacker hits Paula Dockery's campaign site security terms it is called a Denial of Service Attack (DoS). http://blogs.tampabay.com/buzz/2010/01/cyber-hacker-hits-paula-dockerys-campaign-site.html 20-Jan-10 Denial of Service Insufficient Anti-automation
Downtime Government Florida, USA No
A Lebanese hacker claims to have hacked Orange's regional website in Cote d'Ivoire
(Ivory Coast) through SQL injection. The attack allegedly gave him access to the website's
2010-59 WHID 2010-59: Orange Regional Website Hacked administration interface and information on almost 60,000 customers. http://news.softpedia.com/news/Orange-Regional-Website-Hacked-134467.shtml 9-Feb-10 SQL Injection Improper Input Handling Leakage of Information Information Services Ivory Coast No Lebanon 60,000
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
The Foreign Correspondents Club of China said on Friday it had shut its website after a
burst of hacker attacks, days after attacks on the Yahoo email accounts of some foreign
journalists covering China were discovered.

"We do not know who is behind the attacks or what their motivation is," the club's board
said in an emailed statement explaining it had decided to shut down temporarily the site
after two days of "persistent" attacks.

The club has traced the online assault to IP addresses in both China and the U.S., but
added that these machines could have been taken over by hackers in other locations.

The hacking was the latest of several recent incidents that have brought to light the
2010-58 WHID 2010-58: China journalist club shuts website after attack Internet vulnerabilities of people or groups whose work may raise hackles in China. http://www.reuters.com/assets/print?aid=USTOE63101R20100402 1-Apr-10 Unknown Insufficient Anti-automation
Downtime Media China No
Advertisement programs operated by Google, Yahoo and Fox were recently found to
deliver malware, according to CNET. Avast, the Czech Republic-based web security
company, discovered the malware and stated that this particular strain target holes in
popular web browsers such as Firefox and Internet Explorer.

Yahoo's Yield Manager and Fox FirmServe manage nearly 50 percent of all online ads.
Google's program DoubleClick was found to contain some malvertisements, but not to the
extent of Yield Manager or FirmServe. Other advertising platforms like Facebook and
2010-57 WHID 2010-57: Web security under attack from ads in prominent advertising programs MySpace have also experienced similar problems in recent months. http://www.mxlogic.com/securitynews/web-security/web-security-under-attack-from-ads-in-prominent-advertising-programs651.cfm 31-Mar-10 Malvertising Improper Output HandlingPlanting of Malware Information Services USA No
Private e-mail addresses that many Facebook users wanted to keep hidden were revealed
publicly last night on a multitude of Facebook profiles, Gawker reports. The glitch lasted
about 30 minutes before Facebook sealed the gap.

It might be that Facebook's recently proposed changes to its privacy settings could be to
blame for the hiccup. PC World writer Paul Suarez reported that "One of those changes [to
Facebook's Privacy Policy and Statement of Rights and Responsibilities] would make it
possible for Facebook to send your name, photo, friend list, and any public information
about you and your friends to preapproved third-party Web sites." A slight tweak to
2010-56 WHID 2010-56: Facebook Flub Leaks Private E-Mail Addresses broadcasting profile information could have resulted in this embarrassing flub. http://www.cio.com/article/589021/Facebook_Flub_Leaks_Private_E_Mail_Addresses 31-Mar-10 Misconfiguration Misconfiguration Leakage of Information Web 2.0 USA No
For the second time in less than six months, visitors to the Drudge Report say they got
malware in addition to the Web site's usual sensational headlines.

Matt Drudge denied that his site was infecting visitors, however it's likely that the malware
2010-55 WHID 2010-55: Drudge Report accused of serving malware, again is coming from ads delivered by a third-party ad network and not the site itself. http://news.cnet.com/8301-27080_3-10466044-245.html 9-Mar-10 Malvertising Improper Output HandlingPlanting of Malware Media USA No
On February 18, MyPlane, dba MyPilotStore.com, discovered that their database
containing their customers‰Ûª names, addresses, telephone numbers, e-mail addresses,
and credit card information had been hacked. According to the firm, some customers
received a ‰ÛÏnominal fake charge to their credit card by a company not associated with
2010-54 WHID 2010-54: MyPilotStore.com hack results in false charges on customers‰Ûª cards us.‰Û http://www.databreaches.net/?p=10990 18-Feb-10 SQL Injection Improper Input Handling Credit Card Leakage Retail No
Internet giant Google says Vietnamese computer users have been spied on and political
blogs hacked in attacks which a leading web security firm suspects are linked to the
Vietnamese government.

The incidents recall cyber attacks in China that Google in January said had struck it and
other unidentified firms in an apparent bid to hack into the email accounts of Chinese
human rights activists.

"These infected machines have been used both to spy on their owners as well as
participate in distributed denial of service attacks against blogs containing messages of
political dissent," said Neel Mehta of Google's security team in the firm's Online Security
2010-53 WHID 2010-53: Google says Vietnam political blogs hacked Blog. http://news.yahoo.com/s/afp/20100331/tc_afp/vietnammediainternetrightsgooglemcafee&a=Technology%20News&x=1 31-Mar-10 Denial of Service Insufficient Anti-automation
Downtime Web 2.0 Vietnam No
lectronics retailer Small Dog Electronics has suffered from a systems breach that left 3000
customers' credit card details compromised.

The data theft, which left the credit card details exposed from late December to almost the
end of January, used a security hole in the in-house web application that had been
developed to manage Smalldog's ecommerce system.

Don Mayer, CEO of Small Dog Electronics, explained that the company is PCI compliant,
and that it had been subjected to a penetration test by a third party, which he would not
name. The flaw in the code has now been rectified, and Small Dog is investigating the
issue with the pen tester, added Mayer, who did not know what language the ecommerce
2010-52 WHID 2010-52: 3000 Small Dog Electronics customers' credit card details compromised system had been written in. http://www.infosecurity-us.com/view/7411/3000-small-dog-electronics-customers-credit-card-details-compromised/ 18-Feb-10 SQL Injection Improper Input Handling Credit Card Leakage Retail USA No 3,000
A mentally ill woman exploited a loophole in D.C. tax office online systems to gain
unauthorized access to taxpayer accounts, establish herself as the owner of dozens of
businesses and file returns on their behalf. The FR-500 forms were not submitted for
review before processing, BDO found, and no verification checks were performed. The
loophole was a glitch, OTR explained. The agency's Integrated Tax System was supposed
to deny ownership changes requested through the FR-500 function, but "faulty logic"
allowed the updates automatically. Umansky said a fix is now in place and "that can't
2010-51 WHID 2010-51: Woman worms into D.C. taxpayer accounts happen again." http://www.washingtonexaminer.com/local/Woman-worms-into-D_C_-taxpayer-accounts-83589257.html 5-Feb-10 Abuse of Functionality Insufficient Process Validation
Leakage of Information Government Washington DC, USA No
Lincoln National Corp. (LNC) last week disclosed a security vulnerability in its portfolio
information system that could have compromised the account data of approximately 1.2
million customers.

In a disclosure letter (PDF) sent to the attorney general of New Hampshire Jan. 4,
attorneys for the financial services firm revealed that a breach of the Lincoln portfolio
information system had been reported to the Financial Industry Regulatory Authority
(FINRA) by an unidentified source last August. The company was planning to issue
notification to the affected customers on Jan. 6, the letter says.

The letter does not give technical details about the breach, but it indicates the unidentified
2010-50 WHID 2010-50: Shared-password vulnerability may have exposed personal information in onlinesource
account management
sent system and password to the portfolio management system.
FINRA a username http://www.darkreading.com/vulnerability_management/security/privacy/showArticle.jhtml?articleID=222301034 14-Jan-10 Stolen Credentials Insufficient AuthenticationLeakage of Information Finance USA No 1,200,000
2010-5 WHID 2010-5: City of Albertville's web site hacked The website of the Mayor of Albertsville, AL was defaced with profanity. http://www.waff.com/Global/story.asp?S=12166330 18-Mar-10 Unknown Improper Output HandlingDefacement Politics Alabama, USA No Alabama, USA
Hackers have stolen the login credentials for more than 8,300 customers of small New
York bank after breaching its security and accessing a server that hosted its online
banking system.

The intrusion at Suffolk County National Bank happened over a six-day period that started
on November 18, according to a release (PDF) issued Monday. It was discovered on
December 24 during an internal security review. In all, credentials for 8,378 online
accounts were pilfered, a number that represents less than 10 percent of SCNB's total
2010-49 WHID 2010-49: Hackers pluck 8,300 customer logins from bank server customer base. http://www.theregister.co.uk/2010/01/12/bank_server_breached/ 12-Jan-10 SQL Injection Improper Input Handling Leakage of Information Finance NY, USA No 8,300
2010-48 WHID 2010-48: Hackers brute force their way into galeton.com website containing names, creditHackers
card numbers
used brute force to log into web accounts of users at www.galeton.com. http://datalossdb.org/incidents/2692-hackers-brute-force-their-way-into-website-containing-names-credit-card-numbers 8-Feb-10 Brute Force Insufficient Anti-automation
Credit Card Leakage Retail No
JC Penney Co. was one of the victims of notorious computer hacker Albert Gonzalez,
according to unsealed documents made available on Monday by a federal judge in
Boston.

Penney, which during Gonzalez' trial had asked the U.S. District Court for the District of
Massachusetts to bar the government from disclosing its identity, was revealed in the
documents to be the company that had been known throughout the trial as "Company A."

ICQ chat logs confirm SQL Injection was used - http://datalossdb.

2010-47 WHID 2010-47: Court papers: JC Penney was hacking victim org/system/jcp_attachment.pdf http://www.msnbc.msn.com/id/36088614/ns/technology_and_science-security/ 23-Oct-07 SQL Injection Improper Input Handling Credit Card Leakage Retail No http://datalossdb.org/incident_highlights/48
Xbox Live director of programming Larry Hryb has for some time now been the face of
Microsoft's online platform for the Xbox 360, thanks in large part to his Major Nelson
persona. Unfortunately, Xbox Live's figurehead saw his gamertag defaced over the
2010-46 WHID 2010-46: Microsoft's Larry "Major Nelson" Hryb has online account hijacked through Xbox.com
weekend
as part
after
ofaunderground
hacker was able
group's
to log
publicity
into Hryb's
bid. account. http://www.gamespot.com/news/6254330.html 29-Mar-10 Unknown Unknown Leakage of Information Entertainment No
Organized computer criminals yanked more than $200,000 out of the online bank
accounts of a Missouri dental practice this month, in yet another attack that exposes the
financial risks that small- to mid-sized organizations face when banking online.

Smile Zone is still investigating how the thieves compromised the account. But in case
after case I‰Ûªve reported on involving this type of fraud, the attackers hacked the
victim‰Ûªs computer networks using a Trojan horse program known as Zeus or Zbot,
which allows the criminals to tunnel back through the victim‰Ûªs PC in order to log into
2010-45 WHID 2010-45: Online Thieves Take $205,000 Bite Out of Missouri Dental Practice the target account without raising red flags or additional security mechanisms. http://www.krebsonsecurity.com/2010/03/online-thieves-take-205000-bite-out-of-missouri-dental-practice/ 30-Mar-10 Banking Trojan Insufficient AuthenticationMonetary Loss Finance Missouri, USA No $205,000.00
The attack, which took place overnight, saw a message from the Iranian Cyber Army
appear on the Baidu home page. It featured a picture of the Iranian flag, and a message
written in Farsi.

Here‰Ûªs how Baidu alleges the hacker got access to one of the world‰Ûªs most
popular web sites domain name account in under an hour:

1. Hacker starts online chat session with Register.com representative, claiming to be an

agent of Baidu.

2. Register.com representative asks hacker to provide verification information. Hacker

provides invalid information, but Register.com goes ahead and e-mails a security code to
the email address it has on file for Baidu anyway.

3. The hacker doesn‰Ûªt have access to that e-mail address, so he/she relays a bogus
security code to the Register.com representative via chat. Baidu claims the representative
didn‰Ûªt bother to compare the code to the actual one.

4. Hacker asks Register.com representative to change email address on file to

[email protected], and representative does.

5. Hacker now uses ‰ÛÏforgot password‰Û link at Register.com to request the

username and password to the account. Hacker can then log in and change the name
2010-44 WHID 2010-44: Baidu hacked by Iranian Cyber Army servers. http://www.telegraph.co.uk/technology/news/6974129/Baidu-hacked-by-Iranian-Cyber-Army.html 12-Jan-10 Weak Password Recovery
Insufficient
Validation
Process Validation
Downtime Internet China No Iran http://domainnamewire.com/2010/02/24/how-baidu-got-hacked-by-the-irania
To get the ball rolling on the iPad estimate, Mr. Tello asked participants on a private
message board for Apple watchers, AAPL Sanity, to share the order number that the
Apple Store assigns to each online purchase and includes on the order's email
confirmation.

The first order submitted, from a user named Joe, had an eight-digit order number 68,715,
XXX (the last three digits have been excised) at 8:30 a.m. Eastern time on March 12, the
first day iPad orders could be placed. Another order placed five days later, by a user
2010-43 WHID 2010-43: Sleuths Trace Digital Clues to Predict iPad Sales named Israel, was numbered 68,937,XXX. That is a difference of about 222,000. http://online.wsj.com/article/SB10001424052748704207504575130351672451186.html 19-Mar-10 Credential/Session Prediction
Insufficient Entropy Leakage of Information Retail No
A Frenchman will face trial after hacking into Twitter accounts, including that of U.S
President Barack Obama, a French prosecutor said.

The 24-year-old man from central France was arrested on Tuesday and could face up to
two years in prison in France for fraudulent access to a computer system. The arrest
followed a joint operation between the Federal Bureau of Investigation and the French
police, according to French state prosecutor Jean-Yves Coquillat.

The man, whose name hasn't been release, is charged with having hacked into the Twitter
Inc. social-networking accounts of famous people. He did this in April 2009 after posing as
a site administrator, said Mr. Coquillat. As well as Mr. Obama's account, he hacked into
2010-42 WHID 2010-42: Frenchman Arrested After Hacking Into Obama's Twitter Accounts that of singer Britney Spears, he said. http://online.wsj.com/article/SB10001424052748704094104575143391819054502.html 25-Mar-10 Brute Force Insufficient Password Recovery
Leakage of Information Web 2.0 USA No France Twitter http://techcrunch.com/2009/07/19/the-anatomy-of-the-twitter-attack/
Microsoft's Ninemsn, one of the most visited portals in Australia (Alexa rank 573), was
compromised and injected with malicious code. The malicious code was identified to be
2010-41 WHID 2010-41: NineMSN compromised part of the Gumblar mass injections. http://www.itwire.com/business-it-news/security/36912-ninemsn-compromised 17-Feb-10 Unknown Improper Output HandlingPlanting of Malware Internet Australia No
Indian software giant Tata Consultancy Services Ltd. (TCS) has witnessed the hijacking of
its official website www.tcs.com. The hackers not only attacked the website but also
2010-40 WHID 2010-40: TCS Website Hacked, Domain Name Up For Sale allegedly changed its domain name and put it up for sale! http://www.techtree.com/India/News/TCS_Website_Hacked_Domain_Name_Up_For_Sale/551-109190-643.html 8-Feb-10 DNS Hijacking Insufficient Process Validation
Defacement Technology India No
Australian retailer DealsDirect.com.au started serving malware to clients through a
compromised partner advertising system. It seems that end users were made aware of
malware due to Google Safe Browsing plugins in Google Chrome, Firefox and Internet
Explorer browsers as they were alerted with the "This site may harm your computer"
warning. It is a shame that web sites themselves aren't doing better at analyzing
2010-4 WHID 2010-4: Shopping website hacked with malware outbound data they are serving to ensure that it is not malicious. http://news.ninemsn.com.au/technology/1029568/shopping-website-hacked-with-malware 19-Mar-10 Content Spoofing Improper Output HandlingPlanting of Malware Retail Australia No
Even before its administrators could fix the problem, the website of the Technical
Education and Skills Development Authority was hacked again early Monday, this time
redirecting visitors to the website of Smartmatic, the contractor tasked to implement the
automated elections this May. A check of the hacked TESDA website's homepage
showed the hackers left instructions for the site to redirect to Smartmatic's website in 20
2010-39 WHID 2010-39: Tesda Website hacked again; users directed to Smartmatic seconds. http://www.gmanews.tv/story/181244/tesda-website-hacked-again-users-redirected-to-smartmatic 11-Jan-10 Cross-site Scripting (XSS)
Improper Output HandlingDefacement Government Phillipines No
IBM Security Researcher outlines the XSS vuln he found that exploits a Flash upload file
2010-38 WHID 2010-38: Cross-Site Scripting through Flash in Gmail Based Services movie by passing Javascript within external parameters. http://blog.watchfire.com/wfblog/2010/03/cross-site-scripting-through-flash-in-gmail-based-services.html 22-Mar-10 Cross-site Scripting (XSS)
Improper Output HandlingLeakage of Information Information Services No
On January 25, an ING customer discovered that she could access client information on
the ingfunds.com web site and notified her stockbroker. In investigating the situation, ING
discovered that since August 2008, a file containing the names, addresses, Social Security
numbers, and account numbers of 106 ING shareholders had been available on the web
through a search engine. The company notified the New Hampshire Attorney General on
2010-37 WHID 2010-37: ING Shareholder Data Exposed on Website February 3 that 17 residents of the state were affected. http://doj.nh.gov/consumer/pdf/ing.pdf 25-Jan-10 Unintentional Information
Insufficient
Disclosure Authorization Leakage of Information Finance No New Hampshire, USA
Last week, this site received a lead about a security problem involving the web site of a
Durex product. On March 5, a customer reportedly discovered that anyone could view his
and other customers‰Ûª orders on the kohinoorpassion.com web site by simply inserting
a different order ID number in the url without any login required. Names, addresses, phone
2010-36 WHID 2010-36: Durex condom orders leak on web ‰ÛÒ customer (update 1) numbers, and type of products ordered were all there for ready viewing. http://www.databreaches.net/?p=10726 22-Mar-10 Predictable Resource Location
Insufficient Authorization Leakage of Information Retail India No
Here's what Maley told attendees to an RSA Conference panel on state cybersecurity on
Wednesday:

"We saw thousands of hits on our Department of Transportation driver license exam
scheduling site coming out of Russia, the same thing over and over, scheduling driver
license exams. It was encrypted traffic, and we were trying to figure out what the heck is
going on. Were they trying to test our systems? What exactly were they up to? The answer
was, we really didn't know."

Authorities eventually discovered that the hacker who used a proxy server in Russia to
mask his identity owned a driving school in Philadelphia, and exploited a vulnerability in
the driving test scheduling system to allow the scheduling of more tests than the allotted
time slots. It could take upward of six weeks to schedule a driving test in Philadelphia.
Said Maley:

"What he was doing was saying (to potential customers), "You go over across the street,
to John's driver training, and it's going to take you six to eight weeks to get your test. We
2010-35 WHID 2010-35: CISO Witnesses Hack Like No Other can get you in tomorrow." http://blogs.bankinfosecurity.com/posts.php?postID=469 3-Mar-10 Content Spoofing Insufficient Anti-automation
Loss of Sales Government PA, USA No PA, USA
Not exactly a startup news per se, but a healthy reminder to all those working with user
credentials in their online services. One of the largest, if not the largest, online identity
thefts has just occured in Finland. The service to be breached was ÌãlypÌ_Ì_, a Sanoma
bought gaming site. The sad part is that while an identity breach of this magnitude is
always bad ‰ÛÒ this has been made worse by Sanoma actually storing the passwords in
2010-34 WHID 2010-34: Over 120 000 Sanoma User Credentials Stolen plain text, making them usable anywhere. http://www.arcticstartup.com/2010/03/23/over-120-000-sanoma-user-credentials-stolen/?ref=rc 23-Mar-10 SQL Injection Improper Input Handling Leakage of Information Entertainment Finland No
A New York marketing firm that as recently as two weeks ago was preparing to be
acquired now is facing bankruptcy from a computer virus infection that cost the company
more than $164,000.

Immediately before the fraud occurred, Mrs. McCarthy found that her Windows PC would
no longer boot, and that the computer complained it could not find vital operating system
files. ‰ÛÏShe was using it one day and then this blue screen of death just came on her
screen,‰Û said a longtime friend who was helping McCarthy triage her computer.

Later, McCarthy‰Ûªs friend would confirm that her system had been infected with the
ZeuS Trojan, a potent family of malware that steals passwords and lets cyber thieves
control the infected host from afar. ZeuS also includes a feature called ‰ÛÏkill operating
system,‰Û which criminals have used in prior bank heists to effectively keep the victim
offline and buy themselves time to make off with the cash.

Karen McCarthy said TDBank has dug in its heels and is now saying it has no
2010-33 WHID 2010-33: N.Y. Firm Faces Bankruptcy from $164,000 E-Banking Loss responsibility for the loss. http://www.krebsonsecurity.com/2010/02/n-y-firm-faces-bankruptcy-from-164000-e-banking-loss/ 15-Feb-10 Stolen Credentials Insufficient AuthenticationMonetary Loss Finance NY, USA No
Computer crooks stole more than $200,000 from an auto body shop in Ohio last month in
a brazen online robbery. The attack is yet another example of how thieves are using
malicious software to bypass bank security technologies that are often touted as strong
deterrents to this type of fraud.

Story outlines Banking Trojan types of activity which intercepted the one-time passcode
2010-32 WHID 2010-32: Crooks Crank Up Volume of E-Banking Attacks and then redirected the real user to a fake maintenance page. http://www.krebsonsecurity.com/2010/03/crooks-crank-up-volume-of-e-banking-attacks/ 23-Feb-10 Stolen Credentials Insufficient AuthenticationMonetary Loss Finance Ohio, USA No
In a separate incident on March 4, organized crooks stole roughly $130,000 from North
Garland County Regional Water District, a public, nonprofit utility in Hot Springs, Ark.
Again, thieves somehow broke into the utility‰Ûªs online bank account and set up
unauthorized transfers to more than a dozen individuals around the country that were not
affiliated with the district.

Manager Bill Reinhardt said the district is still investigating how the thieves gained access
to its accounts, and that it had notified the FBI about the breach. Reinhardt said the district
2010-31 WHID 2010-31: Organized Crooks Hit Ark. Utility has so far worked with its bank to reverse about half of the fraudulent transfers. http://www.krebsonsecurity.com/2010/03/organized-crooks-hit-nj-town-arizona-utility/#more-1918 4-Mar-10 Stolen Credentials Insufficient AuthenticationMonetary Loss Finance Arkansas, USA No
The Federal Bureau of Investigation and the Atlantic County Prosecutor's Office are
helping Egg Harbor Township police investigate what township police said was an "outside
intrusion into a municipal banking account"that was to blame for missing municipal funds."

In a statement, the township police also warned the public that computer criminals have
become more sophisticated.

"Emails can appear to originate from your bank, or other legitimate location, and when
opened can cause great financial damage," the department wrote. "Use extra care with
2010-30 WHID 2010-30: Organized Crooks Hit NJ Town your email and where you may send/enter any personal information." http://www.pressofatlanticcity.com/news/top_three/article_35e425d8-32f2-11df-a24f-001cc4c03286.html 19-Mar-10 Stolen Credentials Insufficient AuthenticationMonetary Loss Finance New Jersey, USA No http://www.krebsonsecurity.com/2010/03/organized-crooks-hit-nj-town-arizon
Hackers, working for BroCo Investments (a one-trader operation based in St. Petersburg,
Russia) used stolen online brokerage credentials to initiate a pump-and-dump scheme.
Within minutes of making the unauthorized transactions, the SEC claims BroCo then sold
shares of these same stocks held in its own account at the artificially inflated prices,
netting the hackers more than $250,000 in profits.

From a defensive perspective, the online brokerage accounts should be doing more to
authenticate users and validate transactions. The challenging part is that these types of
defensive mechanisms may actually interfere with many of the automated bot programs
that investors use to monitor and execute trades. Online trading fraud is not going to go
away anytime soon.

Read More on SEC filing - http://www.wired.

2010-3 WHID 2010-3: Feds Crack Hackers' Stock Manipulation Cybercrime com/images_blogs/threatlevel/2010/03/brocosec.pdf http://www.esecurityplanet.com/news/article.php/3871176/Feds-Crack-Hackers-Stock-Manipulation-Cybercrime.htm 16-Mar-10 Stolen Credentials Insufficient AuthenticationMonetary Loss Finance No St. Petersburg, Russia $600,000.00
It was hoped that visitors to the website - http://cash-gordon.com ‰ÛÒ would use popular
social networking websites such as Twitter and Facebook to spread the word about
Gordon Brown‰Ûªs union links.

One of its features displayed any message posted on Twitter if it included the term ‰
ÛÏ#cashgordon‰Û , no matter what else it said.

By writing Twitter messages containing the ‰ÛÏ#cashgordon‰Û and their own piece of
web code, they were able to redirect visitors to any other site on the internet.

Anyone who tried to access the Cash Gordon website for more than an hour was sent
2010-29 WHID 2010-29: Conservatives embarrassed as hackers exploit loophole on anti-union website elsewhere, such as to the Labour Party‰Ûªs site or to hardcore pornography pages. http://www.telegraph.co.uk/technology/twitter/7499228/Conservatives-embarrassed-as-hackers-exploit-loophole-on-anti-union-website.html 23-Mar-10 Cross-site Scripting (XSS)
Improper Output HandlingDefacement Politics United Kingdom No
A Texas bank is suing a customer hit by an $800,000 cybertheft incident in a case that
could test the extent to which customers should be held responsible for protecting their
online accounts from compromises.

The incident, which was first reported by blogger Brian Krebs this week, involves Lubbock-
based PlainsCapital bank and its customer Hillary Machinery Inc. of Plano.

In November, unknown attackers based in Romania and Italy initiated a series of

unauthorized wire transfers from Hillary's bank accounts and depleted it by $801,495.
2010-28 WHID 2010-28: Bank sues victim of $800,000 cybertheft About $600,000 of the amount was later recovered by PlainsCapital. http://www.computerworld.com/s/article/9149218/Bank_sues_victim_of_800_000_cybertheft 26-Jan-10 Stolen Credentials Insufficient AuthenticationMonetary Loss Finance TX, USA No Romania
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
The theft of $378,000 from the town of Poughkeepsie, N.Y., is prompting questions about
the responsibility of banks to protect customer accounts from online criminals.

In a statement last week, a Poughkeepsie town official revealed that thieves had broken
2010-27 WHID 2010-27: Poughkeepsie, N.Y., slams bank for $378,000 online theft into the town's TD Bank NA account and transferred $378,000 to accounts in the Ukraine. http://www.computerworld.com/s/article/9153598/Poughkeepsie_N.Y._slams_bank_for_378_000_online_theft 8-Feb-10 Stolen Credentials Insufficient AuthenticationMonetary Loss Finance NY, USA No Ukraine
A fascinating story about a group of hackers who broke into the RBS WorldPay DBs
through SQL Injection. Russian authorities have nabbed the man accused of
masterminding a coordinated global ATM heist of $9.5 million from Atlanta-based card
processing company RBS WorldPay. The hackers compromised RBS WorldPay‰Ûªs
database encryption to raise the amount of funds available on the compromised cards,
and boost their daily withdrawal limits. In some case, the hackers raised the limits to
$500,000. According to the indictment, Tsurikov conducted reconnaissance of the RBS
network after Covelin provided him with information about vulnerabilities in the system.
Pleshchuk and Covelin then worked on exploiting the vulnerabilities to obtain access.
Pleschuk allegedly developed the method for reverse engineering the encrypted PINs.
Once the hackers raised the account limits, they provided an army of cashers with 44
cards programmed with the account details. On November 8 that year, the cashers
simultaneously hit more than 2,000 ATMs, netting about $9.5 million in less than 12 hours.

The story did not specify the exact vulnerabilities exploited to manipulate the DB however
the Indictment PDF (in the reference) lists actual SQL commands sent to the DBs (pages
10-11).

If you then cross-reference this story with WHID entry 2009-51 where the Romania Hacker
Unu released SQL Injection vulns in RBS WorldPay web applications, it seems most
2010-26 WHID 2010-26: Russia Arrests Alleged Mastermind of RBS WorldPay Hack plausible that these Russian Hackers used similar vulnerabilities. http://www.wired.com/threatlevel/2010/03/alleged-rbs-hacker-arrested 22-Mar-10 SQL Injection Improper Input Handling Monetary Loss Finance Georgia, USA No Russia http://www.wired.com/images_blogs/threatlevel/2009/11/rbs-worldpay-indictm
McAfee, a leading maker of Internet security software, warned this week that software
systems used by many companies to store and manage their intellectual property are
being actively targeted by hackers and are in need of significantly increased security
focus.

McAfee took issue with Perforce‰Ûªs implementation of access controls. For instance,
using the Web interface, someone who manages to access one user account could
access those of other users by manipulating the associated URL, or Web address, it said.
Perforce responded that, if customers choose the systems most restrictive mode, that
2010-25 WHID 2010-25: Flawed Security Exposes Vital Software to Hackers situation isn‰Ûªt possible. http://bits.blogs.nytimes.com/2010/03/05/flawed-security-exposes-vital-software-to-hackers/ 5-Mar-10 Predictable Resource Location
Insufficient AuthenticationLeakage of Information Technology No http://graphics8.nytimes.com/packages/pdf/technology/20100306Aurora.pdf
Yesterday, at 8pm past, a member "gameboyz" discovered pretty quickly that he could
inject HTML code into the Tag Board Chat, and posted a script which changed the
contents of the page where the tagboard would appear, with a message below, when one
2010-24 WHID 2010-24: Singapore's biggest forum, Hardwarezone Forums, gets hacked (friendly) accessed certain sections of the site. 18-Mar-10 Cross-site Scripting (XSS)
Improper Output HandlingDefacement Retail Singapore No http://asia.cnet.com/blogs/rehashplus/post.htm?id=63017848&scid=hm_bl
At a time when college basketball fans are going wild, cybercriminals are actively pursuing
opportunities for scams. Basketball fans go online to fill out bracket selections, and when
they do, hackers are also playing their own game of spamdexing, i.e. manipulating search
results to promote sites, according to James Duldulao, a security researcher at McAfee. In
this case, he explained, cybercriminals are spamdexing malware-infected sites.

This week, the top results for terms like "ncaa bracket" and "march madness predictions"
were poisoned. McAfee reports that five out of the first 10 hot searches on Google Trends
are being promoted by a network Relevant Products/Services of legitimate sites that were
hacked to serve malware. One site had an embedded Flash file that downloads malware
2010-23 WHID 2010-23: Beware: Malware Attacks Facebook, B-Ball & Gossip Sites from another site and installs it without user interaction Relevant Products/Services. http://www.toptechnews.com/story.xhtml?story_id=11000CA733W8&full_skip=1 19-Mar-10 Unknown Improper Output HandlingPlanting of Malware Information Services No
Future Group''s plans to boost on-line sales has come across a cyber hurdle with its
flagship e-commerce portal FutureBazaar being hacked and has been rendered the site
dysfunctional for the last two days.

Terming the hacking of www.futurebazaar.com as ''denial of service attack'', FutureBazaar

Chief Executive Officer Rajiv Prakash told PTI, "The website has been down for the last
2010-223 2010-223: FutureBazaar Site Hit By DoS Attack couple of days and has been blocked to consumers." http://news.in.msn.com/business/article.aspx?cp-documentid=4730349 21-Dec-10 Denial of Service Insufficient Anti-automation
Downtime Retail New Delhi, India No
The breach of a Web server that housed payment card data for a New York tourism
company's website highlights security gaps in cardholder data protection.

The online breach, which led hackers to cardholder information for 110,000 credit cards,
was facilitated via SQL injection -- one of the most frequent modes of attack hackers use
to illegally acquire payment-card details.

Twin America LLC (d.b.a., City Sights NY) reportedly discovered the breach in late
2010-222 WHID 2010-222: SQL Injection Blamed for Twin America Breach October, after a programmer noticed unauthorized script had been loaded to the server. http://doj.nh.gov/consumer/pdf/twin_america.pdf 25-Oct-10 SQL Injection Improper Input Handling Credit Card Leakage Tourism New York No 110,000
The forces of Anonymous have taken aim at several companies who are refusing to do
business with WikiLeaks. 4chan's hordes have launched distributed denial-of-service
attacks against PayPal, Swiss bank PostFinance, and other sites that have hindered the
2010-221 WHID 2010-221: 4chan rushes to WikiLeaks' defense, forces Swiss banking site offline whistleblowing site's operations. http://arstechnica.com/tech-policy/news/2010/12/4chan-rushes-to-wikileaks-defense-forces-swiss-banking-site-offline.ars 7-Dec-10 Denial of Service Insufficient Anti-automation
Downtime Finance Switzerland No
There's been a SQL injection leading to leaking of encrypted account passwords, some of
them discovered by brute-force attack, leading in turn to project membership access.

We're reinstalling the system and restoring the data from a safe backup, November 23th
circa 12:00 GMT.

Please prepare to recommit your changes since that date.

While effort was made in the past to fix injection vulnerabilities in the Savane2 legacy
2010-220 WHID 2010-220: Savannah GNU Hacked codebase, it appears this was not enough :/ http://savannah.gnu.org/ 29-Nov-10 SQL Injection Improper Input Handling Leakage of Information Technology Boston, MA No
At least two leading figures in the opposition Social Democratic Party were attacked by
computer hackers during the weekend.

On Sunday, the web pages of the party‰Ûªs Parliamentary group chairman Eero
HeinÌ_luoma were hacked, and on Saturday evening it was the turn of the party‰Ûªs
chairwoman Jutta Urpilainen.

Strange pictures and text had appeared on HeinÌ_luoma‰Ûªs page www.heinaluoma.net

on Sunday, and shortly before 4 p.m. his web page was no longer accessible.

On Saturday evening, Urpilainen‰Ûªs page had been targeted with obscene

messages and child pornography.

2010-22 WHID 2010-22: Hackers target SDP leaders The pages crashed at about 10:00 p.m. http://www.hs.fi/english/article/Hackers+target+SDP+leaders+/1135254873196 21-Mar-10 Unknown Improper Output HandlingDefacement Politics Finland No
Infamous anti-jihadi hacker The Jester (th3j35t3r) is claiming responsibility for a denial of
service attack (DoS) attack that temporarily disabled the WikiLeaks website just hours
2010-219 WHID 2010-219: The Jester Hits WikiLeaks Site With XerXeS DoS Attack before the release of thousands of classified documents. https://www.infosecisland.com/blogview/9865-The-Jester-Hits-WikiLeaks-Site-With-XerXeS-DoS-Attack.html 29-Nov-10 Denial of Service Insufficient Anti-automation
Downtime Blogs France No
Security notification firm Secunia has confirmed that a DNS redirection hack was to blame
for the redirection of surfers to a hacker site on Thursday.

Secunia's authoritative DNS hosting was redirected for 70 minutes in the early hours of
Thursday morning (Central European time). But because of the way DNS caching works,
many surfers were still redirected to a defacement site hours after the Danish firm's
2010-218 WHID 2010-218: Secunia recovers from DNS redirection hack definitive records were straightened out. http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/ 25-Nov-10 DNS Hijacking Insufficient Process Validation
Defacement Technology Copenhagen, DenmarkNo
SQL injection flaw in CMS system allowed admin access to many smaller individual and
regional Conservative party web sites (the main site www.conservatives.com was
unaffected). The password field for the CMS login page was susceptible to a SQL injection
attack allowing access to arbitrary user accounts including the CMS administrator account.

http://editor.conservatives.org.uk/cms/v6/cms.admin.php

The CMS controlled content access to the content of a number of sites run by the
Conservative party, many of which are used by regional party groups. The websites have
remained down since the attack, including:

http://www.bathconservatives.com/

http://www.newtonabbotconservatives.org.uk/

http://www.nwdurhamconservatives.com/

http://www.nwnorfolkconservatives.com/

Details of the flaw were posted on several message boards and rapid and widespread
2010-217 WHID 2010-217: Conservative party web CMS system hacked defacement occured, ranging from political satire to hate speak. http://forums.theregister.co.uk/forum/1/2010/10/16/conservative_party_website_hacked/ 16-Oct-10 SQL Injection Improper Input Handling Defacement Politics United Kingdom No 20 Multiple sources
Starting towards the end of October, the nation of Myanmar (previously known as Burma)
has been suffering through a massive Denial of Service attack, leaving Web access at a
crawl when it is available. According to Arbor Networks, the Myanmar attack is producing
2010-216 WHID 2010-216: DDoS: Myanmar attacks larger than those against Estonia and Georgia far more traffic than what was observed during the DDoS attacks on Estonia and Georgia. http://www.thetechherald.com/article.php/201044/6381/DDoS-Myanmar-attacks-larger-than-those-against-Estonia-and-Georgia 4-Nov-10 Denial of Service Insufficient Anti-automation
Downtime Internet Myanmar No
A hacker claims to have gained full access to the website of the British Royal Navy and
2010-215 WHID 2010-215: Hacker Claims Full Compromise of Royal Navy Website the underlying database through an SQL injection attack. http://news.softpedia.com/news/Hacker-Claims-Full-Compromise-of-Royal-Navy-Website-165112.shtml 5-Nov-10 SQL Injection Improper Input Handling Leakage of Information Government United Kingdom No Romania
Intuit's Web-hosting service for small businesses remained inaccessible for several hours
today--possibly due to a denial-of-service attack, a customer service representative told
CNET.

The Web hosting service, at www.websites.intuit.com, had been out at least two hours and
would hopefully be back up by the end of the business day, the customer service rep said.
2010-214 WHID 2010-214: Attack cause Intuit Web-hosting service outage? Asked if it could be the result of a DOS attack, she said: "It's looking like an attack." http://news.cnet.com/8301-27080_3-20021862-245.html 4-Nov-10 Denial of Service Insufficient Anti-automation
Downtime Hosting Providers USA No
The case shows how the information stored on social media sites can be misused, and
ultimately turned against victims. Police believe that Bronk broke into about 3,200 Web
mail accounts by guessing the answers to password reset questions used by services
2010-213 WHID 2010-213: Cops: Hacker Posted Stolen X-rated Pics on Facebook such as Gmail, Yahoo Mail and Microsoft's Hotmail. http://www.pcworld.com/businesscenter/article/209584/cops_hacker_posted_stolen_xrated_pics_on_facebook.html 2-Nov-10 Brute Force Insufficient Password Recovery
Leakage of Information Web 2.0 No
2010-212 WHID 2010-212: Cheapflights claims Twitter account hacked after X-Factor tirade UPDATED: Cheapflights say the faux pas can be blamed on a Malware attack. http://www.tnooz.com/2010/11/01/news/cheapflights-claims-twitter-account-hacked-after-x-factor-tirade/ 31-Oct-10 Malware Unknown Disinformation Web 2.0 USA No Twitter
A new distributed denial-of-service (DDoS) Trojan family is being used to attack blogs and
forums criticizing the Vietnamese Communist Party, a security researcher said yesterday.

According to a report posted by SecureWorks director of malware analysis Joe Stewart,

the botnet created by the "Vecebot" Trojan comprises more than 15,000 bots, most of
them in Vietnam.

Politically motivated cyberattacks are becoming more commonplace and sophisticated,

2010-211 WHID 2010-211: New DDoS Trojan Attacks Sites That Criticize Vietnamese Communist Party SecureWorks observes. http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=228000335 19-Oct-10 Denial of Service Insufficient Anti-automation
Downtime Politics Vietnam Yes Vecebot Botnet 5
The schedule attack against the RIAA's website was set to begin at 4PM EST today, yet it
seems either one of two things happened: 1) the RIAA intentionally brought their server
offline, or 2) there was a premature attack on the website. Either way, the site is offline,
2010-210 WHID 2010-210: RIAA and LimeWire - Both Are Offline and that seems to be good enough for Anonymous and supporters of Operation: Payback. http://www.slyck.com/story2110_RIAA_and_LimeWire_Both_Are_Offline 29-Oct-10 Denial of Service Insufficient Anti-automation
Downtime Entertainment Yes Operation Payback 2
This entry is related to WHID 2008-48 (http://www.xiom.com/whid-2008-48) however it
expands beyond only TicketMaster to include LiveNation.

Prosecutors said the men hired a hacker in Bulgaria to program a way around the
"CAPTCHA" technology that requires ticket buyers to read and retype two distorted
random words to prove they are people, not a computer program. In a spectacular irony,
the defendents managed to take a process meant to distinguish between a human and a
machine - and automate it. The indictment said they even programmed their bots to make
mistakes so they would appear to be human ticket buyers. When the bots swarmed a
Web site, they were able to fill out the CAPTCHA fields in a twinkling, beating any real
human buyers.

Read more: http://www.nydailynews.com/news/ny_crime/2010/03/01/2010-03-

01_wiseguys_tickets_charged_with_hacking_into_ticketmaster_livenation_to_illegally_.
2010-21 WHID 2010-21: Wiseguys Tickets charged with hacking into Ticketmaster, LiveNation to illegally html?page=1#ixzz0iumX65AV
grab best seats http://www.nydailynews.com/news/ny_crime/2010/03/01/2010-03-01_wiseguys_tickets_charged_with_hacking_into_ticketmaster_livenation_to_illegally_.html 1-Mar-10 Brute Force Insufficient Anti-automation
Loss of Sales Entertainment USA No Bulgaria
Department of Health and Hospitals spokeswoman Lisa Faust said Bureau of Emergency
Medical Services personnel discovered the database breach. The unauthorized entry gave
the hacker access to an individual‰Ûªs name and personal information, including Social
Security numbers.

‰ÛÏWhat we don‰Ûªt know is whether the hacker was able to access any information,‰
Û Faust said.

A computer screen displayed the message ‰ÛÏYou have been hacked,‰Û Faust said.
‰ÛÏSince we don‰Ûªt know one way or the other we sent notices out to 56,000 people
that there‰Ûªs a potential that the information was compromised.‰Û

WASC WHID Note - the portal login page (https://ems.oph.dhh.la.gov/ems/login.asp) looks

2010-209 WHID 2010-209: Hacker may have accessed DHH database vulnerable to SQL Injection http://www.2theadvocate.com/news/105946193.html 17-Sep-10 SQL Injection Improper Input Handling Leakage of Information Government Baton Rouge, LA No
BoingBoing.net, the popular blog and "directory of wonderful things", has been hacked and
its home page replaced with a message containing vulgar language and pictures.

The site was pulled down by the administrators shortly after the attack, which is suspected
2010-208 WHID 2010-208: BoingBoing hacked and defaced to have been executed via an SQL injection, TechCrunch reports. http://www.net-security.org/secworld.php?id=10062 27-Oct-10 SQL Injection Improper Input Handling Defacement Blogs Toronto, CA No
The login details of over 2000 MWEB Business account-holders has been published
online by a hacker.

The hacker published details such as usernames, passwords, line speeds and subscriber
names on a mailing list archive, MyBroadband reported.

Affected companies include Bloomberg, Volvo SA, Caledon Hotel Casino, Peugeot SA
and Radio 786.

UPDATE: According to MWEB's Twitter account, less than a 1000 accounts have been
2010-207 WHID 2010-207: MWEB gets hacked affected. The ISP also said that the problem was with the Internet Solutions user interface. http://technology.iafrica.com/technews/682038.html 25-Oct-10 Unknown Application Misconfiguration
Leakage of Information Hosting Providers Lusaka, South Africa No
The publication of footage of Indonesian soldiers torturing native Papuans appears to
provoked a denial of service attack on the websites of development charities who hosted
it.

The websites of Survival International and at least five other organisations who work in
West Papua were all floored by the attack, which started at around 5pm on Wednesday
and increased in severity over the evening. Survival's site is currently back up even though
2010-206 WHID 2010-206: Tribal rights charity weathers DDoS assault the assault remains ongoing. http://www.theregister.co.uk/2010/10/28/survival_ddos_assault/ 28-Oct-10 Denial of Service Insufficient Anti-automation
Downtime Politics No London, England
Malicious hackers have exploited an unpatched vulnerability in the latest version of Firefox
to attack people visiting the Nobel Peace Prize website, a Norway-based security firm said
2010-205 WHID 2010-205: Hackers plant Firefox 0day on Nobel Peace Prize website on Tuesday. http://www.theregister.co.uk/2010/10/26/firefox_0day_report/ 27-Oct-10 Unknown Improper Output HandlingPlanting of Malware Education Norway No Taiwan
The Barclays hack

The Barclays hackers used their zero-day attack (or hack) to get round the security gate
timers the bank's engineers had put in its website software.

It was the hacking equivalent of sitting outside the bank in a Ford Cortina, and checking
your watch every time the rent-a-cop does his rounds and the bank manager pops out for
his lunch-time massage.

Barclays thought it was prepared for this sort of reconnaissance, said Romain. The bank's
security team had reviewed the software behind its website payment system and got
everything ship-shape.

They checked how their banking software handled internet transactions. Real people tend
to fumble and faff about at their computers. It can take some old timers half a day just to
enter their card number.

Yet automated software bots designed by hackers can spit out instructions as fast as the
bank computer will receive them. Software like this pretends to be a bank customer, but is
2010-204 WHID 2010-204: How bank hackers beat Barclays far too efficient to be a real person at all. http://www.thinq.co.uk/2010/10/25/how-bank-hackers-beat-barclays/ 25-Oct-10 Process Automation Insufficient Anti-automation
Fraud Finance London, England No
HOW HE SAYS HE HACKED THE SYSTEM

An SQL database system is used to store information, such as passwords. Using an "SQL
injection," he was able to log onto the site as an administrator. From there, he was able to
upload files and to get the log-in information.

"It let me see all the files on the servers, passwords, user names. They did not make any
2010-203 WHID 2010-203: Confessed student hacker speaks effort to hide it," he said of the school board's IT department. http://www.woodstocksentinelreview.com/ArticleDisplay.aspx?e=2815263 25-Oct-10 SQL Injection Improper Input Handling Leakage of Information Education London, Ontario, CA No
Some sites under NASA‰Ûªs Jet Propulsion lab ( http://jpl.nasa.gov/ ) have been hacked
and are being used on the infamous blackhat SEO Spam network. Not only that, but they
2010-202 WHID 2010-202: NASA Website hacked and serving malware/spam are also serving malware to unsuspicious users. http://blog.sucuri.net/2010/10/nasa-web-site-hacked-and-serving-malwarespam.html 21-Oct-10 Unknown Misconfiguration Planting of Malware Government Phoenix, AZ No
Operation: Payback apparently went on a preemptive strike, taking Satel Film by surprise
and launching a 'drive by' DDoS (Distributed Denial of Service) attack. As of this writing,
2010-201 WHID 2010-201: Operation: Payback Hits SatelFilm.at with 'Drive By' DoS SatelFilm.at is offline. http://www.slyck.com/story2097_Operation_Payback_Hits_SatelFilmat_with_Drive_By_DoS 21-Oct-10 Denial of Service Insufficient Anti-automation
Downtime Media Wien, Austria Yes Operation Payback 1
According to sources in the hacking circuit familiar with the goings-on of Wikileaks, the
organization is adopting a new server cluster to replace those that have come under the
denial-of-service attack. The security breaches were not connected to the site
restructuring that has brought it down for about two weeks, said a Wikileaks volunteer.
Because the organization's staff members operate on the policy of "security through
2010-200 WHID 2010-200: Wikileaks Communications Infrastructure Attacked? obscurity," insiders were not clear about the magnitude of or the parties behind the attack. http://cybersecurityreport.nextgov.com/2010/10/wikileaks_communications_infrastructure_attacked.php?oref=latest_posts 21-Oct-10 Denial of Service Insufficient Anti-automation
Downtime News San Mateo, CA No
The internet website of the Keren Kehilot organization was hacked Sunday morning by a
2010-20 WHID 2010-20: Jewish Community Assistance Group Website Hacked gang of Muslim hackers, apparently from Turkey. http://www.israelnationalnews.com/News/Flash.aspx/182976 21-Mar-10 Unknown Improper Output HandlingDefacement Religious Israel No
Hundreds of cars would not start and/or had their horn honking when a former employee
at Texas Auto Center used previous passwords to log into a system called Webtech Plus
whic is used as an alternative to repossessing vehicles that haven‰Ûªt been paid for.
Operated by Cleveland-based Pay Technologies, the system lets car dealers install a
small black box under vehicle dashboards that responds to commands issued through a
central website, and relayed over a wireless pager network. The dealer can disable a
car‰Ûªs ignition system, or trigger the horn to begin honking, as a reminder that a
payment is due. The hacker destroyed account records and then started to disable
cars/force the horn to honk continuously.

2010-2 WHID 2010-2: Hacker Disables More Than 100 Cars Remotely Read More http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/#ixzz0iYvPwUVj http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/ 17-Mar-10 Administration Error Insufficient Authorization Data Loss Automotive Austin TX, USA No Texas, USA
A mysterious cyber attack apparently struck the computer servers at the pro-tea party
group FreedomWorks this morning, just as it launched a major fund-raising drive.

FreedomWorks officials are investigating, but they suspect they were attacked
deliberately, perhaps by a political opponent seeking the thwart its fund-raising efforts.

The attack crippled the site at about 9:45 a.m. just when the fund-raising drive was
publicized on the radio by conservative talk show host Glenn Beck. The group estimates it
lost about $80,000 in potential donations as it struggled to bring its site back online.

An ‰ÛÏautopsy‰Û showed a highly sophisticated hacker struck at 6:55 a.m., the group
said, setting the stage for the eventual meltdown. The server was wiped out, though group
2010-199 WHID 2010-199: Cyber Attack Strikes FreedomWorks officials said no data was lost or stolen. http://blogs.wsj.com/washwire/2010/10/21/cyber-attack-strikes-freedomworks/ 21-Oct-10 Denial of Service Insufficient Anti-automation
Downtime Politics Washington, DC No
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
According to ITPro, the incident was first denied, then confirmed by Kaspersky. They say
that they took the server offline as soon as they found out about the breach, that the
compromise was caused by a vulnerability in a third party application for website
administration and that customer details contained on company servers were not
2010-198 WHID 2010-198: Kaspersky download site hacked, redirecting users to fake AV compromised. http://www.net-security.org/malware_news.php?id=1499 17-Oct-10 Known Vulnerability Misconfiguration Planting of Malware Technology Moscow, Russia No
In order for personal data to have been exposed, someone would have had to manipulate
the website address -- or know the individual's unique log-in name and use a certain
technique to bypass password requirements, the letter said. The records may have shown
2010-197 WHID 2010-197: AmeriCorps Security Breach names, addresses and social security numbers. http://wiredworkplace.nextgov.com/2010/10/americorps_workers_personal_data_jeopardized-print.php 8-Oct-10 Predictable Resource Location
Insufficient AuthenticationLeakage of Information Government Washington, DC No
Even when the hoax was exposed, the hacker continued to boldly state in a post that he
hacked Cheung's blog to test his skills.

He claimed that "it took only a short while to retrieve a user's login information" before
2010-196 WHID 2010-196: HK star Dicky Cheung's blog hacked apologising for the matter and vanishing. http://www.channelnewsasia.com/stories/entertainment/view/1087981/1/.html 19-Oct-10 Abuse of Functionality Insufficient Password Recovery
Disinformation Entertainment Hong Kong No
Gene Simmons, frontman of the band KISS, is hardly impressed with the DDoS
(Distributed Denial of Service) attack on GeneSimmons.com - and indirectly -
SimmonsRecords.com. In fact, according to a news post made to his site yesterday, Gene
is threatening legal action against the perpetrators, along with posting their names and
2010-195 WHID 2010-195: Anonymous DDoS on Gene Simmons' websites pictures online. http://www.slyck.com/story2088_Gene_Simmons_Directly_Threatens_Anonymous_With_Legal_Action_Jail_Time 12-Oct-10 Denial of Service Insufficient Anti-automation
Downtime Media Beverly Hills, CA Yes Operation Payback
The website for the Liberal Democrats was hacked at the end of last week, with the front
2010-194 WHID 2010-194: Liberal Democrats website hijacked by tuition fees message page redirecting to a YouTube protest about tuition fees. http://www.scmagazineuk.com/liberal-democrats-website-hijacked-by-tuition-fees-message/article/181149/ 18-Oct-10 Unknown Unknown Defacement Politics UK No
So now the target of Anonymous is the IPO.gov.uk website - or the Intellectual Property
Office. This is the first time Anonymous has targeted a government website, indicating a
level of fearlessness considering the possible ramifications. As its name suggests, the IPO
2010-193 WHID 2010-193: IPO.gov.uk - Less than an Hour Until Attack Begins governs and helps protect copyrights and intellectual property in the United Kingdom. http://www.slyck.com/story2087_IPOgovuk_Less_than_an_Hour_Until_Attack_Begins 16-Oct-10 Denial of Service Insufficient Anti-automation
Downtime Government UK Yes Operation Payback
However, Sean-Paul Correll of Panda Security, doesn't agree with the "DNS cache
poisoning" theory. According to him, the attack vector was SQL injection.

"The original researcher assumed that the host of the hijacked site was not affiliated with
the MPAA website,åÊ but we can see that the reported IP is hosting other MPAA related
websites [cptwg.org, filmratings.com]," the researcher writes.

Correll even points out exactly where the exploited SQL injection weakness was located
2010-192 WHID 2010-192: SQL Injection Used to Deface Copyprotected, Others Might Follow and calls the flaw "rudimentary." http://news.softpedia.com/news/SQL-Injection-Used-to-Deface-Copyprotected-Others-Might-Follow-161316.shtml 16-Oct-10 SQL Injection Improper Input Handling Defacement Entertainment USA Yes Operation Payback
A cross-site scripting (XSS) vulnerability has been identified on an American Express
website secured with EV SSL and can be exploited to enhance phishing attacks.

XSS weaknesses are the result of poor input validation into Web forms and allow attackers
to return potentially malicious code to visitors' browsers.

Ensuring proper validation of all inputs in Web applications, in order to prevent cross-site
scripting and SQL injection vulnerabilities, is actually a requirement of the Payment Card
2010-191 WHID 2010-191: XSS Flaw Found on Secure American Express Site Industry Data Security Standard (PCI-DSS). http://news.softpedia.com/news/XSS-Flaw-Found-on-Secure-American-Express-Site-159439.shtml 5-Oct-10 Cross-site Scripting (XSS)
Improper Output HandlingPhishing Credit Card Issuer USA No
New cross-site scripting (XSS) vulnerabilities, that can be leveraged to create very
credible phishing attacks, have been identified on PayPal and eBay.

The PayPal XSS weakness was discovered by a Romanian security enthusiast using the
2010-190 WHID 2010-190: PayPal and eBay XSSed Again online handle of d3v1l, who disclosed it on his blog. http://news.softpedia.com/news/eBay-and-PayPal-XSSed-Again-159733.shtml 6-Oct-10 Cross-site Scripting (XSS)
Improper Output HandlingPhishing Retail USA No http://blogs.forbes.com/firewall/2010/10/06/hackable-bug-found-on-paypal-c
According to police, Chinese hackers have been targeting Web sites of Korean
department stores and other frequently visited sites. The hackers offer the Korean
information for sale on the Internet. Last September, a used-car trading Web site and the
Internet home page for a car navigation manufacturer were victims of Chinese hackers
who stole names and residential registration numbers of 910,000 online members.
Hackers can use the stolen registration numbers to become members of certain Web sites
2010-19 WHID 2010-19: Hacked personal data originating from China that send spam messages, or sell the numbers to other hackers. http://joongangdaily.joins.com/article/view.asp?aid=2918142 22-Mar-10 Unknown Unknown Leakage of Information Retail Korea No
Spain's copyright society (SGAE) came under attack by hacktivists from Anonymous on
Thursday as part of the latest phase of a high-profile campaign against organisations that
hassle file-sharers.

A distributed denial of service attack, officially launched at midnight (Central European

Time) on 7 October , crashed the organisation's website on Wednesday even before it
even officially began. The assault is a repeat of tactics previously used against the
websites of Recording Industry Association of America (RIAA), the Motion Picture
2010-189 WHID 2010-189: Copyright holder floored by DDoS flood Association of America (MPAA) and UK law firm ACS:Law, among others. http://www.theregister.co.uk/2010/10/07/anonymous_ent_biz_ddos_hits_spain/ 7-Oct-10 Denial of Service Insufficient Anti-automation
Downtime Entertainment Spain Yes Operation Payback
The voting application was written on the Ruby on Rails framework and ran on top of the
Apache web server and the MySQL database. The scientists were able to hijack the
system after they discovered that they could upload ballots with almost any string they
wanted. By inserting Unix commands into the file names, they were able to take ‰
ÛÏalmost total control of the server software, including the ability to change votes and
reveal voters' secret ballots,‰Û Halderman said.

A file named ‰ÛÏballot.$(sleep 10)pdf,‰Û for instance, caused the server to pause for
10 seconds. They used similar techniques to install a backdoor on the system that allowed
2010-188 WHID 2010-188: Hackers hijack internet voting system in Washington DC them almost unfettered system access. http://www.theregister.co.uk/2010/10/06/net_voting_hacked/ 6-Oct-10 OS Commanding Improper Input Handling Defacement Government USA No USA
The distributed denial of service (DDoS) attacks against anti-piracy websites have gone on
for a week now, with the lawyers behind the "US Copyright Group" being the latest target.
And the anonymous Internet users behind "Operation Payback" aren't done acting out; in
an interview yesterday with the security experts at Panda Labs, one of the organizers said
that Anonymous' attacks will continue "until we stop being angry." Judging from the list of
things that make him (?) angry, this could take a while.

The law firm of Dunlap, Grubb and Weaver was one of the newest targets of the attacks,
organized a week ago to take down antipiracy organization around the world. Already hit:
the RIAA (US), BPI (UK), MPAA (US), AFACT (Australia), BREIN (Netherlands), Aiplex
(India), and Websheriff (UK). One of the smaller sites actually yielded the biggest bounty;
the UK "P2P settlement letter factory" ACS Law gave up several hundred megabytes of
2010-187 WHID 2010-187: "Operation Payback" attacks to go on until "we stop being angry" private e-mails after being taken offline by the attack. http://arstechnica.com/tech-policy/news/2010/09/operation-payback-attacks-continue-until-we-stop-being-angry.ars 30-Sep-10 Denial of Service Insufficient Anti-automation
Downtime Entertainment Yes Operation Payback
Becoming "mayor" of a location is the most coveted status in Foursquare. To win this
honor you have to check in to a location more than anyone else, and to do that you
actually have to go there, since Foursquare won't let you check in remotely. But last night
Techcrunch editor Michael Arrington punked Foursquare's API and made himself mayor of
Facebook and Twitter headquarters, all without ever leaving his office.

"A mischievous hacker friend of mine stepped in with a small script that he wrote that will
check me in to any venue at all via the Foursquare API," Arrington wrote in a post on
TechCrunch. "That means I don't have to spend time finding friends already where I want
to be, and since we're using the API we can easily fake out the "you're not actually there"
2010-186 WHID 2010-186: Foursquare Hacked by TechCrunch Editor Michael Arrington problem." http://www.observer.com/print/133727 1-Oct-10 Content Spoofing Abuse of Functionality Disinformation Web 2.0 USA No
Computer hackers managed to steal $600,000 from a New Jersey shore town's bank
account.

Officials say $200,000 still hasn't been recovered.

TD Bank notified Brigantine on Tuesday that multiple wire transfers had taken place from
its account.

Police say someone was able to get a user name and password. Authorities say a virus or
a fake Web page set up to mimic the bank's real one might have been used to carry out
2010-185 WHID 2010-185: Online hackers steal $600K from city of Brigantine's bank account the thefts. http://www.nj.com/news/index.ssf/2010/10/online_hackers_steal_600k_from.html 1-Oct-10 Banking Trojan Insufficient AuthenticationMonetary Loss Finance New Jersey, USA No
Attackers have begun exploiting a recently disclosed vulnerability in Microsoft web-
development applications that opens password files and other sensitive data to
interception and tampering. The vulnerability in the way ASP.Net apps encrypt data was
disclosed last week at the Ekoparty Conference in Argentina. Microsoft on Friday issued a
temporary fix for the so-called ‰ÛÏcryptographic padding attack,‰Û which allows
attackers to decrypt protected files by sending vulnerable systems large numbers of
corrupted requests. Now, Microsoft security pros say they are seeing ‰ÛÏlimited
attacks‰Û in the wild and warned that they can be used to read and tamper with a
2010-184 WHID 2010-184: Microsoft warns of in-the-wild attacks on web app flaw system's most sensitive configuration files. http://www.theregister.co.uk/2010/09/21/asp_dot_net_padding_oracle_fix/ 21-Sep-10 Brute Force Information Leakage Leakage of Information Multiple No
Facebook gave little detail about the cause of the outage except to say that it was the
result of a misconfiguration in one of its databases, which prompted a flood of traffic from
an automated system trying to fix the error.

"We made a change to a persistent copy of a configuration value that was interpreted as
invalid," explained Robert Johnson in Facebook's blog post about the incident. "This
meant that every single client saw the invalid value and attempted to fix it. Because the fix
involves making a query to a cluster of databases, that cluster was quickly overwhelmed
by hundreds of thousands of queries per second."

The feedback loop created so much traffic that Facebook was forced to turn off the
database cluster, which meant turning off the Web site.

"Once the databases had recovered and the root cause had been fixed, we slowly allowed
more people back onto the site," Johnson said. He added that "for now we've turned off
2010-183 WHID 2010-183: Don't blame DNS for Facebook outage, experts say the system that attempts to correct configuration values." http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2010/09/27/urnidgns002570F3005978D8002577A9007EE871.DTL 27-Sep-10 Misconfiguration Application Misconfiguration
Downtime Web 2.0 USA No Facebook
First Twitter was hacked. Then Facebook went down. Now it‰Ûªs Orkut‰Ûªs turn.
Google‰Ûªs social networking site has been attacked by the virulent ‰ÛÏBom Sabado‰
Û worm. Bom Sabado means ‰ÛÏGood Saturday‰Û in Portuguese, the native
language of Brazil where the worm is thought to have originated. Orkut is the most popular
social site in Brazil, India and several other countries.

The worm replicates itself across accounts and randomly sends ‰ÛÏBom Sabado‰Û
messages to friend‰Ûªs scrapbooks ‰ÛÓ Orkut‰Ûªs version of Facebook‰Ûªs wall.
Google support recently announced that the worm had been contained and they are in the
process of cleaning infected accounts. However, the company recommends vigilance
when accessing accounts ‰ÛÓ users should be especially wary about clicking suspicious
2010-182 WHID 2010-182: Orkut Hit by XSS Worm links. http://blogs.sitepoint.com/2010/09/26/orkut-bom-sabado-xss-worm/ 26-Sep-10 Cross-site Request Forgery
Insufficient
(CSRF)Process Validation
Worm Web 2.0 USA No Orkut
Websites belonging to The Irrawaddy magazine, Mizzima and DVB ‰ÛÒ all exiled media
groups founded by former activists ‰ÛÒ were today attacked using DDoS, or distributed
2010-181 WHID 2010-181: Mass cyber attack paralyses Burmese media denial-of-service, which fires thousands of malformed web connections against the site. http://www.dvb.no/elections/mass-cyber-attack-paralyses-burmese-media/11932 27-Sep-10 Denial of Service Insufficient Anti-automation
Downtime Media Burma No
The Distributed Denial of Service (DDoS) attack launched by Anonymous against the
Australian Federation Against Copyright Theft (AFACT) yesterday, has ended up affecting
almost 8,000 unrelated websites.

Operation Payback, the DDoS campaign led by Anonymous against anti-piracy groups
and entertainment industry associations is now over a week old.

Since September 18th, when the coordinated attacks started, the group has hit websites
belonging to the Motion Picture Association of America (MPAA), the Recording Industry
Association of America (RIAA), the International Federation of the Phonographic Industry
(IFPI), the British Phonographic Industry (BPI) and the Dutch Bescherming Rechten
Entertainment Industrie Nederland (BREIN).

Two UK-based law firms and an Indian company called Aiplex Software involved in anti-
2010-180 WHID 2010-180: Thousands of Websites Affected by Anonymous DDoS Attack Against AFACT piracy efforts have also been attacked http://news.softpedia.com/news/Thousands-of-Websites-Affected-by-Anonymous-DDoS-Attack-Against-AFACT-158431.shtml 28-Sep-10 Denial of Service Insufficient Anti-automation
Downtime Multiple Yes Operation Payback
The internet services of two Australian autism support organisations have been crashed
by computer hackers and a third may also have fallen victim, raising fears of a targeted
attack to coincide with autism month.

Austism Spectrum Australia (ASPECT), the country's autism service provider, is losing
hundreds of dollars in online donations each day after its website was hit by hackers early
2010-18 WHID 2010-18: Hackers crash Aussie charity websites on Sunday. http://www.stuff.co.nz/technology/3486923/Hackers-crash-Aussie-charity-websites 22-Mar-10 Denial of Service Insufficient Anti-automation
Downtime Health Australia No USA
Another malicious worm hit Twitter over the weekend, days after the micro-blogging site
reached near-meltdown from a technically similar attack.

This time around the danger came from clicking links contained in micro-blogging
messages beginning "WTF [URL]". Last week's more serious onMouseOver problem
struck when users moved their mouse cursor over an infected tweet. These messages
contained hidden JavaScript code that exploited a cross-site scripting problem - in the
case of the WTF worm a CSRF (cross-site request forgery) technique is in play.

The miscreants behind the latest assault set up an attack page that exploited a CSRF
vulnerability in Twitter so that victims who clicked on a link posted a crude message about
2010-179 WHID 2010-179: WTF worm makes Twitterers declare goat lust their supposed fondness for sex with goats, as explained in a blog post by Sophos here. http://www.eweek.com/c/a/Security/Facebook-Bully-Video-Actually-a-XSS-Exploit-121829/ 27-Sep-10 Cross-site Request Forgery
Insufficient
(CSRF)Process Validation
Worm Web 2.0 USA No Twitter
A gang of hackers targeting infecting predominantly ASP and ASP.NET websites with
malicious code, has launched a new attack that so far affected at least 1,500 domains. "A
large number of sites have been hacked again in the last few days with a malware script
pointing to google-stat50.info (and google-stats50.info)," David Dede of Web integrity
monitoring vendor Sucuri Security, warns. "Not only small sites, but some big ones got hit
as well. It is the same SQL injection attack as used in the robint-us mass infection of a few
months ago," he adds. The robint.us mass injection took place at the beginning of June
and got a good coverage in the media because it affected the websites of the Wall Street
2010-178 WHID 2010-178: New Mass Injection Attack Targets ASP Websites Journal and Jerusalem Post. http://news.softpedia.com/news/New-Mass-Injection-Attack-Targets-ASP-Websites-158499.shtml 29-Sep-10 SQL Injection Improper Input Handling Planting of Malware Multiple Yes Mass SQL Injection Bots
Japan views Chinese hackers as main suspects for Distributed Denial of Service (DDoS)
attacks that affected several of its official websites last week.

According to the Taipei Times, the Japanese government is investigating attacks directed
at the Ministry of Defense and National Police Agency websites, between Wednesday and
Friday.

The largest known Chinese hacking group is suspected for launching the DDoS, because
it made threats in this respect, following a recent maritime incident that led to a diplomatic
2010-177 WHID 2010-177: Japan Suspects Chinese Hackers Attacked Its Official Websites conflict between the two countries. http://news.softpedia.com/news/Japan-Suspects-Chinese-Hackers-Attacked-Its-Official-Websites-157142.shtml 20-Sep-10 Denial of Service Insufficient Anti-automation
Downtime Government Japan No China
Reference WHID 2010-164: Company Paid to Launch DoS Attacks Against Torrent Sites

Computer security researchers have said that an unprecedented mass cyber protest was
triggered by efforts by film and music trade groups to close online piracy haunts.

Members of 4chan online forum that promotes users remaining anonymous organized
distributed denial-of-service (DDoS) attacks on websites for the Recording Industry
Association of America (RIAA) and the Motion Picture Association of America (MPAA),
according to the security firm PandaLabs.

DDoS attacks are efforts to overload websites with so many simultaneous requests that
computer servers can't handle the load and freeze or crash.

Attacks on RIAA caused a dozens of interruptions in service, taking down the group's
2010-176 WHID 2010-176: Cyber rally disrupts US recording industry website website for a total of one hour and 37 minutes, according to PandaLabs. http://www.google.com/hostednews/afp/article/ALeqM5h7fm6cBhM33alDYD_1n4tTVHwXMw 20-Sep-10 Denial of Service Insufficient Anti-automation
Downtime Entertainment USA Yes Operation Payback
There is currently a persistent cross-site scripting vulnerability on the main Twitter site and
researchers say that the bug is being exploited via proof-of-concept code.

The bug appeared Tuesday morning and experts quickly noticed users taking advantage
of the flaw. Details of the bug are slim right now, though experts say that mousing over a
2010-175 WHID 2010-175: Persistent XSS Bug on Twitter Being Exploited specific link will produce a pop-up window that displays the logged-in user's Twitter cookie. http://threatpost.com/en_us/blogs/persistent-xss-bug-twitter-being-exploited-092110 21-Sep-10 Cross-site Scripting (XSS)
Improper Output HandlingWorm Web 2.0 USA No Twitter
Rep. John Culberson (R-Texas) returned to Twitter after nearly a five-month break
Tuesday night only to have his account hacked.

"If you got a weird tweet from me ignore it & do not click on the hyperlinks -they are prob
viruses- my account was hacked by robospammers," he tweeted Wednesday morning. He
2010-174 WHID 2010-174: GOP lawmaker: My Twitter account was 'hacked by robospammers' noted later that he had "fixed the account." http://thehill.com/blogs/twitter-room/other-news/118909-gop-lawmaker-my-twitter-account-was-hacked-by-robospammers 15-Sep-10 Brute Force Insufficient AuthenticationLink Spam Web 2.0 USA No Twitter
There is one movie every Polish person knows. It's a cult comedy from the 80s called
"Mi Ý" - meaning "Teddy Bear". Now, thanks to a hacker going by a name "Porkythepig",
everyone can see it - but not on YouTube where you would expect it, but on the USA
military Defence Logistics Agency website.

If you go the site and just type "porkythepig", a fragment of a movie begins to play. It's in
Polish, of course - for those not fluent in Polish the man with a guitar sings: "I'm a Happy
Romek..." * It's funny but the story is much more serious.

On Seclists.org you can find a post by porkythepig about the potential vulnerability that
exists on many sites, including military and government.

But apparently since March, when the details of the insecurity were published on seclists.
org, nobody did anything to patch the vulnerability so porkythepig decided to prove his
observations the hard way. Polish language source is here - but the vulnerability still works
2010-173 WHID 2010-173: Polish hacker gets inside US Military's Defence Logistic Agency website at time of publishing so try it yourself. http://www.techeye.net/security/polish-hacker-gets-inside-us-militarys-defence-logistic-agency-website 16-Sep-10 SQL Injection Improper Input Handling Defacement Government USA No Poland http://seclists.org/fulldisclosure/2010/Mar/521
The Companies and Intellectual Property Registration Office (Cipro) said on Thursday it
beefed up internal security to make sure directors cannot be removed from companies
without the proper processes being followed.

It emerged last week that several directors of Kalahari Resources had been removed with
their names substituted.

Cipro has been under fire for several months following claims criminals were able to hack
2010-172 WHID 2010-172: Cipro steps up security after hacking into its database. http://www.eyewitnessnews.co.za/articleprog.aspx?id=48673 17-Sep-10 SQL Injection Improper Input Handling Disinformation Government South Africa No
The Popbitch celebrity gossip website was blacklisted by Google after hackers managed
to compromise its ad server and push malware to users. A Popbitch spokesperson has
since confirmed that the website served malicious ads for a limited period of time after its
ad server was compromised by hackers.

"We've got to the bottom of this problem and are just waiting for the all clear from Google,"
they told The Register.

"There is a vulnerability in Open Ads X, the ad server we were using. We've cut off open
2010-171 WHID 2010-171: Hackers Push Malicious Ads onto UK Celebrity Gossip Website ads from Popbitch and are upgrading to OpenAds 2.8.7," they added. http://news.softpedia.com/news/Hackers-Push-Malicious-Ads-onto-UK-Celebrity-Gossip-Website-156768.shtml 17-Sep-10 Known Vulnerability Improper Input Handling Planting of Malware Entertainment UK No OpenX
A vulnerability in a component of the OpenX advertising platform has been exploited by
hackers to tamper with ad serving on multiple websites including The Pirate Bay,
eSarcasm and AfterDawn.

The affected component, called Open Flash Chart 2, is developed by a third party, but has
been included by default in OpenX since last December.

The module allows visitor statistics to be displayed as graphic charts and the vulnerability
is located in the ofc_upload_image.php script, which fails to properly validate uploaded
files or the users uploading them.

According to Heise Media, the flaw was originally discovered a year ago by another open
source project, which uses the same component, but it escaped the OpenX developers
when deciding to integrate it.

As a result, hackers can leverage the bug to upload executable scripts and gain complete
2010-170 WHID 2010-170: OpenX Vulnerability Exploited to Compromise Multiple Ad Servers control of the servers. http://news.softpedia.com/news/Unpatched-OpenX-Vulnerability-Exploited-to-Compromise-Multiple-Ad-Servers-156402.shtml 15-Sep-10 Known Vulnerability Improper Input Handling Planting of Malware Entertainment No OpenX
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
Bangladesh government websites, operating out of the Prime Minister's Office, were
attacked on Saturday by hackers purporting to be "Indian" .

bdnews24.com, at around 2.30am, found that 19 out of 64 district web portals had been
hacked by "MIL INDIAN HACKER", threatening "cyber war" in retaliation to any terrorist
attack by Pakistan on Indian soil "via Bangladesh".

Most of the sites were fixed around 16 hours later, said officials, who in some cases had
first been notified of the cyber attack by bdnews24.com's online report.

The hacked portals displayed a poster on opening, which said: 28 DIFFERENT STATES,
2010-17 WHID 2010-17: Govt websites hacked 28 DIFFERENT LANGUAGES BUT ONE WORD JAI HIND!' http://bdnews24.com/details.php?id=156315&cid=2 20-Mar-10 Unknown Improper Output HandlingDefacement Government Bangladesh, India No India
Graham Cluley, Senior Technology Consultant at Sophos, blogged, "A closer examination
of TechCrunch Europe's site reveals that the offending code - which uses a malicious
iFrame - is found in a JavaScript file, used by the site as part of its WordPress
infrastructure. This attempts to serve up a malicious PDF file, exploiting a vulnerability that
brings to your computer a nasty infection from the ZBot (also known as Zeus) malware
2010-169 WHID 2010-169: TechCrunch Europe hacked to spread malware like a poison ivy infection family." http://blogs.computerworld.com/16888/techcrunch_europe_hacked_to_spread_malware_like_a_poison_ivy_infection 7-Sep-10 Misconfiguration Application Misconfiguration
Planting of Malware Media Europe No WordPress
Security giant Symantec said it has secured its ‰ÛÏHack is Wack‰Û contest website
after researchers discovered it was riddled with vulnerabilities.

Last week, Symantec, with the help of famed rapper Snoop Dogg, began promoting its
new ‰ÛÏHack is Wack‰Û marketing campaign for its Norton anti-virus products. As
part of the effort, budding rappers are invited to post a video about cybercrime for a
2010-168 WHID 2010-168: Symantec secures its vulnerable "Hack is Wack" site chance to win Snoop concert tickets and to hang out with his management team. http://www.scmagazineus.com/symantec-secures-its-vulnerable-hack-is-wack-site/article/178388/ 7-Sep-10 Cross-site Scripting (XSS)
Improper Output HandlingDefacement Technology No
acebook has closed a hole that was being used by spammers to automatically post wall
messages and direct messages to friends, the company said on Tuesday.

Just clicking on the link to one of the applications that were taking advantage of the bug
would allow the auto-posting to happen, Facebook said. The apps, which appeared to be
sending people to a survey Web site, were disabled on Monday, the company said.

"Earlier this week, we discovered a bug that made it possible for an application to bypass
our normal CSRF (cross-site request forgery) protections through a complicated series of
steps. We quickly worked to resolve the issue and fixed it within hours of discovering it,"
Facebook said in a statement. "For a short period of time before it was fixed, several
applications that violated our policies were able to post content to people's profiles if those
2010-167 WHID 2010-167: Facebook closes hole that let spammers auto-post to walls, friends people first clicked on a link to the application." http://news.cnet.com/8301-27080_3-20015728-245.html 7-Sep-10 Cross-site Request Forgery
Improper
(CSRF)
Output HandlingDisinformation Web 2.0 USA No Facebook
Twitter users faced a virulent new JavaScript-based account hijacking attack on Monday.
Simply clicking on one of the malicious links involved, disguised as innocuous-looking links
2010-166 WHID 2010-166: Twitter Patches Account Hijacking Vulnerability in Tweets, enabled attackers to hijack a user's account and post numerous Tweets. http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=227300371&cid=RSSfeed_IWK_News 8-Sep-10 Cross-site Scripting (XSS)
Improper Output HandlingSession Hijacking Web 2.0 USA No Brazil Twitter
The FreeMalaysiaToday website has come under attack, rendering the news portal
inaccessible to readers since 3am this morning.

According to FMT's chief technical officer Thirun Nadason, the Distributed Denial of
2010-165 WHID 2010-165: FMT under DDOS attack Service (DDOS) attack is believed to be the work of professionals. http://www.freemalaysiatoday.com/fmt-english/news/general/10094-fmt-under-ddos-attack 9-Sep-10 Denial of Service Insufficient Anti-automation
Downtime News Malaysia No
An Indian company paid by the film industry to get copyrighted works removed from the
Internet openly admits to launching Denial of Service (DoS) attacks against torrent sites
2010-164 WHID 2010-164: Company Paid to Launch DoS Attacks Against Torrent Sites that refuse to comply with takedown notices. http://news.softpedia.com/news/Company-Paid-to-Launch-DoS-Attacks-Against-Torrent-Sites-155892.shtml 10-Sep-10 Denial of Service Insufficient Anti-automation
Downtime Entertainment No India
According to a press release today from Ironman.com, the site was a victim of a
2010-163 WHID 2010-163: Ironman websites targeted by cyberattack Distributed Denial-of-Service (DDoS) attack. http://www.examiner.com/triathlon-in-national/ironman-websites-targeted-by-cyberattack?render=print#print 31-Aug-10 Denial of Service Insufficient Anti-automation
Downtime Sports No
The poll to influence where a new Dick's Drive-In location will be built has been so
popular, a hacker found a way to electronically stuff the ballot box.

Monday, the company's website, www.ddir.com, listed three geographic areas where the
restaurant could be built.

2010-162 WHID 2010-162: Dick's says poll was hacked A hacker wrote a script that repeatedly cast votes for one of the locations. http://www.seattlepi.com/local/426071_dicks02.html 1-Sep-10 Process Automation Insufficient Anti-automation
Disinformation Hospitality Washington, USA No
There has been a lot of online banking website or internet-based banking experiencing a
downtime for various reason these past few weeks. Last week we reported that the Bank
of America website crashes down for at least 4 hours and now the IBC bank. Both the IBC
Bank website (IBC.com) and the IBC Bank Online login site (ibcbankonline.ibc.com) are
2010-161 WHID 2010-161: IBC Bank Online Banking Website is Down or Under DDoS Attack? down currently. http://www.adi-news.com/ibc-bank-online-banking-website-is-down-or-under-ddos-attack/24357/ 2-Sep-10 Denial of Service Insufficient Anti-automation
Downtime Finance Texas, USA No
Email server of one of Federal Protection Service (FPS) departments was attacked. As a
result, for several hours every Internet user was allowed to access FPS e-mail archive.

Successful attack was conducted because of available outbound access and also
because of administrators failure ‰ÛÒ they did not modify default settings, including
2010-160 WHID 2010-160: Hackers crack e-mail server of Russian Federal Protection Service (gov.ru) passwords for accounts used to access the system with administrative privileges. http://www.securitylab.ru/news/397019.php 23-Aug-10 Insufficient Authentication
Application Misconfiguration
Leakage of Information Government Russia No Dozor http://habrahabr.ru/blogs/infosecurity/102391/
Hackers don't discriminate. The biggest targets these days seem to be celebrities. The
latest is rapper The Game, whose GMAIL account was reportedly hacked into recently.
According to TheBoomBox.com, the rapper didn't have too many interesting things going
on in his email. At least, nothing revealed just yet.

The only thing of interest leaked was a detailed list of his monthly expenses, which total
2010-16 WHID 2010-16: The Game's Email Hacked, Monthly Expenses List Leaked roughly $52,000. http://www.ballerstatus.com/2010/03/22/the-games-email-hacked-monthly-expense-list-leaked/ 22-Mar-10 Brute Force Insufficient AuthenticationLeakage of Information Entertainment USA No GMail
As reported by The Register IT news portal, a number of smaller websites have been
hacked using an SQL injection attack method that attempts to obfuscate links to malware
infected pages. The hack apparently also affected two Apple websites that are used to
promote its iTunes podcasts.

Other than the Apple sites, the news service says that at least 538 000 ‰ÛÏmom-and-
pop‰Û websites have been victimized by the hack, in addition to 500 000 more that
appear quite similar but lead to different domains.

The attack takes advantage of web-based application vulnerabilities, which often do not
differentiate between legitimate search queries and intentional attacks via malicious code.

The Register reported that the malware-infected links have been removed from the Apple
pages since Google last indexed its search page earlier this month.

The attack underlines the need for companies to go the extra mile and secure external
web-facing applications said Rob Horton, the operational director of security testing
2010-159 WHID 2010-159: 500 000 websites hacked, including Apple consultant NCC Group. http://www.infosecurity-us.com/view/11870/500-000-websites-hacked-including-apple/ 17-Aug-10 SQL Injection Improper Input Handling Worm Multiple No http://www.theregister.co.uk/2010/08/17/apple_sql_attack/
On the 18th of July the hack-world.org group using an SQL Injection attack obtained
access to the administration section of the National Space Agency of the Republic of
Kazakhstan. Obtaining access to the administration system of the site was facilitated by
the fact that administrators used weak passwords that allowed local recovery using MD5
2010-158 WHID 2010-158: National Space Agency of the Republic of Kazakhstan was hacked hash. Currently, the site is under reconstruction. http://habrahabr.ru/blogs/infosecurity/99736/ 18-Jul-10 SQL Injection Improper Input Handling Leakage of Information Government Kazahtan No Russia http://hack-world.org/showthread.php?t=5133
2010-157 WHID 2010-157: Facebook Full Disclosure apps.facebook.com website hacked via SQL Injection. http://sla.ckers.org/forum/read.php?16,35138,35138#msg-35138 20-Jul-10 SQL Injection Information Leakage Disclosure Only Internet No http://devteev.blogspot.com/2010/07/facebook-full-disclosure.html
Unknown attackers hack the official site of "Russian Railways" company. As a result, web
pages were replaced by hackers‰Ûª messages. The site was temporary blocked; now it
is resumed but some pages are still unavailable, "Buying Train Tickets" web page is
2010-156 WHID 2010-156: The Russian Railways tickets site was hacked among them (ticket.rzd.ru). No details about personal data leakage is now available. http://www.uinc.ru/news/sn14165.html 21-Jul-10 Unknown Misconfiguration Defacement Transport Russia No
Official websites of South Korean government agencies, including the presidential office
and the foreign ministry, came under hacker attacks Wednesday, a national telecom
regulator said.

According to the state-run Korean Communications Commission ( KCC), the websites of

government agencies, such as the presidential office Cheong Wa Dae, the Ministry of
Foreign Affairs and Trade, and private firms, including the leading Internet search engine
Naver, Nonghyup Bank and the Korean Exchange Bank, were hit by the so-called
distributed denial-of-service (DDoS) attacks from around local time 6:00 p.m. (0900 GMT)
2010-155 WHID 2010-155: S. Korean Gov't Websites Hit by Hacker Attacks Wednesday. http://english.cri.cn/6966/2010/07/07/1461s581567.htm 7-Jul-10 Denial of Service Insufficient Anti-automation
Downtime Government South Korea No
That was but a preliminary skirmish ‰ÛÒ they‰Ûªve come up with a much more
damaging plan ‰ÛÒ to send Bieber to North Korea. Foolish, foolish Bieber has started a
competition for countries to vote for him to come and tour them. Called the Justin Bieber
My World Tour Contest, it has now been thoroughly highjacked by Anonymous ‰ÛÒ at
the time of writing, North Korea is in second place by only a few thousand votes. Unless
2010-154 WHID 2010-154: Justin Bieber My World Tour Contest Hacked the current leader Israel can get its act together, it should be overtaken by lunchtime. http://blogs.independent.co.uk/2010/07/02/the-plot-to-send-justin-bieber-to-north-korea/ 2-Jul-10 Process Automation Insufficient Anti-automation
Disinformation Entertainment USA No
This article began with details of one specific app developer hacking iTunes users
accounts and purchasing their own apps using those accounts ‰ÛÒ making it to the top
of the iTunes charts. As the story has developed it appears to be far more widespread
than just that one particular developer and his apps‰Û_the Apple App store is filled with
App Farms being used to steal. We‰Ûªve put together a complete list of all the facts and
updates to this story here which we high recommend you read instead of this article. Apple
2010-153 WHID 2010-153: App Store, Hacked. has also now released a statement about the matter. http://thenextweb.com/apple/2010/07/04/app-store-hacked/ 4-Jul-10 Stolen Credentials Insufficient AuthenticationMonetary Loss Retail USA No
According to an advisory posted on the web site of Argentinian group of security
researchers, they were able to obtain access to the Pirate Bay‰Ûªs administration panel,
by discovering multiple SQL injections, leading to the exposure of emails, MD5 hashes for
2010-152 WHID 2010-152: The Pirate Bay hacked passwords, and the IP address for any particular Pirate Bay user. http://krebsonsecurity.com/2010/07/pirate-bay-hack-exposes-user-booty/ 5-Jul-10 SQL Injection Improper Input Handling Disclosure Only Internet Sweden No Argentina http://insilence.biz/2010/07/multiple-sql-injections-on-the-pirate-bay/
Today, members of the Internet communities 4chan and other enterprising computer
whizzes hacked YouTube using a vulnerability in the site‰Ûªs comment system. While
the hack was used on a variety of videos, striking music videos featuring teen pop idol
Justin Bieber was the most popular activity.

Twitter lit up with complaints about the problem, Google support got some concerned
posts on its forum, and we received tips in our inbox. The event caused quite a Sunday-
morning stir.

The bug allowed users to inject HTML (the code that most websites are built with) that
could be executed on the site, whereas HTML within comments is supposed to be
restricted. The hackers did everything from force pop-up messages to appear over the site
declaring that it had been hacked to redirecting Bieber video pages to sites hosting
2010-151 WHID 2010-151: YouTube Hacked pornography and malware. http://www.acunetix.com/blog/web-security-zone/articles/dangerous-xss-vulnerability-found-on-youtube-the-vulnerability-explained/ 4-Jul-10 Cross-site Scripting (XSS)
Improper Output HandlingDefacement Web 2.0 USA No
At least four Armenian websites were attacked by Azerbaijani hackers during a week.

On July 2, the websites of Henaran.am press club (Henaran.am) and Armenia's Sambo
Federation (sambo.am) were hacked to place Azerbaijan's flag and references to
Azerbaijani media on them. Meanwhile, the websites' operation has already been
resumed.

Besides, on June 29, hackers attacked Azdagir.am site of announcements again to place
the Azerbaijani flag on it, as well as information on the January 20, 1990, events in Baku.
On June 30, the owner of psyarmenia.com website told PanARMENIAN.Net that the site
on psychology was hacked and a poster on "Armenian terror" was placed on it. Currently,
2010-150 WHID 2010-150: At least four Armenian websites were attacked by Azerbaijani hackers the two websites do not operate. http://www.panarmenian.net/eng/it_telecom/news/50897/At_least_four_Armenian_websites_were_attacked_by_Azerbaijani_hackers 3-Jul-10 Unknown Improper Output HandlingDefacement Government Armenia No
The rivalry between Senators Manny Villar and Benigno "Noynoy" Aquino has gone
beyond the campaign trail as the official website of the Nacionalista Party presidential bet
supposedly got hacked by an Aquino supporter Monday. At about 10 a.m., Villar's official
website www.mannyvillar.co.ph contained a blog entry titled "Hacked by Kris Aquino." The
entry, which was written in "swardspeak", took jabs at Villar's marketing strategy and
2010-15 WHID 2010-15: Villar website 'hacked' ended up coaxing its readers to vote for Aquino instead. http://www.abs-cbnnews.com/lifestyle/03/22/10/villar-website-hacked 19-Mar-10 Unknown Improper Output HandlingDefacement Politics Phillipines No Phillipines
Rosalinda Gonzalez's bought the X-Box 360 console for her sons. They enjoy playing the
video games and using the live service where they can connect with players from around
the world.

In order to purchase the monthly live membership, Gonzalez entered her credit card
information to her son's online profile. It is suppose to be kept private but Gonzalez says
her son's profile was hacked by a computer whiz.

The man changed her son's password, stole game points and started making purchases
using her credit card information. She says her boys actually spoke to the hacker through
2010-149 WHID 2010-149: Identity Stolen Through X-Box Live X-Box live. The man admitted to stealing other people's personal information too. http://www.krgv.com/content/news/story/Identity-Stolen-Through-X-Box-Live/vKZIV1Rboki6lngI78Qf_w.cspx 3-Jul-10 Unknown Unknown Monetary Loss Entertainment USA No
2010-148 WHID 2010-148: AsSeenOnTV SQL injection into corporate web server exposed credit card information
AsSeenOnTV
of customers
website hacked via SQL Injection and planted malware. http://datalossdb.org/incidents/2953 29-Jun-10 SQL Injection Improper Input Handling Planting of Malware Retail USA No
Earlier this week, IT staff Skyrock / Skyblog audit its servers, an old classic that can trace
bugs and small technical malfunctions. Except this time, the "bug" seems to be much more
serious. A filenamed "hello"and some scripts are discovered on a server. Neither one, nor
two, the alert is triggered. A more complete audit is implemented. It is then discovered that
an intrusion has been orchestrated from a backdoor downloaded via a service
misconfigured (Waka) "Download". From this facility, malicious, or the pirates have
certainly got their hands on more than 32 million accounts skyblogueurs. It seems that the
intruder will be difficult to trace. He crushed the logs after its passage. A ip appears,
however, it resulted in a proxy, based in England. The drafting of ZATAZ.COM could know
2010-147 WHID 2010-147: Biggest blog company Skyblog hacked 32,000,000 accounts stolen the exact date of the intrusion. http://datalossdb.org/incidents/2948 19-May-10 Misconfiguration Application Misconfiguration
Leakage of Information Blogs France No
Police in Jinan, Shandong Province arrested several members of a ring that hacked into
2010-146 WHID 2010-146: Hacking ring busted over test scores education websites to change test scores and forge credentials for cash. http://english.people.com.cn/90001/90776/90882/7044956.html 29-Jun-10 Unknown Unknown Disinformation Education China No China
The state's online database of legislative activity has been taken offline because of an
attempt by an unknown hacker to manipulate the website's coding.

On Thursday, the Legislature's information technology officials shut down the website's bill
status function, which allows users to follow legislation such as roll calls, committee votes,
amendments and fiscal notes.

The manipulated code inserted the addresses of extraneous websites that could have
exposed users' computers to harm if they clicked on the links, said Scott Clark, director of
2010-145 WHID 2010-145: Hacker tries to manipulate Maine's legislative website information technology for the Legislature. http://www.pressherald.com/news/hacker-tries-to-manipulate-legislative-website-_2010-06-29.html 29-Jun-10 Unknown Improper Output HandlingPlanting of Malware Government Maine No
A total of $465,000 was recently stolen from California-based Village View Escrow via 26
consecutive wire transfers.

"Owner Michelle Marisco said her financial institution at the time -- Professional Business
Bank of Pasadena, Calif. -- normally notified her by e-mail each time a new wire was sent
out of the company‰Ûªs escrow account," writes Krebs on Security's Brian Krebs. "But
the attackers apparently disabled that feature before initiating the fraudulent wires."

"Marisco said that a few days before the theft, she opened an e-mail informing her that a
UPS package she had been sent was lost, and urging her to open the attached invoice,"
Krebs writes. "Nothing happened when she opened the attached file, so she forwarded it
on to her assistant who also tried to view it. The invoice was in fact a Trojan horse
program that let the thieves break in and set up shop and plant a password-stealing virus
on Marisco‰Ûªs computer, and on the PC belonging to her assistant -- the second person
2010-144 WHID 2010-144: Hackers Steal $465,000 from Escrow Firm needed to approve transfers." http://www.esecurityplanet.com/headlines/article.php/3890291/article.htm 29-Jun-10 Banking Trojan Insufficient AuthenticationMonetary Loss Finance California No
Australian broadband news website Whirlpool.net.au was the target of several Distributed
Denial of Service (DDoS) attacks this morning. The hosting provider moved quickly to
mitigate, but attackers evaded the restrictions, causing an aggregated downtime of around
ten hours.

Whirlpool.net.au is one of the most trafficked Australian websites, housing a community of

over 350,000 registered users. It was started twelve years ago as a place to discuss
Internet broadband services in the country, but has since evolved into a full-blown news
website covering the telecommunications industry.

"Bulletproof received monitoring alerts of packet loss at 12:45 am. We identified it as a

classic denial-of-service attack being targeted at Whirlpool. We immediately blocked
Whirlpool IP addresses to observe it better and then we were able to track down that it
was originating from Denmark and the United States," Lorenzo Modesto, chief operating
officer at Bulletproof Networks, the company hosting Whirlpool, commented for ZDNet
2010-143 WHID 2010-143: Whirlpool Repeatedly Hit by DDoS Attacks Australia. http://news.softpedia.com/news/Whirlpool-Repeatedly-Hit-by-DDoS-Attacks-145629.shtml 29-Jun-10 Denial of Service Insufficient Anti-automation
Downtime Media Australia No Denmark
The web sites of more than a whopping 200 Australian organisations were hijacked and
vandalised in a spate of hacks last week.

In the largest single attack, a hacker gained administrative access to the Direct Admin
server management system used by a hosting provider, who Computerworld Australia will
not name, and suspended 159 accounts rendering their web sites inaccessible to the
public.

The suspension notification page was then defaced with the hackers‰Ûª moniker and
religious propaganda.

The hack was launched through a flaw created after an automatic patch of the admin
2010-142 WHID 2010-142: Hackers vandalise 200 web sites, cripple 150 system failed to complete. http://www.computerworld.com.au/article/351360/hackers_vandalise_200_web_sites_cripple_150/ 28-Jun-10 Administration Error Application Misconfiguration
Downtime Hosting Providers Australia No
Sorry for the outage yesterday between 8:00 AM and 7:00 PM. Virginia Right! was under
attack with a Distributed Denial of Service. Part of the problem in resolving the issue is the
fact that Virginia Right! is on a shared hosting server with many hosts using the same IP
address. The first thing that has to be determined is which domain is under attack. They
do this by temporarily assigning a static IP address to each site hosted on the server (as
opposed to all of us sharing the same address). When they were done, everyone came
2010-141 WHID 2010-141: Virginia Right! Under Fire Yesterday With DDOS Attack back up except ‰ÛÒ Virginia Right!. So the attacks were specifically directed at us! http://beforeitsnews.com/news/87/162/Virginia_Right_Under_Fire_Yesterday_With_DDOS_Attack.html 27-Jun-10 Denial of Service Insufficient Anti-automation
Downtime Blogs Virginia, USA No
Police arrested 33 hackers who used a ‰ÛÏdistribution of denial of service‰Û program
to cheat online poker players out of 55 million won ($45,265) from last November through
May.

The hackers, led by 30-year-old Yu and 29-year-old Kim, were booked without detention
on charges of gaining illegal profits.

The Cyber Terror Response Center in Gyeonggi said the gang used a DDOS attack to
infect 11,000 computers at 700 PC rooms across the country.

Police said Yu bought the ‰ÛÏNetbot Attacker‰Û program from a Chinese hacker last
November, then sold copies online to Kim and others. The gang broke into the
administrative systems of the PC rooms and installed the virus in their computers to allow
2010-140 WHID 2010-140: Hackers fleece online poker players them to see the hands of poker opponents. http://joongangdaily.joins.com/article/view.asp?aid=2922391 28-Jun-10 Malware Abuse of Functionality Monetary Loss Entertainment Korea No
A very interesting cyberwarfare story involving US government/military on both sides. By
early 2008, top U.S. military officials had become convinced that extremists planning
attacks on American forces in Iraq were making use of a Web site set up by the Saudi
government and the CIA to uncover terrorist plots in the kingdom. Elite U.S. military
computer specialists, over the objections of the CIA, mounted a cyberattack that
2010-14 WHID 2010-14: Dismantling of Saudi-CIA Web site illustrates need for clearer cyberwar policies dismantled the online forum. http://www.washingtonpost.com/wp-dyn/content/article/2010/03/18/AR2010031805464.html 19-Mar-10 Denial of Service Insufficient Anti-automation
Downtime Government Saudi Arabia No USA
Dimitris Pagkalos, one of the founders of the XSSed, a project that maintains an archive of
XSS flaws and raises awareness about this type of Web vulnerability, notes that Twitter's
security team promptly addressed the bug. However, he suggests the vulnerability might
have been used in an earlier attack that made a rogue status reading "Hacked By Turkish
2010-139 WHID 2010-139: Twitter XSS Vulnerability Possibly Exploited by Turkish Hackers Hackers" appear on almost one thousand Twitter profiles. http://news.softpedia.com/news/Twitter-XSS-Vulnerability-Possibly-Exploited-by-Turkish-Hackers-145594.shtml 28-Jun-10 Cross-site Scripting (XSS)
Improper Output HandlingDefacement Web 2.0 USA No Turkey Twitter
In a written statement, Anthem Blue Cross explained how the breach occurred:

"The ability to manipulate the web address (URL) was available for a relatively short
period of time following an upgrade to the system. After the upgrade was completed, a
third party vendor validated that all security measures were in place, when in fact they
were not. As soon as the situation was discovered, we made the necessary security
2010-138 WHID 2010-138: Personal data accessed on Blue Cross website changes to prevent it from happening again." http://www.ocregister.com/articles/information-254735-security-anthem.html 23-Jun-10 Forceful Browsing Insufficient Authorization Leakage of Information Health No
Twitter user 0wn3d_5ys has demonstrated a persistent Cross-site Scripting (XSS)
vulnerability on Twitter he found on June 21st using his own Twitter account (visit at your
own risk) that appears to be due to a lack of input validation of the application name field
when accepting new requests for Twitter applications. Visiting his account on Twitter
results in a pair of classic cross site scripting alert boxes, then your browser is
manipulated, finally you enter the matrix (see below), and get messages from the
2010-137 WHID 2010-137: Persistent XSS on Twitter.com researcher who found the vulnerability. http://praetorianprefect.com/archives/2010/06/persistent-xss-on-twitter-com/ 24-Jun-10 Cross-site Scripting (XSS)
Improper Output HandlingDefacement Web 2.0 USA No Twitter
Dozens of Driskill Hotel customers' credit card information has been stolen. Hackers in
Europe were able to break into the hotel's parent company's website and steal the
2010-136 WHID 2010-136: Hotel account hacked, card info stolen information. There are more than 700 victims nationwide. http://www.kxan.com/dpp/news/hotel-account-hacked,-card-info-stolen 23-Jun-10 SQL Injection Improper Input Handling Credit Card Leakage Hospitality Austin, TX No
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
Earlier this month, we reported on a new variant of Asprox malware which was being
spammed out by the Pushdo botnet. At that time, the Asprox executables we analyzed
were purely sending spam. However, a few days after our post, we noticed reports of
mass infections of IIS/ASP websites. The nature of these attacks reminded us of SQL
injection attacks back in 2008 where Asprox was clearly involved. We suspected that the
re-emergence of Asprox and these new mass website infections were not merely a
coincidence. Well, this week our suspicions were confirmed when we came across
2010-135 WHID 2010-135: Another round of Asprox SQL injection attacks another version of Asprox which started to launch both spam and SQL injection attacks. http://www.m86security.com/labs/i/Another-round-of-Asprox-SQL-injection-attacks,trace.1366~.asp 23-Jun-10 SQL Injection Improper Input Handling Planting of Malware Multiple No
According to Mikko Hyponnen, chief research officer with F-Secure, more than 1000
accounts on the microblogging social networking service were hacked within the space of
12 hours, each of them broadcasting the message: "Hacked by Turkish Hackers."

In a security blog posting made last night, Hyponnen said that, although the exploit
mechanism is unclear, most of the compromised accounts "seem to seem to belong to
2010-134 WHID 2010-134: Major hack of Israeli Twitter accounts Israeli Twitter users." http://www.infosecurity-magazine.com/view/10426/major-hack-of-israeli-twitter-accounts-/ 22-Jun-10 Unknown Unknown Defacement Web 2.0 Israel No Turkey Twitter
Local internet service provider (ISP) Druknet is currently recovering, after 50 of its
websites were hacked early yesterday.

Users trying to access certain websites hosted by the ISP were greeted with a blank home
page and a message that said the website had been hacked.

Although some of the hacked websites were back online by afternoon, many websites
were still down as of last night. Druknet‰Ûªs web server, on which the websites are
stored, was also taken offline periodically throughout yesterday.

The hacker or hackers had exploited websites designed, using free open sourced content
2010-133 WHID 2010-133: Druknet websites hacked management systems (CMS), like Word Press, according to Druknet. http://www.kuenselonline.com/modules.php?name=News&file=article&sid=15822 19-Jun-10 Known Vulnerability Application Misconfiguration
Defacement Hosting Providers Bhutan No WordPress
The popular Burmese Web site photayokeking.org, edited by a Burmese army deserter,
was recently attacked, leaving it inaccessible and out of operation.

According to one of the editors, who goes by the name Photayoke, the Web site came
under major attacks on May 27 and June 11, following three smaller attacks.

On June 11, the server provider sent an email to the Web site's owners stating that a
2010-132 WHID 2010-132: Another Opposition Website Shut Down by Hackers major distributed denial-of-service attack (DDoS) had been focused on their data center. http://www.irrawaddy.org/article.php?art_id=18759 19-Jun-10 Denial of Service Insufficient Anti-automation
Downtime News Burma No Burma
Access to the internet in Turkey is becoming increasingly ragged, as growing state
censorship collides with retaliation by anti-censorship hackers, leading to difficulties both
in viewing sites and applying key online functions.

Since early this morning the websites of the Ministry of Transportation, the Information and
Communication Technologies Authority and the Telecommunications Communication
Presidency have been inaccessible. These three state bodies are responsible for internet
censorship and have been the principal actors behind attempts to block access to
YouTube and Google-related services in Turkey.

A number of theories abound, with favourites the state authorities‰Ûª websites have
either been hacked or subject to a serious denial of service attack by hackers unhappy at
the censorship.

Writing for the CyberLaw UK Blog, Dr Yaman Akdeniz, Associate Professor at the Faculty
of Law, Istanbul Bilgi University, now writes that it has been confirmed as a denial of
service attack coordinated by a group of hackers to protest against internet censorship in
2010-131 WHID 2010-131: DoS attack stuffs Turkey's internet censors Turkey, and that the attack lasted 10 hours. http://www.theregister.co.uk/2010/06/18/turkey_dos_attack/ 18-Jun-10 Denial of Service Insufficient Anti-automation
Downtime Government Turkey No Turkey
Google Trends is a powerful tool that many media companies (us included) rely upon for a
sense of what new topics people are searching for at any given time -- at least, when it's
not getting hacked with racial slurs, which is exactly what happened early this morning.

At around 9 a.m. Eastern, instead of the normal list of the hottest new search terms of the
2010-130 WHID 2010-130: Google Trends Hacked With Racial Slur (Again!) hour, visitors to the Google Trends website were greeted with the phrase "lol n------". http://www.politicsdaily.com/2010/06/17/google-trends-hacked-with-racial-slur-again/ 17-Jun-10 Process Automation Insufficient Anti-automation
Disinformation Search Engine San Jose, California No Google
The websites of Senator Stephen Conroy and the Australian Parliament House were
inaccessible this morning after the 'Anonymous' group of hackers claimed credit for a
2010-13 WHID 2010-13: Australian Government websites blitzed by DDoS attack Distributed Denial of Service (DDoS) attack on Australian Government web sites. http://www.securecomputing.net.au/News/166860,australian-government-websites-blitzed-by-ddos-attack.aspx 10-Feb-10 Denial of Service Insufficient Anti-automation
Downtime Politics Australia No
hackers have stolen the account details of Therese Coffey, Tory candidate for Suffolk
Coastal (UK Parliament constituency), London Spin can exclusively reveal. The attackers
bombarded social media users with sexually explicit messages and comments after
2010-129 WHID 2010-129: Hackers Seize Top Tory‰Ûªs Facebook, Blog & Twitter Accounts gaining access to her Blog, Facebook and Twitter account details. http://www.londonspinonline.com/2010/06/exclusive-hackers-seize-top-torys.html 17-Jun-10 Unknown Insufficient AuthenticationDisinformation Web 2.0 London, England No
Microsoft has sued Connecticut resident Boris Mizhen for allegedly gaming Hotmail's
spam filters and sending unwanted emails to consumers. Mizhen, who previously settled
a separate spam lawsuit brought by Microsoft, allegedly got around the company's anti-
spam system by creating millions of new email accounts and then arranging for those
accounts to classify his messages as "not spam," according to the lawsuit.

"Defendants developed and executed an elaborate scheme to circumvent Microsoft's

Hotmail spam filters to disseminate a large quantity of spam email advertisements to
Microsoft's Hotmail users," the company alleges in its complaint, filed last week in federal
district court in Seattle.

The complaint details how Mizhen and his affiliates allegedly manipulated the statistics
that Microsoft's anti-spam system relies on by creating millions of new email accounts and
2010-128 WHID 2010-128: Microsoft Sues Alleged Spammer For Circumventing Filters then moving up to 200,000 of their own messages a day from "junk" files into inboxes. http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=130320 16-Jun-10 Process Automation Abuse of Functionality Spam Information Services Washington, USA No Connecticut, USA
Hotmail
An Israeli hacker managed to break into the website of Turkish IHH group, which
organized the Gaza flotilla, disabling the organization's fundraising mechanism for a few
hours.

The 30-year-old hacker from Holon, who wished to remain anonymous, said he was
concerned with Israel's poor PR efforts and decided to make a contribution of his own.

"The real war today is online. I spent an entire week exploring the site, a few hours each
night, until I succeeded," he said.

The hacker added that he was surprised to learn that IHH received some 9,000 euros in
donations every hour via the website. The group is planning to send a second flotilla to
2010-127 WHID 2010-127: Israeli hacker hits IHH website Gaza next month. http://www.ynetnews.com/articles/0,7340,L-3906872,00.html 17-Jun-10 Unknown Improper Output HandlingMonetary Loss Politics Turkey No Israel
New Hampshire breach notification: HBDirect.com - Website hacked through SQL
injection - exposing credit cards of customers from December 1, 2009 to February 10,
2010-126 WHID 2010-126: Website breached by hacker through SQL injection - exposing personal information
2010.of19
customers
NH residents affected. http://datalossdb.org/primary_sources/2548 24-Mar-10 SQL Injection Improper Input Handling Credit Card Leakage Entertainment New Hampshire, USA No
Banks in Russia and Ukraine are under continued siege by criminal gangs wielding a
sophisticated, next-generation exploitation kit that hacks the financial institutions'
authentication system and then hits it with a denial-of-service attack.

The attacks are being carried out with the help of a top-to-bottom revision of BlackEnergy,
a popular hack-by-numbers toolkit that until recently was used primarily to launch DDoS,
or distributed denial-of-service, attacks. Eastern European criminal gangs are using the
expanded capabilities of BlackEnergy 2 to siphon funds out of electronic bank accounts
and then assault the financial institutions with more data than they can handle, said Joe
2010-125 WHID 2010-125: Eastern European banks under attack by next-gen crime app Stewart, a researcher with security firm SecureWorks' Counter Threat Unit. http://www.theregister.co.uk/2010/06/16/blackenergy2_ddos_attacks/ 16-Jun-10 Banking Trojan Insufficient Anti-automation
Monetary Loss Finance Russia No
Saudi bank Riyad Bank has been hacked by a group of hackers who posted a message
demanding to end the service of the Mayor of Al Madina province in Saudi Arabia. Al
Madina is the second holiest city in Islam, and the burial place of the Prophet Muhammad
peace be upon him and it is the capital of the first Islamic state established by the Prophet
and his companions after early Muslims migrated from oppression imposed by their people
in Mecca around 1400 years ago.

The hacker/s only managed to hack the homepage of the site as the internal pages seems
intact, the hackers displayed a message on the bank‰Ûªs homepage apologizing to the
bank and saying ‰ÛÏwe are hacking you to deliver a message to the king of Saudi
2010-124 WHID 2010-124: Riyad Bank Website Gets Hacked Arabia.‰Û They asked him to fire the Mayer. http://arabcrunch.com/2010/06/riyad-bank-website-gets-hacked.html 14-Jun-10 Unknown Unknown Defacement Finance Saudi Arabia No
Researchers at Imperva have discovered an 'experimental' botnet that uses around 300
hijacked web servers to launch high-bandwidth DDoS attacks.

The servers are all believed to be open to an unspecified security vulnerability that allows
the attacker, who calls him or herself 'Exeman', to infect them with a tiny, 40-line PHP
script. This includes a simple GUI from which the attacker can return at a later date to
2010-123 WHID 2010-123: Botnet hijacks web servers for DDoS campaign enter in the IP, port and duration numbers for the attack that is to be launched. http://www.computerworld.com.au/article/346342/botnet_hijacks_web_servers_ddos_campaign/ 13-May-10 Unknown Application Misconfiguration
Botnet Participation Service Providers Netherlands No
If you follow our blog, you probably noticed that these last few months have been specially
hard for hosting companies. Lots of them got hacked, bringing down thousands of sites
with them. Now we are hearing reports of a mass hack of WordPress blogs hosted on
Rackspace.

What is going on?

The attackers were able to get access to Rackspace databases and infect the sites
through there. They created a new admin user on many Worpress sites, giving them full
access to the WordPress admin panel.

With that access they were able to inject malware, and as we saw before they used that to
inject SEO spam to the sites.

One of the posts in that thread also suggests that the attack vector is a vulnerable version
(2.11.3) of phpMyAdmin used by RackSpace Cloud. If this is true, hackers must have
targeted an XSRF attack at one of RackSpace admins with mySql root permissions to gain
access to the whole database (probably created one more admin user). At this point,
RackSpace has upgraded their phpMyAdmin nodes. Hope, they also found any changes
2010-122 WHID 2010-122: Attack of WordPress Blogs on Rackspace in the database done by those hackers. http://blog.sucuri.net/2010/06/mass-attack-of-wordpress-blogs-on-rackspace.html 15-Jun-10 Cross-site Request Forgery
Insufficient
(CSRF)Process Validation
Planting of Malware Service Providers USA No http://blog.unmaskparasites.com/2010/06/14/attack-on-wordpress-blogs-on-
It seems that a second round of attacks are happening today at GoDaddy and infecting all
kind of sites (Joomla, Wordress,etc). Looking at the modification dates on the files, they all
happened May 1st (today) during the morning from 1 to 3/4 am.

All of them had the following javascript added to their pages:

script src= http://kdjkfjskdfjlskdjf.com/kp.php

Which looks very similar to the attacks from the last few weeks, but this time using kp.php
instead of js.php. Also, many sites that were not infected during the previous batch got
2010-121 WHID 2010-121: Second round of GoDaddy sites hacked hacked now. http://blog.sucuri.net/2010/05/second-round-of-godaddy-sites-hacked.html 1-May-10 Unknown Unknown Planting of Malware Service Providers USA No WordPress http://blog.sucuri.net/2010/05/found-code-used-to-inject-the-malware-at-god
You would expect that a security-related web site would be secure, no? What about an
official web site from a Government? Should that be safe? What about a government web
site about security? Shouldn‰Ûªt that be ultra super secure? (yes, I am joking )

That‰Ûªs not always the case‰Û_ At Sucuri Security we have two main goals: Monitor
your visible Internet presence (via DNS, site content changes, whois, blacklisting status,
etc), and to also monitor what is not visible (or easily accessible). So we run multiple
honey pots, we monitor IRC chats used by botnets and attackers, multiple forums, etc. All
with the goal to protect our clients and notify them if we see any issue in the ‰
ÛÏunderground‰Û .

With this work, we get to see a lot of sites being exploited and attacked. Most of them are
small sites, but sometimes we see big companies, .govs and many .edus in there.

One of those government web sites are from Colombia. And they are not a normal .gov
site, they are about security and about cyber crimes.

They have two web sites that are currently hacked: http://www.delitosinformaticos.gov.co
(related to solving cyber crimes) and

http://www.frentesdeseguridad.gov.co (related to security in general). We tried to contact

them and got no replies. We would wait a little more to publish it, but since clem1
mentioned them on our post about Georgia government sites hacked, I think it is time to
2010-120 WHID 2010-120: Colombian government sites hacked (and spreading malware) use full-disclosure to get them fixed. http://blog.sucuri.net/2010/02/colombia-government-sites-hacked-and-spreading-malware.html 18-Feb-10 Remote File Inclusion (RFI)
Application Misconfiguration
Planting of Malware Government Colombia No
A Romanian grey hat hacker has disclosed an SQL inject (SQLi) vulnerability on a website
belonging to the United States Army, which leads to full database compromise. The
website, called Army Housing OneStop, is used to provide information about military
2010-12 WHID 2010-12: Army Website Compromised Through SQL Injection housing facilities to soldiers. http://news.softpedia.com/news/Army-Website-Compromised-Through-SQL-Injection-131649.shtml 9-Jan-10 SQL Injection Improper Input Handling Leakage of Information Government USA No Romania
*UPDATE: A few hours after this post, they removed the malware from justice.gov.ge and
other sites. I am glad we had some effect.

You know, you would think that after all the attacks that Georgia suffered in 2008 they
would be more careful about the security of their sites.

Well, not really. Even after I sent a bunch of emails to all their addresses that I could find
and requested on twitter for contacts in the .ge government, nobody replied and they are
still hacked, spreading malware and attacking other systems.

It doesn‰Ûªt look like it is being caused by the Russians or anything like that. And the
attackers this time didn‰Ûªt defaced their web page. They just added some malware and
scripts to attack others.

How do I know? We run multiple honeypots to detect web-based attacks and malware.
2010-119 WHID 2010-119: Georgia government sites hacked (and spreading malware) And guess who started attacking us? http://blog.sucuri.net/2010/02/georgia-government-sites-hacked-and-spreading-malware.html 15-Feb-10 Remote File Inclusion (RFI)
Application Misconfiguration
Planting of Malware Government imereti, GE No
Two South Korean government Web sites were attacked again Saturday by hackers
traced to China, but there was no major damage, the home ministry said.

The sites of the Ministry of Justice and the Korea Culture and Information Service were hit
by a massive number of access attempts in what is knowns as distributed denial-of-service
(DDoS) attacks from 247 China-based Internet servers, according to the Ministry of Public
2010-118 WHID 2010-118: Two Korean govt. websites attacked by hackers Administration and Security. http://english.yonhapnews.co.kr/techscience/2010/06/12/73/0601000000AEN20100612002100315F.HTML 12-Jun-10 Denial of Service Insufficient Anti-automation Government South Korea No China
A Turkish hacker has managed to hijack msn.co.il and hotmail.co.il, two domains
belonging to Microsoft, and use them to post a pro-Palestinian message. The name
servers and administrative email address for the domains have been changed.

Users who accessed hotmail.co.il and msn.co.il earlier today were greeted by a page
displaying the image of a child wearing the Palestinian flag as a cape and a message
reading, "Free Palestine. Hi to greatest [expletive] of the world (i mean all the Jews). u
think one day u will own all the world eh? Lol that makes me laugh. that makes all the
world laugh. u are just insects. make muslims angrier and just sit and watch what will
happen to you." The attacker signs the messsage as TurkGuvenligi Tayfa ("from Turkey
with love") and sends greetings to Pakbugs, a notorious group of hackers and defacers.

It appears that the two Microsoft domains, which normally redirect users to login.live.com
and il.msn.com, respectively, had their name server information altered. The new ns1.
dollar2host.com and ns2.dollar2host.com name servers, which belong to a private Web
hosting company, replaced the usual ns1.msft.net and ns2.msft.net that Microsoft used for
2010-117 WHID 2010-117: Turkish Hacker Hijacks .CO.IL MSN and Hotmail Domains its domains. http://news.softpedia.com/news/Turkish-Hacker-Hijacks-CO-IL-MSN-and-Hotmail-Domains-144299.shtml 10-Jun-10 DNS Hijacking Insufficient Process Validation
Defacement Information Services No Turkey
A security flaw in AT&T's network exposed the e-mail addresses of more than 100,000
owners of Apple's 3G iPad, according to a report published by Gawker today.

Calling it the "most exclusive e-mail list on the planet," Gawker said the list of exposed
owners included New York Mayor Michael Bloomberg, White House Chief of Staff Rahm
Emanuel and other powerful figures in finance, media and politics.

The security hole was uncovered by Goatse Security, a group known among security
experts as hackers who enjoy pulling Web pranks, Gawker reported. Still, the group
previously has uncovered flaws in browsers Firefox and Safari, Gawker said.

When contacted by ABCNews.com, a man who asked to be named as a Goatse employee

confirmed Gawker's report.

"It's absolutely real," he said, adding that the group gave the Gawker reporter their data
set and he was able to verify the information.

The employee said someone in his organization learned that when given an iPad owners'
unique identification number, a program on AT&T's website would return the e-mail
address connected to that account.

Once the hole was uncovered, he said, the group was able to write a script that would
automatically predict ID numbers and return the associated e-mail addresses.

In about six hours, he said, the group was able to scrape information for about 114,000
iPad 3G owners, but he did not say how many iPad owners could have been affected in
2010-116 WHID 2010-116: Hackers: Data Breach Exposed iPad Owners' Personal Info total. http://abcnews.go.com/print?id=10871229 9-Jun-10 Credential/Session Prediction
Insufficient Anti-automation
Leakage of Information Information Services USA No
More than 100,000 webpages, some belonging to newspapers, police departments, and
other large organizations, have been hit by an attack over the past few days that
redirected visitors to a website that attempted to install malware on their machines.

The mass compromise appears to have affected sites running a banner-ads module on
top of Microsoft's Internet Information Services using ASP.net, said David Dede, head of
malware research at Sucuri, a website monitoring firm. The sites were infected using SQL
injection exploits, which allow attackers to tamper with a server's database by typing
commands into search boxes and other user-input fields. The hackers used the exploit to
plant iframes in the compromised sites that redirected visitors to robint.us. Malicious
javascript on that site attempted to infect end users with malware dubbed Mal/Behav-290
2010-115 WHID 2010-115: Mass hack plants malware on thousands of webpages according to anti-virus firm Sophos. http://www.theregister.co.uk/2010/06/09/mass_webpage_attack/ 9-Jun-10 SQL Injection Improper Input Handling Planting of Malware Multiple USA No China
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
Seven people were arrested in Andhra Pradesh for hacking the online passport application
software of the Hyderabad regional passport office, police said Friday.

Police Commissioner A.K. Khan told reporters that seven people, among them five
passport agents, were arrested and a search was on for two other agents involved in the
racket.

The passport office releases online slots for confirmed dates of appointments to the
applicants for obtaining passports under 'Tatkal' scheme through its website www.
passport.gov.in.

Every day these slots were visible to the users only for a few minutes till the slots released
by the passport authorities were exhausted.

The accused hacked the website, blocked the online slots and were selling the same to
2010-114 WHID 2010-114: Seven held in Andhra for hacking passport software the applicants for huge sums, police said. http://sify.com/news/seven-held-in-andhra-for-hacking-passport-software-news-national-kger4bcghcf.html 4-Jun-10 Denial of Service Insufficient Process Validation
Extortion Government India No India
Incident-prone social network monolith Facebook has plugged yet another security leak,
this time involving the indexing by search engines of email addresses not listed on
Facebook. Thousands of email addresses submitted using Facebook's "Find a friend"
feature that were not tied to a Facebook account wound up getting indexed by Google,
according to Blogger Cory Watilo, who was among those affected.

"One obvious problem is that spammers can easily scrape this data and add easily
legitimate address to their lists, many of whom might not give their addresses to Facebook
for a reason," Watilo writes. The issue sparked a lively discussion thread on Hacker
News. Facebook changed its robot.txt file to prevent the search engine from indexing the
relevant "opt out of emails from Facebook" page so that email address data can no longer
2010-113 WHID 2010-113: Facebook plugs email address indexing bug be harvested by spammers or other miscreants. http://www.theregister.co.uk/2010/06/04/facebook_email_indexing_snafu/ 4-Jun-10 Unintentional Information
Insecure
Disclosure
Indexing Leakage of Information Web 2.0 USA No Facebook
The unofficial Likudnik website was targeted by angry Turkish hackers who were
apparently less than pleased with the IDF Navy commando operation which prevented the
2010-112 WHID 2010-112: Turkish Cyber Hackers Strike at Israel terrorists on board from breaking the Gaza embargo on Hamas-controlled Gaza. http://www.theyeshivaworld.com/news/Israeli+News/60651/Turkish-Cyber-Hackers-Strike-at-Israel.html 2-Jun-10 Unknown Unknown Defacement Government Israel No Turkey
Finnish police are searching for thieves who stole 1,000 Euros (about $1,200 U.S.) worth
of virtual furniture and other items from the virtual world Habbo Hotel. The thieves
allegedly used phishing scams to the capture usernames and passwords from Habbo
Hotel users, who contacted Finnish police after they noticed that their virtual goods
2010-111 WHID 2010-111: Thieves steal virtual furniture from unsuspecting Hotel Habbo players missing. http://www.gamezebo.com/news/2010/06/02/thieves-steal-virtual-furniture-unsuspecting-hotel-habbo-players 2-Jun-10 Phishing Insufficient AuthenticationMonetary Loss Entertainment Finland No
The computer system at a local Mexican restaurant was hacked, and investigators believe
thieves made off with the credit card numbers of hundreds of customers. "They know that
it was a breach, and they know that the breach came from Russia, that's for sure,"
explained Blanca Aldaco. "So, we are working with our I.T. guy. They're definitely looking
into. Hopefully, they can figure out what the IP address is."

The U.S. Secret Service and the San Antonio Police Department's Fraud Unit is also
investigating. Neither would comment, but News 4 WOAI learned they are trying to track
down the overseas hacker. The restaurant's owner said they have now changed the way
they do business. "We are no longer on the internet when it comes to credit card
2010-110 WHID 2010-110: Local restaurant's computer hacked, customers' card numbers stolen authorizations," Blanca Aldaco told News 4 WOAI. http://www.woai.com/news/local/story/Local-restaurants-computer-hacked-customers-card/NSwj0Mpf5keeSXLOfsGvCw.cspx 22-May-10 SQL Injection Improper Input Handling Credit Card Leakage Retail USA No Russia
A Lebanese hacker is taking credit for a security breach on the PEO Soldier Army website.
By exploiting an SQL injection vulnerability, he allegedly obtained full access to the
2010-11 WHID 2010-11: U.S. Military Equipment Website Hacked underlying database and the information contained within. http://news.softpedia.com/news/U-S-Military-Equipment-Website-Hacked-131947.shtml 13-Jan-10 SQL Injection Improper Input Handling Leakage of Information Government USA No Lebanon
Hundreds of thousands of Facebook users have fallen for a social-engineering trick which
2010-109 WHID 2010-109: Viral clickjacking 'Like' worm hits Facebook users allowed a clickjacking worm to spread quickly over Facebook this holiday weekend. http://www.sophos.com/blogs/gc/g/2010/05/31/viral-clickjacking-like-worm-hits-facebook-users/ 31-May-10 Clickjacking Insufficient Process Validation
Worm Web 2.0 USA No Facebook
Organized cyber thieves stole more than $100,000 from a small credit union in Salt Lake
City last week, in a brazen online robbery that involved dozens of co-conspirators,
KrebsOnSecurity has learned.

According to Melgar, the perpetrators who set up the bogus transactions had previously
stolen a bank employee‰Ûªs online login credentials after infecting the employee‰Ûªs
Microsoft Windows computer with a Trojan horse program. Melgar said investigators have
not yet determined which particular strain of malware had infected the PC, adding that the
bank‰Ûªs installation of Symantec‰Ûªs Norton Antivirus failed to detect the infection
2010-108 WHID 2010-108: Cyber Thieves Rob Treasury Credit Union prior to the unauthorized transfers. http://krebsonsecurity.com/2010/05/cyber-thieves-rob-treasury-credit-union/ 20-May-10 Banking Trojan Insufficient AuthenticationMonetary Loss Government USA No Ukraine
BP's Twitter account looked to have fallen victim to hackers early Thursday, with a post
referencing a fictional character from a popular fake BP microblog page.

Followers to the genuine account were told: "Terry is now in charge of operation Top Kill,
2010-107 WHID 2010-107: Hackers Take Over BP Twitter Feed work will recommence after we find a XXL wetsuit. #bpcares #oilspill." http://www.foxnews.com/scitech/2010/05/27/hackers-bp-twitter-feed/ 27-May-10 Unknown Unknown Disinformation Web 2.0 USA No Twitter
With a weak network security, the website http:// www.egovamc.com. has several chinks
in its armour and is a ready invitation for hackers. The issue has been brought to notice of
senior AMC officials and only recently they effected a few cosmetic security patch-ups for
their website.

‰ÛÏWe have reported the bugs in the website and problems with database management
system and coding. We had earlier told the systems department of the AMC about a
system that can be exploited with username and password as simple ‰Û÷0‰Ûª. The
vulnerability has been fixed by now but there are bigger challenges,‰Û said Sunny
Vaghela, a city-based cyber crime expert.

He said that if the website is vulnerable , it means that the hacker can get access to the
control panel of the site, look into the contents such as tendering details, property tax
details , building plans and allocation of funds, access to which is restricted to only senior-
2010-106 WHID 2010-106: AMC website vulnerable to hackers level civic officials. http://timesofindia.indiatimes.com/articleshow/5979202.cms 27-May-10 SQL Injection Improper Input Handling Leakage of Information Government India No
Dear users, yesterday we began a poll about the controversial immigration bill SB 1070
asking users what was their sentiment on the bill. It spread virally and was shared on
facebook over 500 times and viewed over 10,000 times.

Unfortunately all the of attention has made it the target of some unscrupulous individuals.
Around 3:00pm Tuesday afternoon we noticed that an individual was voting in the poll
once every 10 seconds, and did this activity for nearly 2 hours.

Upon checking the logs we realized there were multiple users engaging in this sort of
behavior from multiple vectors forcing us to remove the poll entirely. In terms of a long
term solution, it seems inevitable that we will adopt a system that requires a KVOA.com
user account in order to vote in a poll, but that modification cannot be patched in on the fly
2010-105 WHID 2010-105: Poll removed due to widespread ballot stuffing and hacking and would require a few days work. http://www.kvoa.com/news/poll-removed-due-to-widespread-ballot-stuffing-and-hacking/ 25-May-10 Brute Force Insufficient Anti-automation
Fraud Media USA No
"Last May we had an incident where one of our web pages was exploited through an SQL
injection flaw," Kerber said. "It was a wake-up call that we had vulnerabilities people could
2010-104 WHID 2010-104: Code Security: MidAmerican Energy's top priority after SQL injection attacks find out about." http://www.csoonline.com/article/594613/Code_Security_MidAmerican_Energy_s_top_priority_after_SQL_injection_attacks 21-May-10 SQL Injection Improper Input Handling Leakage of Information Energy USA No
We have been digging lately in a large SEO SPAM network which is using thousands of
compromised sites to increase their page rankings and spread malware. They are similar
to the one we reported earlier affecting lean.mit.edu, but this time they seem focused only
on Wordpress web sites

Attack method

All the sites infected are using the latest Wordpress version and had a PHP script injected
inside their wp-includes directory. The script name is random and it does two things:

1-For a search engine, it shows a bunch of keywords (cialis, viagra, movie downloads, etc)

2-For a normal user coming from Google, they are redirected to a web site with malware
2010-103 WHID 2010-103: SEO SPAM network - Details of the wp-includes infection or to another site for more spam. http://blog.sucuri.net/2010/05/seo-spam-network-details-of-wp-includes.html 25-May-10 Content Spoofing Application Misconfiguration
Link Spam Education USA No WordPress
The city and county of Denver website was pulled down Monday night after it was hacked,
the second such attack in a week.

Eric Brown, a spokesman for the mayor's office, said he didn't know what time the site was
2010-102 WHID 2010-102: Denver's website hacked twice in one week breached and when it might be restored. http://www.denverpost.com/news/ci_15155519 25-May-10 Unknown Improper Output HandlingDefacement Government USA No
A hacker broke the huge database site which had registered 36.7 million Internet users,
raising fears of massive consequences. The Site Skyrock has sent a message to its
internet users the message of the team to its Internet Skyrock

According Zataz, the hacker would be introduced through a security hole in the platform
Waka , launched last week in partnership with the government . This ‰Û backdoor ‰ÛÏ,
which allowed anyone to edit the content of pages, had been quickly corrected.

For its part, Skyrock believes that ‰ÛÏat this stage, we cannot determine whether the
application Waka was concerned.‰Û

Still, the hacker could have access to the huge database Skyrock.com, claiming ‰ÛÏ36.7
million active members in February 25. However, the head of security at the site revealed
Monde.fr than Skyrock, passwords are stored in ‰ÛÏplain‰Û , that is to say they are not
2010-101 WHID 2010-101: 37 million passwords stolen on the site of Skyrock? encrypted and protected. http://whitehatfirm.com/news/37-million-passwords-stolen-on-the-site-of-skyrock/2629.html 21-May-10 Misconfiguration Application Misconfiguration
Leakage of Information Web 2.0 France No
Websense Security Labs䋢 ThreatSeeker䋢 Network has discovered that the speed
testing site of chinaz.com has been compromised.

This payload contains two parts: ap.js, and the obfuscation code in the script tag. When
combined, we get the entire exploit code. After analyzing this, we noticed that it is used to
target the IE vulnerability (MS10-018), which downloads an executable file named dn.exe.
This has a good detection rate by most AV vendors; however dn.exe will download and
execute remote files and send local information to a remote server. The process disguises
itself as an AV component while at the same time suspending the AV software. At present,
a bug in the malicious code fails to get the MAC address correctly and as of this alert the
2010-100 WHID 2010-100: Chinaz.com compromised site is still infected. http://community.websense.com/blogs/securitylabs/archive/2010/05/25/chinaz-com-compromised.aspx 25-May-10 Unknown Improper Output HandlingPlanting of Malware Information Services China No
Boulder police and the FBI announced Friday that they have identified the individual who
hacked into the Web sites of two Boulder synagogues and the Boulder Rabbinic Council
2010-10 WHID 2010-10: FBI, police ID Boulder synagogue Web site hacker last week and defaced them with anti-Semitic messages. http://www.dailycamera.com/ci_14150610?source=most_emailed#axzz0ieLUTxxC 2-Jan-10 Unknown Improper Output HandlingDefacement Religious Boulder, CO No
A hacker broke into 49 House Web sites of both political parties after President Obama's
State of the Union address. The websites were all managed by a private vendor --
GovTrends of Alexandria, Va. The article mentions that "GovTrends let its guard down
while performing an update, allowing the hacker to penetrate sites of individual members
and committees overnight" which leads to WHID's Misconfiguration Attack Method
designation.

2010-1 WHID 2010-1: Hacker Breaks Into 49 House Sites, Insults Obama Interesting note - 18 House sites managed by GovTrends were defaced last August. http://www.toptechnews.com/news/Hacker-Breaks-Into-49-House-Sites/story.xhtml?story_id=00100041BAO7 1-Feb-10 Misconfiguration Application Misconfiguration
Defacement Government USA No
<p>MetaFilter <a href="http://en.wikipedia.org/wiki/MetaFilter#Moderation">philosophy
</a>is that social norms and peer pressure, referred to as "self-policing", will ensure the
quality of the content of the site. However is seems that this philosophy does not extend to
hackers who <a href="http://status.metafilter.com/2009/01/sql-inject-problem.html">abuse
2009-9 WHID 2009-9: MetaFilter suffers an SQL injection attack the site's software to plant Malware</a> affecting MetaFilter users.</p> 24-Jan-09 SQL Injection Improper Input Handling Planting of Malware Web 2.0 USA No
<p>John Abell from Wired magazine often writes about Apple's CEO health. However, <a
href="http://www.alleyinsider.com/2009/1/vandalized-wiredcom-falsely-repo">this
report</a> about Job suffering a cardiac arrest, was neither his nor true. The culprit was
Wired public image viewing utility which lets people upload am image and than presented
the image as part of the Wired web site, banner and domain included.</p>
<p>This is a wonderful example of a web application design flaw. There was nothing
wrong with the code, however the design of the feature enabled it to be abused.</p>
<p style="text-align: center;"><img src="/sites/default/files/images/hacked_wired_page.gif"
width="372" height="251" /></p>
<p>Further information:</p>
<ul>
<li><a href="http://blog.wired.com/business/2009/01/wiredcom-imagev.html">Abell's own
report on the incident</a></li>
2009-8 WHID 2009-8: Wired.com Image Viewer Hacked to Create Phony Steve Jobs Health Story </ul> 22-Jan-09 Content Spoofing Application Misconfiguration
Disinformation Media USA No
<p>China retail news <a href="http://www.chinaretailnews.com/2009/01/19/2134-chinas-
yeepaycom-suffers-internet-payment-hacker-attack/">reports </a>that Yeepay, a Chinese
online payments provider suffered a major denial of service attack. The story seems to be
<a href="http://64.233.183.101/translate_c?hl=en&amp;u=http://www.yeepay.
com/html/gg/index.shtml&amp;usg=ALkJrhgN9F-Iyzd_zXN5TPFdGiHzFO1eww">big in
2009-7 WHID 2009-7: China&#039;s Yeepay.com Suffers Internet Payment Hacker Attack China</a>, but hardly made it to the west.</p> 19-Jan-09 Denial of Service Insufficient Anti-automation
Downtime Finance China No
<p>This gem is taken out of a <a href="http://www.hostsearch.
com/news/supported247_news_8191.asp">press release</a> issued by a hosting
provider. According to the press release, InfoGov, a UK provider of risk management
solutions, switched hosting its sites to a new provider because the previous one did not
provide adequate solution to an SQL injection attack that penetrated the site and inflicted
Malware on InfoGov customers.</p>

<p>Probably yet another fallout from the on going Asprox attack, this incident is interesting
as it emphasises the responsibility that customers expect service providers to take in
2009-6 WHID 2009-6: InfoGov switch hosting due to lack of security protecting from web based attacks.</p> 16-Jan-09 SQL Injection Improper Input Handling Planting of Malware Government UK No
A Romanian hacker well-known for discovering SQL injection vulnerabilities in high-profile
Websites has struck again -- this time on RBS WorldPay's site, where he says he hit the
jackpot, the company's database.

The hacker, who goes by "Unu," says he accessed RBS WorldPay's database via a SQL
injection flaw in one of its Web applications. RBS WorldPay maintains Unu accessed a
test database that didn't carry any live data, and that no merchant or cardholder data
2009-51 WHID 2009-51: Hacker Hits RBS WorldPay Systems Database accounts were compromised. The company has since taken down the pages. http://www.darkreading.com/database_security/security/app-security/showArticle.jhtml?articleID=220000005 11-Sep-09 SQL Injection Improper Input Handling Leakage of Information Finance Georgia, USA No Romania
A new attack by hackers Dec. 17 redirected Twitter users to a page from a previously
unknown group called the Iranian Cyber Army. Most computer attacks are relatively
straightforward denial-of-service attacks, where computers overwhelm a website with data
to bring it down. Thursday night's attack against Twitter was more serious because the
hackers gained access to part of Twitter's network and were able to redirect users to a
page with a photo of a flag with Farsi script. Near the top of the page ran a bold red
headline in English: "This site has been hacked by Iranian Cyber Army."

Hackers for several days have attacked the websites of opponents of Iran's regime and
posted the same image. The opponents have used social-media sites like Twitter to
2009-50 WHID 2009-50: Iranian hacker attack: What will it cost Twitter? organize street protests this year. http://www.csmonitor.com/Money/2009/1218/Iranian-hacker-attack-What-will-it-cost-Twitter 17-Dec-09 DNS Hijacking Application Misconfiguration
Defacement Web 2.0 No Iran
<p>This <a href="http://www.tmcnet.com/usubmit/2009/01/15/3916297.htm">story
</a>about student hacking a Pottsville, PA school online system and changing grades
demonstrated again that password stealing is by far the most common method in which
web sites are hacked.</p>
<p>While it is usually not considered a vulnerability in the application itself, I think that
application that expose administrative or high privileges interface to the web should
include authentication beyond a simple password. A school grading system is one
example. The Twitter administrative interface <a href="/whid-2009-2">hacked last
week</a> is another example.</p>
2009-5 WHID 2009-5: School data hacked, grades altered <p> </p> 15-Jan-09 Insufficient Authentication
Insufficient AuthenticationDisinformation Education USA No
Earlier today news spread that social application site RockYou had suffered a data
breached that resulted in the exposure of over 32 Million user accounts. To compound the
severity of the security breach, it was found that RockYou are storing all user account data
in plain text in their database, exposing all that information to attackers. RockYou have yet
to inform users of the breach, and their blog is eerily silent ‰ÛÒ but the details of the
2009-49 WHID 2009-49: RockYou Hack: From Bad To Worse security breach are going from bad to worse. http://techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-passwords/ 14-Dec-09 SQL Injection Improper Input Handling Leakage of Information Web 2.0 No
Today we saw a variety of pages being advertised that have search.htm and other pages
vulnerable to cross-site scripting (XSS) being used to inject an iframe to a malicious
webpage redirector. To an unknowing user following such an advertisement, they would
believe that they were just visiting the intended host site unaware that the iframe was also
2009-48 WHID 2009-48: XSS Embedded iFrames redirecting them to malicious content. http://research.zscaler.com/2009/12/xss-embedded-iframes.html 14-Dec-09 Cross-site Scripting (XSS)
Improper Output HandlingPlanting of Malware Information Services No
A hoax, posted by a hacker on Van Morrison's website, falsely claimed the singer (64) had
a baby with a woman called Gigi Lee.

But the reclusive singer issued a statement on New Year's Eve saying he is happily
married to former model Michelle Rocca.

The earlier reports were carried by news organisations worldwide after a Los Angeles
based public relations consultant, who has represented Morrison in the past, apparently
confirmed the claim on Tuesday.

However, the statement issued by Van Morrison said: "I have asked my management
team to carry out an immediate investigation into a hacking attack which took place on my
website on December 29th last.

"This is the second occasion on which the website has been hacked into during the last
three months. In this most recent incident, claims were made relating to my personal life in
2009-47 WHID 2009-47: Morrison says 'new baby' story a hoax by web hacker a "statement'' purporting to come from me. http://www.independent.ie/national-news/morrison-says-new-baby-story-a-hoax-by-web-hacker-1996333.html 29-Dec-09 Unknown Unknown Disinformation Entertainment No
The Facebook clickjacking assault appeared as a comment posted to the account of a
user along with a photograph, which enticed him to hit it. On clicking the link, it led the user
to a web-page, which pretended to be a CAPTCHA test. It also prompted him to hit a blue
colored button namely "Share" embedded in the Facebook web-page.

But on clicking it, the victim was diverted to a YouTube video appeared on his Facebook
account. Consequently, the victim and his contacts were infected. Krzysztof Kotowicz, a
freelance security researcher, states that presently the attack is effective merely in
Chrome and Firefox Web-browsers, as reported by Help Net Security on December 22,
2009-46 WHID 2009-46: Clickjacking Attack Hit Facebook 2009. http://www.spamfighter.com/News-13684-Clickjacking-Attack-Hit-Facebook.htm 23-Dec-09 Clickjacking Insufficient Process Validation
Worm Web 2.0 USA No
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
<p>This must be the worse incident reported by the Web Hacking Incident Database.</p>

<p>We all know that web security is highly important but neglected. We tell frightening
stories but listners think they are only "FUD": fear, uncertainty and doubt, used to sell
products and services. I hope that the VAServ incident will serve to warn that those are not
fairytale stories. Even so, I wish this one would not have happened.</p>

<p>In this story, like most calamities, it seems that the laymen suffer: small entrepreneurs
&amp; upstart companies who lost everything in a hacking incident. One of them even lost
his life.</p>

<table style="height: 141px; width: 50%;" border="1" align="right">

<tbody>

<tr>

<td style="background-color: #faebd7;"><strong><span style="font-size: small;">Vaserv

web site reporting recovery status, June 10^th:</span></strong><br /> <span
style="font-size: xx-small;">22:19 vz47uk restored<br /> 22:21 vz46uk data loss<br /> 22:
42 Please allow upto 2 hours for a ticket response as currently we have 200+ active
tickets<br /> 23:02 vz67uk data loss<br /> 23:20 vz50uk data restored<br /> 23:23 vz51uk
data loss<br />00:03 FsckVPS server26 and server27 are still being worked on, but data
*appears* to be intact</span></td>

</tr>

</tbody>

</table>

<p>It all started on Sunday, June 7^th: someone broke into the web servers of
VAServ, a tiny UK based hosting company. The hackers ruined many of VAServ virtual
servers. Some of them lost were for ever as the snippet from VAServ home page, serving
as an emergency bulletin board, shows.</p>

<p>As tiny as VAServ is, probably no more than 3 people, in today's virtual and flat world
they could serve tens of thousands of low cost web sites, many of them now lost for ever.
Behind each one of these web sites there is a story of someone who worked hard,
whether on a hobby or a small business and is now left with nothing. A comment made on
one of the blog entries about the incident reads:</p>

<p style="padding-left: 30px;"><em>"yeah thanks for ruining my life for the last 2 years i
had built up my site spending alot of money and giving up my job for nothing.........what am
i going to tell the wife?"</em></p>

<p>Just think about tens of thousand of such stories. Daniel Voyce, a web developer
using VAServ for all of his clients, told the <a href="http://www.theregister.co.
uk/2009/06/08/webhost_attack/">Register: </a></p>

<p style="padding-left: 30px;"><em>"Since last night, I've had probably 40 phone calls
from clients saying 'Why is my website down, It's making me look bad."</em></p>

<p>But this domino effect ruining so many small businesses had another even more
devastating angle. Just days before the hack, someone <a href="http://www.milw0rm.
com/exploits/8880">posted on milw0rm</a> a long list of yet unpatched vulnerabilities in
Kloxo, a virtual machine management software. The list certainly looks comprehensive
enough to enable anyone to penetrate a site using Kloxo, which VAServ where, leading
VAServ and others to believe that LxLabs, the Bangalorian software company behind
Kloxo is the culprit. Somebody claiming to be the hacker <a href="http://www.inquisitr.
com/25617/update-new-information-on-the-vaserv-hack-that-wiped-100k-sites/"
>commented to the inquistir blog</a>, claiming that weak password at VAServ where to
blame for the hack, which <a href="http://www.theregister.co.
uk/2009/06/10/vaserv_follow_up/">Rus Foster from VAServ denied</a>.</p>

<p>We may never know who is right and who is wrong. LxLabs, just like Vaserv, is a tiny
company using the Internet to look big. However one area that suffers a lot in small
companies, is their security. It is never important enough to invest resource in security in
such a lean and mean operations.</p>

<p><img src="http://www.xiom.com/sites/default/files/ligesh.jpg" width="179" height="206"

style="float: right;" />But tiny giants have another weakness: it all falls on the shoulders of
too few people. In the case of LxLabs, on <a href="http://timesofindia.indiatimes.
com/Bangalore/Techie-hangs-himself-in-HSR-Layout-/articleshow/4633101.cms">KT
Ligesh the CEO</a>. Ligesh<a href="http://timesofindia.indiatimes.com/Bangalore/Techie-
hangs-himself-in-HSR-Layout-/articleshow/4633101.cms"> committed suicide</a> just a
day after the hack for which his company was blamed. While already a troubled person,
2009-45 WHID 2009-45: Vaserv Hacked and Owner Commits Suicide Over Data Loss one cannot escape the thought that the hacking incident was the last straw.</p> http://www.inquisitr.com/25617/update-new-information-on-the-vaserv-hack-that-wiped-100k-sites/ 10-Jun-09 Various Unknown Data Loss Service Providers No
What does a challenge to break an web mail system and get $10,000, broken within
minutes prove? Is it a lesson in vanity? Or about the state of web security? Or about
security in general. Probably all.

The most obvious observatoins is that offering $10,000 for anyone who can break your
site and being broken within an hour shows that you don't know what you taking about.
Maybe it would be a lesson to all security vendors to not believe their own marketing
verbiage. A quick browse of the bugtraq vulnerability archives will show how insecure and
easy to evade security products can be.

However, judging from the number and seriousness of the incidents reported on the web
hacking incidents database, StrongWebmail is not alone and far stronger companies
suffers severe incidents, making web applications the weakest link in an organizations
information security.

Lastly, we should always remember that there is never perfect security. By making
systems more secure we are just raising the price required to attack them and lowering the
damage of such an attack, but never. As the old joke goes: the only secure system is one
2009-43 WHID 2009-43: Web Mail Company to Pay Prize After CEO Hacked without users. http://www.strongwebmail.com/secure/email/contests/hack/tc 10-Jun-09 Cross-site Scripting (XSS)
Improper Output HandlingMonetary Loss Internet USA No
Attacking web sites by going to the source, targeting DNS servers rather than the web
sites themselves shows both the boldness of hackers as well as the fragility of the Internet.

While not new, DNS hijacking attacks took an important turn this year showing how much
we rely on the web and now little we care for its protection. In the past DNS hijacking
required complete control over the DNS server. In recent years most applications are
controlled through a web interface, including DNS servers. Earlier this year attackers
found an XSS vulnerability in a common DNS platform to hijack unused DNS entries for
phishing

But this was only a small prelude to the real thing. CNet reports that this time hackers took
over an entire TLD (Top Level Domain, or country) DNS server using SQL injection,
virtually defacing the Puerto Rican site of companies such as Google and Microsoft.

The amazing story unfolds in the comments to CNet story, which outlines a mischievous
professor and slow authorities who let him privatize and monetize on domain registration
in Puerto Rico without any control.

The question we are left with is whether other countries and geographies different? Or
2009-42 WHID 2009-42: Puerto Rico sites redirected in a DNS attack even other industries for that matter? http://news.cnet.com/8301-1009_3-10228436-83.html 27-Apr-09 SQL Injection Improper Input Handling Defacement Internet US No
The register reports that Digital Spy, a high profile UK gossip site carried banner inflicting
ads. Digital Spy has acknowledged the issue and said it promptly addressed it, however
details on the source of the malicious banners is still not availalbe.

Malware distribution through ad programs is a borderline phenomenon. While there is no

question that malware distribucion is malicious, and in most geographies illegal, in many
cases the site owners are not technically responsible for the content of the ads they serve
as the ad content comes directly from a 3rd party. The question whether they are legally
responsible is open.

Another issue is defining a malware. Many times ads are used to entice users to download
and install programs that are questionable. a rootkit installed through a known browser
vulnerability is a malware, however the distinction between adware and malware is many
time blurred and depends on:

The ratio between benefit to the user and benefit to the software distributor,

The clarity in which the benefit to the software distributor is explained to the user, and
lastly:

2009-41 WHID 2009-41: Malware in Advertizing at Digital Spy The legality of this benefit http://www.theregister.co.uk/2009/06/02/digital_spy_malware/ 2-Jun-09 Content Spoofing Improper Output HandlingPlanting of Malware Media UK No
Information Week reports that a well known Turkish hacker penetrated two sensitive US
army servers, one at McAlester Ammunition Plant in McAlester, Okla., and the other at the
U.S. Army Corps of Engineers' Transatlantic Center in Winchester, Va. The hacks are the
currently under criminal investigation by Defense Department officials.

The breaches where not publicly disclosed and the level of exposure is therefore not
known. It is known however that web site visitors where redirected to a site protesting
against climate change.

2009-40 WHID 2009-40: SQL injection Hits Sensitive US Army servers The Register speculates that the attack method was SQL injection. http://www.informationweek.com/news/government/federal/showArticle.jhtml?articleID=217700619 26-Jan-09 SQL Injection Improper Input Handling Defacement Government USA No Turkey
<p>Gareth Heyes (and others) reported an interesting vulnerability in Twitter last week.
While his <a href="http://www.thespanner.co.uk/2009/01/07/i-know-what-your-friends-did-
last-summer/">post </a>included a proof of concept code, it does not qualify as a hack
only a vulnerability disclosure and the Web Hacking Incident Database does not list
vulnerabilities.</p>

<p>Luckily <img src="

/sites/all/modules/wysiwyg/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-cool.gif"
alt="Cool" title="Cool" /> <a href="http://maone.net/">Giorgio Maone</a> decided to create
his own proof of concept, run it himself and <a href="http://hackademix.
net/2009/01/13/twitter-json-hijacking-updates/">provide us with the result</a>, enabling
me to label this as a hack</p>

<p>By exploiting a CSRF bug in twitter (or maybe a feature?) site owners can get twitter
profiles of their visitors. For Twitter this is a second this year and now the comprise 50% of
the web incidents for 2009. Is this going to be the year of Web 2.0 security?</p>

2009-4 WHID 2009-4: Twitter Personal Info CSRF <p>&nbsp;</p> 7-Jan-09 Cross-site Request Forgery
Insufficient
(CSRF)Process Validation
Leakage of Information Web 2.0 USA No Italy
After focusing earlier this year on Anti-Virus vendors, Uno, the Romanian Hacker is now
back and reports in his blog that an Orange France web site dedicated to photo
management is vulnerable to SQL injection and that he was able to access 245,000
2009-39 WHID 2009-39: Uno is back: 245,000 records stolen from Orange France using SQL injection records from the web site. http://www.hackersblog.org/2009/05/25/orange-is-so-cool/ 26-May-09 SQL Injection Improper Input Handling Leakage of Information Service Providers France No Romania 245,000
<p>Polls are easy target for automation abuse. You can usually participate anonymously
and the poll operator has an interest in drawing as many participants as possible, but as
<a href="http://www.xiom.com/whid-2009-3">demonstrated by previous incidents</a>
such loose security enables hackers to distort the results.</p>

<p>This time <a href="http://www.theregister.co.uk/2009/04/17/time_top_100_hack/">a

<span>hacker</span> <span>succeeded</span> in manipulating</a>
<span>Time's</span> poll for most <span>influential</span> people in 2009.</p>

<p><a href="http://www.time.com/time/specials/packages/article/0,28804,1883644
_1886141,00.html"><img src="http://www.xiom.
com/sites/default/files/images/time_poll_hacked.png" alt="Top results for the hacked Time
poll" width="480" height="156" /></a></p>

<p>Such poll are probably always <span>distorted</span> by automated programs,

&nbsp; with every stakeholder running his own robot to promote a cause. The <a href="
http://www.time.com/time/specials/packages/article/0,28804,1883644_1886141,00.html"
>current time poll status</a> <span>Shawn</span> above includes mostly known people,
though the standings do seem skewed. Is it just that our view of the world is different than
others, or have <span>Muslims</span> around the world become avid Time readers? The
top rated person, "moot", which none of you heard about until now, proves that it is all
about automation.</p>

<p>This specific poll distortion <a href="http://musicmachinery.com/2009/04/15/inside-the-

precision-hack/">reported by Paul <span><span>Lamere</span></span></a> is unique
since a group of hackers called 4chan, led by "moot", took the time to fight Time's humble
attempts to mitigate automation. Among the measures and countermeasures that 4chan
and Time exchanged are:</p>

<ul>

<li>4chan distributed the simple get URL required to vote for moot through legitimate web
sites and comment spamming. Such a link can easily be executed automatically by a web
site user without his awareness using CSRF techniques.</li>

<li>Using a typical CSRF counter measure, Time added a salted and hashed key to
ensure that the poll was submitted from its own poll form. However the key was
authentication on the client by <span>Time's</span> poll Flash application
<span>enabling</span> 4<span><span>chan</span></span> to easily find it out and
overcome the issue. </li>

<li>The Time voting mechanism did not even check that the ranking in the vote was legal,
so a link to vote down "moot" competitors in the list was also used until Time fixed the
issue. Voting down is key to winning such a poll as 4chan competitors are not at rest
running their own sophisticated campaigns.</li>

<li>Lastly 4chan developed sophisticated robots to auto-vote. Those robots overcome

Time's anti-automation protections: since each user is allowed to vote just once in every
13 seconds, the robots uses open proxies to vote faster. Since time only prevents voting
for the same person from the same IP, the robots used the extra 12 seconds available for
each source IP to vote down competitors. The system also reports to a central server
allowing monitoring of the voting rate!</li>

</ul>

<p><img src="http://www.xiom.com/sites/default/files/images/4chan_voting_rate.png" alt="

Rate of voting for &quot;rain&quot; as recorded by 4chan monitoring" width="480" height="
149" /></p>

<p>However this specific hack is ever more interesting. At one point

4<span><span>chan</span></span> where bored with just running moot for presidency,
so they decided to use their sophisticated machine to do a more elaborate work. They
<span>decided to fix all first 21 nominees so that their initials would spell
"<span>Marblecake</span> Also the Game". And as </span><a href="http:
//musicmachinery.files.wordpress.com/2009/04/kg9kl.jpg?w=450&amp;h=460">Paul
2009-38 WHID 2009-38: Time's Poll For Most Influencial Hacked <span><span>Lamere</span></span>'s screenshot</a> proves, they made it.</p> http://www.theregister.co.uk/2009/04/17/time_top_100_hack/ 15-Apr-09 Cross-site Request Forgery
Insufficient
(CSRF)Process Validation
Link Spam Media USA No
<p><em><strong>Update (Apr 19^th 2009)</strong></em> - The initial
Mooney Twitter worm has evolved into a series of 5 worms at the time of writing, each
exploiting a different vulnerability in Twitter. The latest one specifically focuses on twitter
accounts who have a high number of followers thus targeting celebrities such as Ashton
Kutcher and Oprah Winfrey <a href="http://www.sophos.
com/blogs/gc/g/2009/04/17/mikeyy-worm-targets-oprah-york-times/">according to Graham
Cluley</a> from Sophos.</p>

<p>The hack seems to have paid of to Mikeyy Mooney who was <a href="http://www.
computerworld.com/action/article.do?command=viewArticleBasic&amp;
articleId=9131737&amp;intsrc=news_ts_head">hired to as security consultant</a>
following the incident.</p>

<hr />

<p>Twitter is in the spotlights again. Mikeyy Mooney, the 17-year-old creator of StalkDaily.
com, a Twitter alternative, <a href="http://www.bnonews.com/news/242.html">admitted
</a>to hacking his giant competitor by implementing a worm that propagated itself through
twitter making every affected user tweet about StalkDaily. Mikeyy certainly got the
advertising and page views he was looking for.</p>

<p><img src="http://www.xiom.com/sites/default/files/images/Mikeyy_270x246.png" alt="

Mikeyy Mooney, the Twitter worms creator" width="270" height="246" style="float: right;"
/>Mikeyy's worm is a good example of how CSRF and XSS can be combined to create a
strong blended attack, in this case a propagating worm. A Web 2.0 community generated
site such as twitter is often vulnerable to stored XSS . This often implies that a user can
update his own profile with malicious code and as a result others who view his content get
hit. Without any other vulnerability to complicate things, you are safe as long as your
friends are trustworthy.</p>

<p>However, if the site is also vulnerable to CSRF, the XSS exploit can include in addition
to the payload also the original XSS inflicting code run under the attacked users
credential, modifying his content and therefore hiting his own friends, which hit their own
friends and so on.</p>

<p>You can find the technical details of the attack on <a href="http://dcortesi.
com/2009/04/11/twitter-stalkdaily-worm-postmortem/">Damon Cortesi's blog</a>. You
may also be interested in the <a href="http://gist.github.com/93782">full XSS payload</a>.
2009-37 WHID 2009-37: Twitter XSS/CSRF worm series (Updated) </p> http://dcortesi.com/2009/04/11/twitter-stalkdaily-worm-postmortem/ 11-Apr-09 Cross-site Scripting (XSS)
Improper Output HandlingWorm Web 2.0 No USA
<p><em><strong>Update (Apr 19^th 2009)</strong></em> - (Presumably)
the hacker posted a comment to this story with some details. He says that the
Number_of_Records leaking was much higher: 17,000 Aussies and 7,000 Kiwis. The rest
we did not understand and hope that either he or any of you can clarify.</p>

<p><a href="http://www.xiom.com/whid/2009/36/shell_au_hacking">Read more...</a></p>

<p><hr />

Leakage of information from an energy company is usually associated with gas stations
fraud such as installing a stealth credit card reader at the pump. However, a <a href="http:
//www.stuff.co.nz/national/2269256/Hackers-steal-Shell-customer-info">report</a>
suggests that an incident in which information about 4500 Australian and 1400 Kiwis
leaked was a result of a glitch in a web based application for applying for a Shell fuel card.
The information obtained included company names, address details, email addresses and
2009-36 WHID 2009-36: Hackers steal Austalian and NZ Shell customer info (Updated) some bank account details.</p> http://www.stuff.co.nz/national/2269256/Hackers-steal-Shell-customer-info 17-Feb-09 Unknown Unknown Leakage of Information Retail No 5,900
<p>Norm Coleman, a former senator from Minnesota, is going through a legal battle to try
to win back his seat in the senate. If the way he manages his web site security and the
crises it created are an indicator, I am not sure that he has a place there.</p>

<p>The Coleman team <a href="http://www.startribune.com/politics/state/41127537.html?

elr=KArks8c7PaP3E77K_3c::D3aDhUec7PaP3E77K_0c::D3aDhUiD3aPc:_Yyc:
aULPQL7PQLanchO7DiUr">called in the US Secret Service</a> to investigate the leak in
which sensitive information about more than 4700 donors was published on Wikileaks, a
web site devoted to such exposures. Coleman himself called the incident "an obviously an
attack on my campaign".</p>

<p>However the Minnesota Independent <a href="http://minnesotaindependent.

com/28711/breaking-colemans-unsecured-donorbase-to-be-revealed-on-wikileaks"
>reveals </a>that the information was exposed for anyone to view on the senator's web
site since at least January 28^th. Hardly an attack. At the time the site was
suffering performance issues and in a debate about the cause somebody <a href="http:
//minnesotaindependent.com/24761/disenfranchised-voters-crash-colemans-site-unlikely-
says-blogger#comment-24131">commented </a>to an Independent about the an exposed
database, which the Independent was fast to <a href="http://minnesotaindependent.
com/24817/crashgate-reveals-unprotected-database-on-colemans-site">report </a>on.
Moreover, Wikileaks took the trouble to inform the people in the list that their information
2009-35 WHID 2009-35: Former US Senator Donors Information Leaks leaked, while it took the Senator team over a month to react.</p> http://minnesotaindependent.com/28711/breaking-colemans-unsecured-donorbase-to-be-revealed-on-wikileaks 11-Mar-09 Administration Error Application Misconfiguration
Leakage of Information Politics USA No 4,700
<p>Another week, another hack by the <a href="http://www.hackersblog.org"
>HackerBlog</a>, and when it targets an important web site and the impact is severe it is
worthy of WHID. This time the Romanian hacker <a href="http://www.hackersblog.
org/2009/03/06/telegraphcouk-hacked-sql-injection/">used blind SQL injection to penetrate
to the web site of the Telegraph</a>, a leading English daily paper.</p>

<p>Among his findings is a table including 700,000 e-mails, which would be a gold mine
for spammers.</p>

<p>The Telegraph <a href="http://blogs.telegraph.co.

uk/shane_richmond/blog/2009/03/09/hackersblog_and_telegraphcouk">response</a> was
2009-34 WHID 2009-34: Romanian Hacker Moves On To The Telegraph published on their official blog.</p> http://www.hackersblog.org/2009/03/06/telegraphcouk-hacked-sql-injection/ 6-Mar-09 SQL Injection Improper Input Handling Leakage of Information Media UK No Romania
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
<p>A zero day XSS vector enables hackers to include in an eBay offer an arbitrary code
which is executed by both FireFox and IE. As a result they were able to spoof the content
of the offer, so that the user saw different information than the details known to eBay.</p>

<p>A very detailed technical explanation of the vulnerability is included in a <a href="https:
//bugzilla.mozilla.org/show_bug.cgi?id=481558">FireFox community discussions</a> on
whether the issue is a browser or a web site issue. As usual, the truth is somewhere in the
middle. The FireFox team selected to correct the issue discovered in FireFox. Microsoft
claimed that the issue exploited in IE, which is <a href="http://www.theregister.co.
uk/2009/03/08/ebay_scam_wizardy/">reported </a>to be a CSS expression issue, is not
2009-33 WHID 2009-33: eBay Fraud Abuses Zero Day XSS feature and not a bug and the vulnerable web site should be fixed.</p> https://bugzilla.mozilla.org/show_bug.cgi?id=481558 4-Mar-09 Content Spoofing Improper Output HandlingMonetary Loss Retail USA No
<p>Twitter reports in a <a href="http://blog.twitter.com/2009/03/safekeeping-twitter-
accounts.html">blog entry</a> that 750 accounts were hacked. The hacker posted
messages linking to a porn webcam. While Twitter did not disclose how the attack was
carried out, the suggested remediation hints that the account passwords were guessed,
2009-32 WHID 2009-32: 750 Twitter Accounts Hacked probably using a brute force attack.</p> 10-Mar-09 Brute Force Insufficient Anti-automation
Link Spam Web 2.0 USA No Password 750
<p>Twitter is certainly bypassing Facebook as the most popular site out there, at least
when it comes to security incidents.This time somebody decided abuse Twitter to
demonstrate <a href="http://www.sectheory.com/clickjacking.htm">Clickjacking</a>, an
attack that RSname and Jeremiah Grossman re-christened in the OWASP conference in
New York in September.</p>

<p>A well placed button labeled "don't click" make people click on it actually sending a
Twitter message. Sunlight labs have a very interesting <a href="http://sunlightlabs.
com/blog/2009/02/12/what-dont-click-business/">report</a> showing the rate of
propagation of the worm.</p>

<p>Cnet <a href="http://news.cnet.com/8301-1009_3-10162812-83.html">reports </a>the

worm spread on Feb 12^th in two pulses. After the Twitter people closed the
loophole the 1st time, somebody <a href="http://news.cnet.com/8301-1009_3-10163790-
83.html">bypassed the patch</a> to restart the worm spread out.</p>

<p>Chriss Shiflett provides a very good<a href="http://shiflett.org/blog/2009/feb/twitter-

2009-31 WHID 2011-89: China Implicated In Hacking Of SMB Online Bank Accounts dont-click-exploit"> technical analysis</a> of the worm.</p> 12-Feb-09 Worm Insufficient Process Validation
Defacement Web 2.0 US No
<p>While we have no public record of an exploit in this case, it seems that the mare
discovery of vulnerabilities in sage new SaaS (software as a service) offering created so
much damage to classify it as an incident.</p>

<p>Sage is the leading provider of accounting software in the UK and it was about to
launch a trendy small business SaaS offering. However as <a href="http://blogs.zdnet.
com/SAAS/?p=655">ZDnet reports</a>, serious security flaws were discovered in the
public beta and the company has to call off the launch. Who discovered the issues?
naturally the competition. Duane Jackson, the CEO of a tiny rival company <a href="http:
//blog.kashflow.com/2009/01/21/sage-live-security/">reported</a> them on his blog<span
class="post-author vcard"><span class="fn">.</span></span></p>

<p><span class="post-author vcard"><span class="fn">More than anything, the incident

shows how difficult it is for developers to migrate from desktop software to a web based
offering. This is a whole new ball game, and security is one of the more difficult issues to
adjust to. On the other hand it also shows that on line services are much more exposed to
scrutiny, which may result in better security down the line.<br /></span></span></p>

<p><span class="post-author vcard"><span class="fn">As for the technical details, the

reports found that the following issues in the application:</span></span></p>

<ul>

<li><span class="post-author vcard"><span class="fn">Password displayed in clear text

and sent in the request line.</span></span></li>

<li><span class="post-author vcard"><span class="fn">Remember me is on by default on

any login.<br /></span></span></li>

<li><span class="post-author vcard"><span class="fn">Access to management sections

of the site and other users data.<br /></span></span></li>

2009-30 WHID 2009-30: Sage SaaS Withdrawn Due to Security Flaws </ul> 21-Jan-09 Insufficient Authentication
Insufficient AuthenticationMonetary Loss Technology UK No Sage
<p><img src="/sites/default/files/images/trends.gif" align="right" />Someone, and not for
the 1st time, succeeded in manipulating <a href="http://www.google.com/trends">Google
Trends</a>, a Google service listing popular search terms. In this case the New York Time
<a href="http://bits.blogs.nytimes.com/2009/01/07/google-trends-falls-victim-to-disturbing-
stunt/?hp">reports</a> that a symbol at presumably denoting 9/11 reached number 2 in
the list of hot Trends (see picture right).</p>
<p>While this may be nothing more than a joke, the capability to create a trend can have a
huge and sometimes devastating effect. After all in recent months the future of big
financial institutes was determined by the rumor mill.</p>
<p>On the technical side, insufficient anti-automation controls have been one of the more
obscure and hardest to fix vulnerabilities in web applications. Starting with the <a href="
/whid-2005-65">Lexis-Nexis incident (WHID 2005-65)</a>, many incidents where waved
off as nothing more than an automated client. However, as the incidents pile it becomes
clear that it is the responsibility of the site owner to mitigate such harmful automation
2009-3 WHID 2009-3: Google Trends Falls Victim to a Stunt attacks.</p> 6-Jan-09 Process Automation Insufficient Anti-automation
Disinformation Internet USA No
<p>A very interesting <a href="http://usa.visa.com/download/merchants/20090212-
usss_fbi_advisory.pdf">report </a>by the FBI together with the US Secret service outlines
a scheme exploiting SQL injection to steal credit card information from financial institutes.
The attack involves directly attacking HSMs, the banks key vaults in charge of verifying
ATM PINs in order to brute force PIN numbers.</p>

<p>The report is unique in describing an attack on financial services. Such attacks are
know to happen but are seldom reported, certainly not with the amount of details in this
report. However, the report does not indicate which incident it is based on. Is the close
proximity of the report release to the Heartland incident just a coincidence?</p>

<p>Getting to this report took some effort and the only non blogshpere copy we found is
on the Visa web site. If you know anything about this incident, please help us complete the
2009-29 WHID 2009-29: FBI & Secret Service warn of a sophisticated HSM attack information by leaving a comment on <a href="/contact">contacting us</a>.</p> http://usa.visa.com/download/merchants/20090212-usss_fbi_advisory.pdf 25-Feb-09 SQL Injection Improper Input Handling Monetary Loss Finance USA No
<p>The Register <a href="http://www.theregister.co.uk/2009/02/11/psystart_website/"
>reports </a>that the online shop of Psystar, a maker of Mac compatible equipment is
2009-28 WHID 2009-28: Serious Leakage on Mac clone Maker's site heavily leaking technical information that can be expoited to hack the site.</p> 11-Feb-09 Misconfiguration Application Misconfiguration
Leakage of Information Retail USA No
<p>A <a href="http://www.zdnet.co.uk/talkback/0,1000001161,39610697-39001058c-
20100458o,00.htm">report </a>suggests that the UK retail site of the electronic equipment
giant Panasonic was hacked and prices of products where set to pennies. Since the
incident followed a layoff of 15,000 employees, it is assumed to be a disgruntled
2009-27 WHID 2009-27: Panasonic Products for Cheap employees doing.</p> 14-Feb-09 Unknown Unknown Monetary Loss Retail UK No
<p>It wasn't surprising that after attacking a <a href="
/whid/2009/19/kaspersky_site_breached">Kaspereski </a>and a <a href="
/whid/2009/20/bitdefender_joins_kasperski_on_the_breached_side">BitDefender</a> web
sites, Uno, the Romanian hacker, would continue to strike anti-virus vendors. This time he
found a vulnerability in the web site of Finish AV vendor F-Secure. Somewhat less severe
than the others, the vulnerability enabled the hacker only to access virus statistics.</p>

<p>As usual, the marketing department <a href="http://news.cnet.com/8301-1009_3-

10163227-83.html">response </a>is amazing, mentioning that "<em>the problem with its
site was due to a bug in a Web application and not related to an unpatched system</em>".
Does that make it better?</p>

<p>Frankly, I don't envy the marketing department role. The company, any company for
that matter, is spending too little on web application security, sites are taken down daily,
and the marketing people are send to fend off the public. They must have a thick skin to
2009-26 WHID 2009-26: F-Secure Joins The Breached AV Vendors Club survive in marketing.</p> 11-Feb-09 SQL Injection Improper Input Handling Leakage of Information Technology Finland No Romania
<p><img src="/sites/default/files/images/zone-h_defaced.jpg" alt="Zone-H Defaced"
width="284" height="275" align="right" />Whenever a defacement appears in WHID we
need to explain why. After all isn't Zone-H a better repository of simple defacement. Well,
yes, but according to this <a href="http://www.theregister.co.
uk/2009/02/13/zone_h_defaced/">report </a>by The Register this time it was Zone-H
which was defaced. The defaced site seen on the right, is available <a href="http://209.
85.129.132/search?q=cache:4eY0ub7aCt4J:www.zone-h.org/+zone+h&amp;hl=pl&amp;
ct=clnk&amp;cd=1&amp;gl=pl&amp;client=firefox-a">here</a>. I am sure it is just a matter
of time before we add a WHID defacement to WHID...</p>

<p>The Register article is interesting due to another perspective: when discussing the
future of Zone-H, John Leyden writes:</p>

<p><table border="0">

<tbody>

<tr>

<td>But in an age where SQL injection assaults against legitimate sites are used to run
drive-by download attacks without leaving any obvious signs of attack, perhaps the
recording of blatant web graffiti attacks is no longer as relevant as it once was</td>

</tr>

</tbody>

</table>

</p>

<p>We at the Web Hacking Incident Database try to provide the answer for this new age. I
2009-25 WHID 2009-25: Zone-H defaced hope we help.</p> 13-Feb-09 Unknown Unknown Defacement Media No
<p>Netcraft, one of the leading authorities on phising research, <a href="http://news.
netcraft.
com/archives/2009/02/17/new_phishing_attacks_combine_wildcard_dns_and_xss.html"
>reports</a> a Phishing scam that involves XSS.</p>

<p>The scam exploits an XSS vulnerability in <a href="http://www.scripts24.

com/iredirector/subdomain/index.php">iRedirector</a>, a software used to map sub-
domains into paths on the site, in order to hijack domains and use them as Phishing
targets. Since iRedirector enables virtually any sub domain to be defined, the attacker can
now create an endless number of combinations of domain names built to fool users and
2009-24 WHID 2009-24: New Phishing Attacks Combine Wildcard DNS and XSS web filters alike.</p> 10-Feb-09 DNS Hijacking Improper Output HandlingPhishing Multiple Various No iRedorector
<p>It is Twitter again, it is a celebrity again. Why don't they keep their password to
themselves. This <a href="http://www.entertainmentwise.com/news/47172/miley-cyrus-
twitter-account-hit-by-sexobsessed-hacker">incident </a>is even uglier as the attacker
posted obscene content on the Twitter account of the 16 years old actress Miley Cyrus.
This is not the first attack targeting Miley Cyrus. As r<a href="http://www.xiom.
com/whid/2008/60/miley_cyrus_myspace_gmail">eported by WHID</a>, her personal G-
mail account was hacked last year and personal pictures were stolen and published
online.</p>

<p>We assume that he just guessed the password. Was it a trivial one? did he find a way
to brute force it? Or was it something entirely different like yet another Twitter CSRF bug?
2009-23 WHID 2009-23: Miley Cyrus Twitter Account Hit By Sex-Obsessed Hacker time will tell.</p> 17-Feb-09 Unknown Unknown Leakage of Information Web 2.0 USA No
<p><em><strong>Updated (Feb 22^nd 2009)</strong></em> - the
Washington Post <a href="http://voices.washingtonpost.com/securityfix/2009/02/travel-
booking_site_for_federa.html">updates </a>that the hack exploited a problem with the
default configuration of the authentication module used for authenticating remote
administrators. As a result we categorized this incident under "insufficient authentication"
and "misconfiguration".</p>

<hr />

<p>Whenever we include a site inflicted with malware in WHID we need to explain why
this one is worthy of WHID, after hundreds of thousands of web sites are planted with
malware annually.</p>

<p>The <a href="http://voices.washingtonpost.com/securityfix/2009/02/travel-

booking_site_for_federa.html">Washington Post</a> report about govtrip.com spreading
malware is unique because this is an official US General Services Administration (GSA)
&nbsp; web site and many US federal departments employees are required to reserve
travel through it. In addition, the site is run by a major defense contractor, Northrop
Grumman, who you would think would know better. How secure are their defense projects
2009-22 WHID 2009-22: Federal Travel Booking Site Spreads Malware (Updated) when it comes to application security?</p> 11-Feb-09 Insufficient Authentication
Insufficient AuthenticationPlanting of Malware Retail USA No
<p>I must admit that Uno, the Romanian hacker behind a series of intrusions in recent
days is a bit of a cheat for the Web Hacking Incident Database. We usually do not report
vulnerabilities that where not exploited. While we understand their importance, they do not
fall under the <a href="/whid-faq">criteria </a>set for WHID. For now we list them in a <a
href="/research-web-site-vuln">separate page</a>, waiting for a place to be files in.</p>

<p>Uno presents a dilemma: he finds a vulnerability, exploits it to a limit and publish the
results. Therefore the incident does not have a sizable outcome and not damage is done,
but nevertheless it is interesting. We are not the only one to note that. Kasperski stressed
the point the no data was actually compromised in their <a href="http://www.kaspersky.
com/news?id=207575753">response </a>to the event. So should we add it to WHID as an
incident? should we skip it as just a vulnerability? for now we put them in.</p>

<p>So what is Uno's mischeif this time? <a href="http://hackersblog.

org/2009/02/17/international-herald-tribune-nytimescom-sqlinjection/">This time</a> it is
the International Herald Tribune Uno is after. The impact of this attack, if carried out by a
malicious hacker might have been profound as it seems that Uno got access to user name
and passwords of editors and contributors, posibily enabling a malicious hacker to publish
2009-21 WHID 2009-21: This Time Uno is after the Herald Tribute information on their behalf on this very prestigious newspaper.</p> 17-Feb-09 SQL Injection Improper Input Handling Leakage of Information Media USA No Romania
<p>Uno, the Romanian hacker responsible for <a href="
/whid/2009/19/kaspersky_site_breached">penetrating the Kasperski web site</a>,
reported <a href="http://hackersblog.org/2009/02/09/hackedbitdefender-portugal-exposes-
sensitive-customer-data/">repeating the trick</a> also on the web site of the Polish
2009-20 WHID 2009-20: BitDefender joins Kasperski on the Breached side distributor of BitDefender, another anti-virus software vendor.</p> 9-Feb-09 SQL Injection Improper Input Handling Leakage of Information Technology No Romania
<p><em><strong>Update (Jan 11^th 2009)</strong></em> - The hacker <a
href="http://blog.wired.com/27bstroke6/2009/01/professed-twitt.html">bragged </a>about
the hack and revealed that it was a brute force dictionary attack against an administrator
account. Twitter does not block repetitive login failures therefore enabling brute force
attacks. We are still leaving the incident classification "insufficient authentication" in
addition to brute force as we feel an administration interface should have additional
authentication mechanism and not just a password.</p>

<hr />

<hr />

<p>Twitter <a href="http://blog.twitter.com/2009/01/monday-morning-madness.html"

>announced </a>that a hacker broke into 33 accounts including Obama's now inactive
twitter. The hack is a result of a flaw in a web based support tool used by twitter, which
where evidently accessible externally without proper authorization.</p>

<p>It is important to note that this incident is not related to <a href="http://blog.twitter.
com/2009/01/gone-phishing.html">Twitter phishing attack</a> which occurred on the
previous weekend.</p>

<p>This incident highlights the issue of public facing administration interfaces, which often
combine strong functionality with lesser attention to quality and therefore security. As
organizations virtualize, those interfaces become available over the Internet, often without
sufficient protection.</p>

<p>You can read some of the funny things that the hacker published in different twitters
on <a href="http://www.readwriteweb.com/archives/twitter_security_collapses_oba.php"
>Read Write Web</a>.</p>

<p>Additional information:<a href="http://news.cnet.com/8301-13577_3-10131251-36.

html"> </a></p>

<ul>

<li><a href="http://news.cnet.com/8301-13577_3-10131251-36.html">CNet</a></li>

<li><a href="http://www.mediabistro.
com/webnewser/personalities/rick_sanchez_twitter_hacked_104818.asp">Media
Bistro</a><a href="http://news.cnet.com/8301-13577_3-10131251-36.html"><br
/></a></li>

2009-2 WHID 2009-2: Twitter accounts of the famous hacked (Updated) </ul> 5-Jan-09 Insufficient Authentication
Insufficient AuthenticationDefacement Web 2.0 USA No USA Administration Tool Password 33
<p>phpBB was known for years as one of the most insecure software packages out there.
It is responsible for one for one of the 1st application layer worm, <a href="/whid-2004-14"
>Santy</a> back in 2004. How ironic is that its own web site was seriously breached due
to a vulnerability in another software package used...</p>

<p>The culprit was an<a href="http://www.bugreport.ir/index_60.htm"> LFI (Local File

Inclusion) vulnerability in PHPlist</a>, an application for managing newsletters which
enables the hacker to grab phpBB users list. Another researcher <a href="http://www.
suspekt.org/2009/02/06/some-facts-about-the-phplist-vulnerability-and-the-phpbbcom-
hack/">claims </a>that this is not an LFI but a super-globals-overwrite, which is still used
to include files.</p>

<p>However, phpBB is not entirely off the hook, as the phpBB team <a href="http:
//area51.phpbb.com/phpBB/viewtopic.php?f=71&amp;t=29973">admits</a>. The stolen
files included only hashed passwords, however phpBB 2 hash was unsalted and the
hackers successfully brute forced 28,000 passwords. While phpBB 3, which is used on the
phpBB site uses better password hashing, the upgrade procedure did not upgrade existing
users waiting for their 1st login to upgrade. Anyone who did not log-in to the web site since
the upgrade still had weakly hashed password in the database.</p>

<p>A <a href="http://hackedphpbb.blogspot.com/2009/01/place-holder.html">very detailed

report </a>of the incident by the hacker shed light on how such hacks are carried out,
including what the hacker went after and his exploitation techniques . The hacker found
the exploit on <a href="http://www.milw0rm.com/exploits/7778">milw0rm</a>, a well
known exploit repository, showing that public disclosure of vulnerabilities has its price,
especially when it precedes the release if the patch.</p>

<p>A copy of the report in case the original disappears can be found <a href="http:
//ravenphpscripts.com/modules.php?name=News&amp;file=article&amp;sid=3540"
2009-18 WHID 2009-18: phpBB web site hacked using LFI >here</a>.</p> 1-Feb-09 Local File Inclusion (LFI)Improper Input Handling Leakage of Information Technology No Password 28,000
<p>TechCrunch <a href="http://www.techcrunch.com/2009/02/03/password-optionalhuge-
security-breach-hits-speeddate/">reports </a>that for a short period of time, SpeedDate,
an online dating service did not require a password. If you knew someone's user name
you could login. Talking about "lack of sufficient authentication controls..."</p>

2009-17 WHID 2009-17: Passwords are optional at SpeedDate <p> </p> 3-Feb-09 Insufficient Authentication
Insufficient AuthenticationLeakage of Information Entertainment USA No
<p>Not all defacement are created equal. I have a second grader who has just started to
use her school's web site so this defacement of 20 primary school web sites with porn hit
me deep inside. We do so much to screen our young ones from the sleazy world outside,
and getting it in the school's web site is just unimaginable. Just thinking about the
questions I would be asked if my daughter would get such pages.</p>

<p>The <a href="http://www.theregister.co.uk/2009/02/04/school_website_defacement/"

>incident </a>also highlights the total breakup of cyber security. The incident is blamed on
an unpatched version of Moodle, an open source on-line education software. The naive
way ot thinking would be that schools don't have the budgets to protect their applications
or even to upgrade them. However, as this incident shows, proper security is fundamental
and a substantial part of the budget should be allocated to it, even it means we spend less
on the application features. We need to move slower but ensure security. After all, what is
the value of an educational system that shows porn?</p>

<p>Another insight is that real time controls for protecting web applications are essential.
You need a WAF. While the specific vulnerability exploited is unknown, Installing <a href="
2009-16 WHID 2009-16: Primary schools hit by smut hack /modsecurity">ModSecurity</a> would have probably prevented the exploit.</p> 30-Jan-09 Known Vulnerability Application Misconfiguration
Defacement Education UK No Moodle
<p>Celebrities web presence hacking is topping 2009 incidents list, and rappers seem to
lead. However this <a href="http://network.nationalpost.
com/np/blogs/theampersand/archive/2009/01/23/kanye-west-has-been-hacked.aspx"
>report</a> in the Ampersand, like the <a href="
/WHID/2009/11/Lil_Kim_Facebook_Hacked">Lil Kim story f</a>rom the same week,is
somewhat questionable. In both cases it seem that uncomfortable content was blamed on
hacking.</p>

<p>West's story is somewhat ironic as he used his blog to remind users of the
untruthfulness of his web presence.</p>

<p>When reviewing all the rappers incidents, my conclusion is that they are more
susceptible to content spoofing because it is much easier for hackers to imitate their
2009-15 WHID 2009-15: Kanye West has been Hacked language and style.</p> 23-Jan-09 Insufficient Authentication
Insufficient AuthenticationDisinformation Entertainment USA No
<p>This incident might have not gotten into the Web Hacking Incident Database a year
ago. However a heated discussion on the <a href="http://www.webappsec.org">Web
Application Security Consortium</a> <a href="http://www.webappsec.org/projects/threat/"
>threat classification</a> project reminded me that content spoofing is a potent attack
vector by itself, actually one of the most dangerous there.</p>
<p>Wiki is one of those platforms that by design allow content be changed. It is its
philosophy, and <a href="http://en.wikipedia.org">Wikipedia</a> is the premier wiki out
there. It is not a surprise that it is a prime target to content spoofing, as the <a href="http:
//www.abc.net.au/pm/content/2008/s2475604.htm">story</a> about the unexpected
demise of two US senators during Obama's inauguration.</p>
<p>You can read more about the unique security philosophy of Wikis in my recent <a
2009-13 WHID 2009-13: Wikipedia Biography Hacking href="/research/wiki_security">article and presentation</a> about the subject.</p> 27-Jan-09 Content Spoofing Unknown Disinformation Web 2.0 USA No
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
<p>Ismael Valenzuela sent us <a href="http://blog.ismaelvalenzuela.
com/2009/01/26/embassy-of-india-in-spain-found-serving-remote-malware-through-iframe-
attack/">a story</a> about yet another malware through iFrame serving site. This time it is
an official one, belonging to the Indian government official branch in Spain - it's embassy.
</p>

<p>We can hardly include every malware service site in WHID, after all there are hundred
of thousands, if not millions, of those. Why pick on the Indian embassy in Spain? One
good reason is that we finally got in an input from a reader and wanted to honor the event
and include the incident. But there is another more important reason.</p>

<p>First, <a href="http://www.theregister.co.

uk/2008/01/23/embassy_sites_serve_malware/">hacked embassy sites are becoming a
major issue</a> which points to a much larger issue: cyber crime is endangering the
Internet as we know it. While we come to rely on the web to provide us with all the
information and services that we need, we do not have the tools to make it a safe place,
and embassy web sites are a good example.</p>

<p>Practically the only way to provide sufficient security to a web site is not to have it in
the first place. Instead small organizations must rely on the services of huge brokers, such
as Amazon, eBay or Google sites. However not everyone can use this services.
Embassies are a good example as they need to be "doubly localized" for both the
originating and target countries which makes it nearly impossible to create a uniform
service for them. Therefore even embassies of larger countries need to create small home
made and insecure web sites, as they need to adjust their site content, language and site
look to the local community served.</p>

<p><a href="http://blog.trendmicro.com/embassy-site-attack-reveals-other-compromised-
2009-12 WHID 2009-12: Embassy of India in Spain found serving remote malware through iFrame attack sites/">Thechnical analysis</a> of the planted malware was done by Trend Micro.</p> 26-Jan-09 Unknown Unknown Planting of Malware Government No
<p>I am not sure why rappers web presence is so often hacked. They might be the first
generation of artists to use the web, brightly combining great Internet skills with
technophobia which leads to basic operational errors. Or it might be the underground
nature of the artists that (mis)manage their web presence by themselves.</p>
<p>Lil Kim is joining Soulja Boy in being cyber abuse, or so <a href="http://hiphop.
popcrunch.com/lil-kim-facebook-hacked/">she claims</a>, saying that a blog entry calling
Naturi Naughton, the actress who portrays her in a new film, &ldquo;tasteless and
2009-11 WHID 2009-11: Lil Kim Facebook Hacked talentless.&rdquo;, is a fake.</p> 26-Jan-09 Unknown Unknown Disinformation Entertainment USA No
<p>It seems that if the worse thing that can happen to hackers is a real accident to Apple's
CEO Steve Jobs. The number of hacks devoted to informing us about his fictitious
accidents is just overwhelming. In this case <a href="http://anantasec.blogspot.
com/2009/01/i-was-watching-macrumors-live-feed.html">AnantaSec reports</a> a hack
into Mac Rumors feed that was possible simply because a file with the administrator
2009-10 WHID 2009-10: MacRumorsLive feed hack password was laying around accessible to anyone due to an administration error.</p> 7-Jan-09 Unintentional Information
Application
DisclosureMisconfiguration
Disinformation Media USA No
Update (Jan 13, 2009) - Ynet, an Israeli paper, reports that many of the sites defaced
where actually DNS hijacked following a break-in to the servers of DomainTheNet, an
Israeli registrar. And just like other recent DNS hijacking incidents, the fault was lack of
sufficient authentications and the hackers got hold of passwords to the administration
system.

Update (Jan 10, 2009) - Zone-H reports that in addition to Israeli sites, Turkish hackers are
also targetting USA and Nato web sites using SQL injection.

The war in Gaza, like most modern wars, moved immediately to cyberspace. Islamic and
Arab groups all over the world are using the Internet to retaliate against Israeli web sites.
Some of the reported incidents are:

<a href="http://www.israelnationalnews.com/News/Flash.aspx/158570">Israeli bank site

hacked by an Islamic group</a></li>

<a href="http://www.darkreading.com/security/attacks/showArticle.jhtml?
articleID=212700313">Hundreds of Israeli web sites hacked in 'Propaganda War'</a>

Like every war, this one is not one sided. Interestingly enough, since this is a war between
a country and a Guerrilla organization, and the cyber war which focus on mostly on
conquering the minds of people is shaped similarly. The Israeli cyber war activity is mostly
funneled through legal channels rather than hacking, as described by <a href="http://blog.
wired.com/defense/2008/12/israels-info-wa.html">Wired</a>.

However, unlike the physical war in which only the Israeli military is conducting, in
cyberspace Israelis join by themselves the hacking war. Artuz 7, an Israeli media site, <a
href="http://www.israelnationalnews.com/News/News.aspx/129223">reports </a>that a
group of students released a tool that perform distributed denial of service attacks against
Hamas web sites. The <a href="http://www.help-israel-win.org/index.php?lang=eng"
>students site itself</a> provides news alerts about the cyber war between Israel and the
Hamas.

Editor's notes: (1) As a policy, we decided to report each such conflict as a single incident,
2009-1 WHID 2009-1: Gaza conflict cyber war unless some hack is especiallly of interest. The author of this incident is Israeli. http://www.ynetnews.com/articles/0,7340,L-3649281,00.html 5-Jan-09 Various Insufficient AuthenticationDowntime Multiple No
In his most-recent plea agreement, filed in court Monday, confessed hacker Albert
Gonzalez admitted conspiring in the 7-Eleven breach and fingered two Russian associates
as the direct culprits. The Russians are identified as ‰ÛÏHacker 1‰Û_ and ‰ÛÏHacker
2‰Û_ in Gonzalez‰Ûªs plea agreement, and as ‰ÛÏGrigg‰Û and ‰ÛÏAnnex‰Û in
an earlier document inadvertently made public by his attorney.

The Russians, evidently using an SQL injection vulnerability, ‰ÛÏgained unauthorized

access to 7-Eleven, Inc.‰Ûªs servers through 7-Eleven‰Ûªs public-facing internet site,
and then leveraged that access into servers supporting ATM terminals located in 7-Eleven
stores,‰Û the plea agreement reads. ‰ÛÏThis access caused 7-Eleven, Inc., on or
about November 9, 2007, to disable its public-facing internet site to disable the
unauthorized access.‰Û

2008-61 WHID 2008-61: 7-Eleven Hack From Russia Led to ATM Looting in New York Read More http://www.wired.com/threatlevel/2009/12/seven-eleven/#ixzz0iehheEY7 http://www.wired.com/threatlevel/2009/12/seven-eleven/ 7-Sep SQL Injection Improper Input Handling Monetary Loss Retail USA No Russia $2,000,000.00
<p><span><em><strong>Update (April 19th 2009)</strong></em> - E!News <a href="
Update (April 19th 2009) - E!News provides additional interesting details about Josh Holly,
the hacker who carried out the attack. They actually took the trouble to go to Holly's
hometown and and ask people about him,providing an interesting insight into the celebs
hacking phenomena. ">provides additional interesting</a> details about Josh Holly, the
hacker who carried out the attack. They actually took the trouble to go to Holly's hometown
and and ask people about him,providing an interesting insight into the celebs hacking
phenomena. </span></p>

<hr />

<p>Celebs are fast becoming a prime hacking target. Miley Cyrus already made her debut
at WHID when her Twitter account was raided. But it seems that this was not her first
cyber incident for her. As <a href="http://blog.wired.com/27bstroke6/2008/10/miley-cyrus-
hac.html">reported by Wired</a>, late last year a hacker named Josh Holly published
private photos of Ms. Cyrus stolen from her G-mail account.</p>

<p>The hack was a relatively sophisticated one and a very good example of the risks of
Web 2.0. Holly penetrated a MySpace administrator using social engineering. Using the
account he gained access to a list of passwords which MySpace stored in an unencrypted
form. Unbelievable. Since most of us use the same password for multiple services, Holly
used Cyrus' MySpace password on her G-mail account gaining access and retrieving the
photographs.</p>

<p>In a related but yet unconfirmed story Holly claims to have used the MySpace
2008-60 WHID 2008-60: Miley Cyrus Pictures Leaked Due to a Web Hack (Updated) administrative account for an advertising scam by which he gained $50,000.</p> 20-Oct-08 Administration Error Application Misconfiguration
Leakage of Information Web 2.0 No
<p>This time we may need to remove the word "web" leaving this <a href="http://www.
spotify.com/blog/archives/2009/03/04/spotify-security-notice/">incident</a> classified only
as "application security". Spotify is a new music streaming radio like service from Sweden.
A weakness in <a href="http://www.spotify.com">Spotify </a>streaming protocols enables
hackers to gain access to users' encrypted passwords, email address, birth date, gender,
postal code and billing receipt.</p>

<p>An interesting aspect of this incident is that while the vulnerability has been discovered
and fix on December 19^th, the fact that it was actually exploited was
discovered only in March 2009. Many times companies report that a vulnerability was
found on there site, but they are not aware of any exploit of the vulnerability. As this
incident shows, even if the company is not aware, there is a chance that the vulnerability
2008-59 WHID 2008-59: Spotify Streaming Music Service Hacked and Millions of Records Leaked was exploited.</p> 19-Dec-08 Stolen Credentials Insufficient Transport Layer
Leakage
Protection
of Information Media Sweden No
<p>XSSed <a href="http://www.xssed.
com/news/77/New_Orkut_XSS_worm_by_Brazilian_web_security_group/">reports
</a>another XSS worm in Orkut. Since Orkut is big in Brazil, it is quite natural that a
Brazilian group created the worm.</p>

<p>I have used this occasion to sort out worms reporting in WHID.</p>

<ul>

<li>A worm is now considered an Attack_Method rather than an outcome. If nothing else,
the outcome of a worm is "planting of malware": itself.</li>

<li>I have added a "Web 2.0" organization type as many of the XSS worms infect Web 2.0
sites.</li>

2008-58 WHID 2008-58: New Orkut Worm in Brazil </ul> 4-Oct-08 Worm Improper Output HandlingPlanting of Malware Web 2.0 No Brazil
<p>Insufficient Anti-Automation is fat becoming the #1 threat to web sites. Since Captcha
has been proved practically <a href="http://en.wikipedia.org/wiki/Captcha#Circumvention"
>useless</a>, especially when there is a financial gain from automating access to the site,
sites are pretty much defenceless against harmful automation. <a href="http://techdirt.
com/articles/20080523/0327151211.shtml">Techdirt's story</a> about Craigslist losing the
battle against automation tool is a very good example of this serious problem.</p>

<p>Read the comments, they are enlightening. As usual, one of the problem when spam
is involved is defining if and what is a wrong doing and what is a valid action. Some
commenters say that Craigslist has become useless due to the spam, while others say
that Craiglist is the worst censors on the Internet not letting small time businesses work.
Other argue about whether this is a crime or not. 132 comments, and they keep coming 8
2008-57 WHID 2008-57: Craigslist&#039;s Battle Against Spammers months after the article has been published.</p> 22-May-08 Brute Force Insufficient Anti-automation
Link Spam Information Services No
<p>This is a first time a hacking report is a <a href="http://www.youtube.com/watch?
v=iHOCC99UaKs">video flick</a>. If, like me, you find it hard to understand, you can read
a written summary on this <a href="http://www.stuff.co.nz/4678287a28.html">Kiwi
site</a>. I guess that their readers also needed a translation of the speech in the video to
English.</p>

<p>In a nutshell, hackers defaced <a href="http://en.wikipedia.org/wiki/Soulja_Boy_Tell_%

27Em">Soulja Boy's</a> MySpace page and published his e-mail and YouTube
passwords on the net. They demanded $2,500 to give him his web presence back. For an
artist that grew our of the Internet this presence is naturally very important, however he is
now important enough that his record label was able to contact the different sites to get
him his web properties back without paying the money.</p>

<p>In this case I have decided to categorize the attacked entity as Soulja Boy and not
MySpace or YouTube, as I used to do in the past. The fact that the attack was against
Soulja Boy properties around the web makes him, rather than any technology platform, the
2008-56 WHID 2008-56: Soulja Boy Myspace Hacked attack target.</p> 1-Sep-08 Unknown Insufficient AuthenticationExtortion Entertainment No
<p>It might have been a random hack, but the <a href="http://www.theaustralian.news.
com.au/story/0,24897,23586843-7582,00.html">pornographic pictures splashed on an
insider fashion industry blog</a> where quickly blamed on the fashion icons and
2008-55 WHID 2008-55: Hackers hijack bitchy fashion blog magazines offended by the blog.</p> 23-Apr-08 Unknown Insufficient AuthenticationDefacement Media USA No
<p>Netcraft <a href="http://news.netcraft.
com/archives/2008/04/21/hacker_redirects_barack_obamas_site_to_hillaryclintoncom.
html">reports </a>that a hacker managed to redirect traffic from Barak Obama's web site
to Hillary Clinton's site during the primaries held between the two.The culprit, an XSS bug
in the Obama's site community blogs section, highlights the danger of user contributed
content to web sites.</p>

<p>An interesting side story is that Oliver Friedrichs from Symantec was <a href="http:
//www.computerworld.com/action/article.do?command=viewArticleBasic&amp;
articleId=9077198">quoted in a Computer World article</a> only a week earlier saying
that presidential campaign web sites are "clueless" about security. Was this a prophecy of
or the trigger for the hack?</p>

<p>Additional technical information can be found on <a href="http://xssed.

2008-54 WHID 2008-54: Hacker Redirects Obama&#039;s site to Hillary Clinton&#039;s com/news/65/Barack_Obamas_official_site_hacked/">XSSed</a>.</p> 18-Apr-08 Cross-site Scripting (XSS)
Improper Output HandlingDefacement Government USA No
<p>Alex Papadimoulis hits <a href="http://thedailywtf.com/Articles/Oklahoma-Leaks-Tens-
of-Thousands-of-Social-Security-Numbers,-Other-Sensitive-Data.aspx">again </a>with a
report on leakage of information on Oklahoma's Department of Corrections web site. The
detailed report is very interesting and highlights one of the worse types of SQL injection
out there: remote SQL by design.</p>

<p>A unique form of SQL injection, or even just a close sibling, remote SQL by design is a
vulnerability in which the web application accepts SQL statements from the client in the
normal course of operation. The SQL statement might be used in a hidden field, or
generated on the fly by a client side script. In any case, it is extremely difficult to prevent
alteration of the SQL statement by a user in such applications, making the applications
highly vulnerable.</p>

<p>To find for yourself how common is this vulnerability, just Google for SELECT, FROM
2008-53 WHID 2008-53: 'SQL by Design' leaks Thousands of SSNs at an Oklahoma Gov site and WHERE in the URL. Amazing.</p> 14-Apr-08 SQL Injection Improper Input Handling Leakage of Information Government USA No
<p>While the <a href="http://securosis.com/2008/03/18/picking-apart-the-hannaford-
breach-what-might-have-happened/">Hannaford Breach</a> which resulted in 4.2 stolen
credit cards and 1800 known fraud cases may not be a web hack, a <a href="http://www.
computerworld.com/action/article.do?command=viewArticleBasic&amp;
taxonomyName=Disaster+Recovery&amp;articleId=9068999&amp;
taxonomyId=151&amp;pageNumber=1">Computer World article mentioned</a> that the
company's web site was off line following the breach. Even if the breach itself was not a
result of web site issues, such issues where probably found in the security review to follow
2008-52 WHID 2008-52: The Hannaford Breach the Breach making the incident a worthy addition to WHID.</p> 17-Mar-08 SQL Injection Improper Input Handling Monetary Loss Retail USA No http://www.computerworld.com/action/article.do?command=viewArticleBasic
<p>The infamous <a href="http://www.infoworld.com/article/08/03/14/Trend-Micro-hit-by-
massive-Web-hack_1.html">SQL injection bot has hit TrendMicro</a>, worrying
considering the fact that TrendMicro is there to protect us from malware. Unfortunately it
seems that web security is still underrated outside of a small group of experts, even
though it fast becomes the modern day equivalent of the now declining viruses and
2008-51 WHID 2008-51: TrendMicro web site hit worms.</p> 15-Mar-08 SQL Injection Improper Input Handling Leakage of Information Technology Japan No
<p>An official Indian government <a href="http://pib.nic.in/release/release.asp?
relid=36142">response </a>to a question in the Indian parliament, the Minister of State for
Communications and Information Technology discusses hacking incidents which occurred
between 2005 and 2008 in a large number of Indian government agencies. The interesting
information is the list of agencies affected:</p>

<ul>

<li>Ministry of Railways, </li>

<li>Air Cargo Customs (Mumbai), </li>

<li>Forward markets Commission, </li>

<li>National Institute of Health and Family Welfare, </li>

<li>National Institute of Social Defence, </li>

<li>Department of Administrative Reforms and Public Grievances, </li>

<li>Wireless Planning &amp; Coordination Wing, </li>

<li>Bharat Sanchar Nigam Limited, </li>

<li>Telecom Regulatory Authority of India, </li>

<li>Department of Information Technology and </li>

<li>Anthropological Survey of India. </li>

2008-50 WHID 2008-50: The Indian government acknowledges hacking incidents </ul> 29-Feb-08 Various Application Misconfiguration
Leakage of Information Government India No
<p>As a side story to ValueClick indictment of deceptive marketing by the FTC, the <a
href="http://www.ftc.gov/opa/2008/03/vc.shtm">FTC investigation</a> also found SQL
injection vulnerabilities and lack of sufficient encryption of sensitive customer information.
These findings contributed to the $2.9 million fine the FTC levied on ValueClick as well as
to the company <a href="http://www.theregister.co.
uk/2008/03/17/ebay_dumps_valueclick/">being dumped from managing eBay's affiliate
2008-49 WHID 2008-49: ValueClick weak decryption and vulnerability to SQL injection program</a>.</p> 17-Mar-08 SQL Injection Improper Input Handling Monetary Loss Marketing USA No
<p><em><strong>Update (April 19^th 2009)</strong></em> - A <a href="http:
//www.vancouversun.
com/entertainment/Hackers+foil+Ticketmaster+website+security+order+thousands+tickets
+high+priced+resale/1387348/story.html">recent article in the Vancouver Sun</a> further
discuss the issue. While there are no new technical details, the <a href="http://www.
vancouversun.
com/entertainment/Hackers+foil+Ticketmaster+website+security+order+thousands+tickets
+high+priced+resale/1387348/story.html#Comments">discussion that follows</a> the
article is illuminating</p>
<hr />
<p>Insufficient anti-automation is fast becoming a major, if not the major threat to web
application. The reason is that it can be very profitable for the hacker, and on the other
hand it is far from a simple vulnerability just requiring a quick fix.</p>
<p><a href="http://www.canada.com/theprovince/news/story.html?id=a091de62-e480-
4cd9-bdd3-32e660081d86&amp;k=9897">TicketMaster on going combat with
hackers</a> line bypassing to buy event tickets to resell them for a high price is a very
good example of the issue. In this specific example the hackers demonstrate that <a
href="http://en.wikipedia.org/wiki/Captcha">Captcha,</a> a method of blocking automated
programs by presenting a challenge supposedly difficult for a computer software<a href="
2008-48 WHID 2008-48: TicketMaster Fighting Hackers Line Bypassing http://en.wikipedia.org/wiki/Captcha">, </a>is not sufficient.</p> 9-Mar-08 Brute Force Insufficient Anti-automation
Extortion Retail USA No
<p>Alex Papadimoulis <a href="http://thedailywtf.com/Articles/So-You-Hacked-Our-Site!.
aspx">tells in a brilliantly humoristic way</a> about the lack of security of the Federal
Suppliers Guide's web site. The guide, is presumably limited to federal procurement
agents only, but at the time of writing the credential checking was done on the client in
JavaScript and for a single global user name and password.</p>
<p>Beyond making a mockery of the claim that the guide was limited to federal agents
only, it also seemed to be a marketing method as it limits the potential advertisers from
checking who is in the guide. After getting in Alex contacted some of the advertisers to find
out that none of them got any value from the guide. Alex did not join, and I wonder how
2008-47 WHID 2008-47: The Federal Suppliers Guide validates login credential in JavaScript much Alex's report lowered the Federal Suppliers Guide earning.</p> 29-Feb-08 Stolen Credentials Insufficient AuthenticationMonetary Loss Marketing USA No USA
<p>In an attack with an alarming similarity to the COX incident (<a href="/whid-2008-45"
>WHID 2008-45</a>), but with a far greater potential damage, hackers changes the DNS
records for CheckFree, the largest bill payment service in the USA. Customers where
redirected to servers in the Ukraine, which attempted to install a password login software
on their computers.</p>
<p>The change was done using correct credentials to login to the administrative web site
of Network Solutions, CheckFree domain registrar. It is yet unknown how the hackers got
the credentials. Since <a href="http://www.icann.org/en/committees/security/sac028.pdf"
>Phishing attacks against domain registrars</a> including Network Solutions have started
to surface recently, a good guess is that it was through a Phishing attack.</p>
<p>According to <a href="http://doj.nh.gov/consumer/pdf/fiserv.pdf">CheckFree report to
the authorities</a>, it estimates that around 160,000 customers where expoesed to the
attack, and informed 5 million potential victims who may have been among this group.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://voices.washingtonpost.
com/securityfix/2008/12/digging_deeper_into_the_checkf.html">The Washington Post's
analysis of the incident</a></li>
2008-46 WHID 2008-46: CheckFree customers redirected to fraudsters sites </ul> 2-Dec-08 DNS Hijacking Insufficient AuthenticationPhishing Finance USA No Ukraine
<p>Recently the domain names has been the focus on hacking activity. Hackers found
that hijacking a domain is as effective if not more than attacking the web site itself.</p>
<p>Are domain hacking a case of web hacking? should they be included in WHID? in this
case it seems, according to the <a href="http://blog.wired.
com/27bstroke6/2008/05/comcast-hijacke.html">Wired report</a> that the hack itself
involved attacking the domains registrar's (Network Solutions) web interface.</p>
<p>However, we believe that the resulting "virtual" defacement of the web site by
redirecting users to a fraudulent web site is still a web hack, even if the DNS hijacking is
not web related.</p>
<p>The defaced site, as logged by <a href="http://www.theregister.co.
uk/2008/05/29/comcast_domain_hijacked/">the register</a> was:</p>
<p><img src="http://regmedia.co.uk/2008/05/29/comcast.jpg" width="450" height="115"
2008-45 WHID 2008-45: Comcast domain hijacked /></p> 5-Jan-09 Domain Hijacking Application Misconfiguration
Defacement Internet USA No
<p>The interesting <a href="http://blogs.zdnet.com/security/?p=1145">report </a>in ZDnet
about the cyber war around Kosovo is unique in describing the process. According to the
report hacker groups on each side share information in order to make attacks more
efficient. Some collect vulnerable web sites, while others use automatic defacement tools
to attack.</p>
<p>On the positive side, the report states that at the time of writing, there is a ceasefire
2008-44 WHID 2008-44: Balkan cyber wars and parties are negotiating. Is there room for cyber peace along side cyber war?</p> 1-Apr-08 Brute Force Insufficient Anti-automation
Downtime Multiple No
<p>Novosti, the Russian news agency <a href="http://en.rian.
ru/russia/20080523/108202288.html">reports </a>that in what seems to be a planned dual
head attack to break panic by spreading a rumor about a nuclear accident near St.
Petersburg.</p>
<p>At the same time that e-mails spreading the rumor where distributed, hackers
blocked access to web sites enabling the public to check for themselves the status of the
2008-43 WHID 2008-43: Russian nuclear power web sites attacked amid accident rumors nuclear power pland intensifying the panic.</p> 5-Jan-09 Denial of Service Insufficient Anti-automation
Chaos Government Russia No
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
<p>The <a href="http://209.85.129.132/search?q=cache:B3oFg-OQmAQJ:www.
thedarkvisitor.com/2008/07/chinese-hackers-steal-9-million-items-of-personal-information-
from-south-koreans/+chinese-hackers-steal-9-million-items-of-personal-information-from-
south-koreans/&amp;hl=en&amp;ct=clnk&amp;cd=1">Dark Visitor</a>, a Chinese hacking
insider site, and the Korean <a href="http://english.chosun.
com/w21data/html/news/200807/200807280013.html">Chuson</a> reports that a Chinese
hacker used a commercially available SQL injection tool called HDMI to penetrate a large
number of South Korean sites and still 9 million personal information items, which he than
2008-42 WHID 2008-42: Chinese hackers steal 9 million items of personal information from South Koreans
sold for approximately $15,000 to South Koreans for them to abuse.</p> 30-Dec-08 SQL Injection Improper Input Handling Leakage of Information Multiple South Korea No China
<p>Joomla is a widely used open source content management system. Many <a href="
http://theprogrammerx.wordpress.com/2008/08/23/what-the-hack-is-going-on-three-
attacks-within-a-week/">administrators reports</a> that <a href="http://developer.joomla.
org/security/news/241-20080801-core-password-remind-functionality.html">a vulnerability
announced August 12^th</a> was immediately exploited by hackers to attack
Joomla based web sites. Another report shows a specific site that was defaced by
exploiting the same vulnerability.</p>

<p>This incident shows the importance of timely patching, but also brings back the age old
debate around publication of vulnerabilities by researchers. Does it contribute to software
2008-41 WHID 2008-41: A Joomla first day exploit security or just helps the hackers?</p> 12-Aug-08 Credential/Session Prediction
Insufficient Authorization Defacement Multiple No Joomla
<p>Like many Asprox bot SQL injection attacks, the one on NDTV.com, a New Delhi TV
station's web site has its unique aspects.</p>
<p>First, the attack came at absolutely the wrong time, just when all eyes (and mouse
clicks) where turned to the Olympic games in Beijing, the NDTV web site which carried
real time information from the games was hacked, greatly extending the infection rate.</p>
<p>In addition, the information was syndicated from a French news agency. While
apparently the agency did not have anything to do with the hack, the did catch some fire
over the incident as some experts suggested it should help its customers to protect their
systems.</p>
<p>More information:</p>
<ul>
<li><a href="http://www.scmagazineus.com/Olympics-news-sites-hit-with-
attacks/article/113781/">SC Magazine</a>, Aug 12th 2008</li>
<li><a href="http://www.sophos.com/blogs/gc/g/2008/08/11/olympic-games-coverage-on-
news-website-hit-by-sql-injection/">Graham Cluley's blog entry</a>, Aug 11th 2008</li>
2008-40 WHID 2008-40: Olympics news sites hit with attacks </ul> 12-Aug-08 SQL Injection Improper Input Handling Planting of Malware Information Services India No
<p>The South African Democratic Alliance party's web site seems like another random
victim of the Asprox family of bots. This specific incident demonstrates several issues:</p>
<ul>
<li>Aprox successfully attacks organizations that should really know better.</li>
<li>While most known cases of Asprox attacks result in planting of malware on the web
site, since this is easily detected by malware search services, the very brutal injection
used by Asprox probably takes down more sites than it infects with malware.</li>
<li>According to one comment, the site used an outdated version of WordPress, stressing
again the problem with not upgrading in a timely manner, especially open source software.
</li>
</ul>
<p>More information:</p>
<ul>
<li><a href="http://www.mg.co.za/article/2008-08-15-hacker-compromises-da-website"
>Mail &amp; Guardian</a>, Aug 15th 2008</li>
2008-39 WHID 2008-39: Hacker compromises a south african political party web site </ul> 7-Aug-08 SQL Injection Improper Input Handling Planting of Malware Government South Africa No Russia WordPress
<p>The DNSchanger Trojan uses different methods to manipulate the DNS lookup of the
victim. One of the most malicious techniques is using CSRF to attack the ADSL or cable
router and modify its DNS tables.</p>
<p>More Information:</p>
<ul>
<li><a href="http://www.avertlabs.com/research/blog/index.php/2008/12/04/dnschanger-
trojans-v40">McAfee: DNSChanger Trojans v4.0</a>, Dec 4th 2008</li>
2008-38 WHID 2008-38: DNSChanger Trojans v4.0 </ul> 4-Dec-08 Cross-site Request Forgery
Insufficient
(CSRF)Process Validation
Fraud Multiple No
<p>The web site of the Indian Eastern Railway company was hacked. The hacker planted
malware on the site and added a message to the home page declaring a cyber war on
Indian Cyberspace.</p>
<p>Additional Information:</p>
<ul>
<li><a href="http://www.financialexpress.com/news/pak-hacker-attacks-e-rlys-site-
threatens-cyber-war-on-india/402609/0">The Financial Express</a>, Dec 25th 2008</li>
2008-37 WHID 2008-37: Pakistani hacker attacks Indian Rail site, threatens cyber war on India </ul> 24-Dec-08 SQL Injection Improper Input Handling Planting of Malware Government India No Pakistan
<p><em><strong>Update (Feb 4^th 2009)</strong></em>: While RBS
reported that just 100 cards where abused in the incident, the news now <a href="http:
//blog.wired.com/27bstroke6/2009/02/atm.html">surfaced</a>, that those cards where
heavily abused as the hacker managed to lift the withdrawal limit and distribute the card
copies around the world so that in total 9 million dollars where withdrawn from them in a
matter of hours before they where blocked. At least, as the saying goes, losing a $100 is
your problem; losing a million is the banks.</p>
<p><hr />
The Royal Bank of Scotland (RBS) confirmed that a hacker perform a "sophisticated cyber
intrusion" on RBS WorldPay Unit web site. 1.5 Million credit card numbers and 1.1 million
social security numbers may have been stolen.</p>
<p>At this time the only abuse known is a fraudulent use of about a 100 reloadable cards,
which are used by companies to pay their employees.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://sev.prnewswire.com/banking-financial-
services/20081223/NY5456423122008-1.html">Company press release</a>, December
23rd 2008</li>
<li><a href="http://www.internetnews.com/security/article.
php/3793386/RBS+WorldPay+Data+Breach+Hits+15+Million.htm">Internet News</a>,
December 24th 2008</li>
2008-36 WHID 2008-36: RBS WorldPay Data Breach Hits 1.5 Million (Updated) </ul> 10-Nov-08 SQL Injection Improper Input Handling Leakage of Information Finance USA No
<p>Business Week is the latest victim of Asprox, a botnet using SQL injection attacks to
plant malware. <a href="http://www.internetnews.com/security/article.
php/3779021/Adobe+Sites+Hit+by+Malware.htm">Internet News</a> reports that Sophos
has <a href="http://www.sophos.com/blogs/gc/g/2008/09/15/hackers-infect-businessweek-
website-via-sql-injection-attack/">discovered</a> malwares on a large number of pages
on the magazineåÕs web site. A Google safe browsing report, which checks how many
pages on a web site, if any, are infected with malware picked at 214 out of 2,157 pages on
2008-35 WHID 2008-35: Business Week site hit by malware the site, just shy of 10%.</p> 15-Sep-08 SQL Injection Improper Input Handling Planting of Malware Information Services USA No
<p>Adobe joins the long list of sites hit by Asprox, a botnet using SQL injection attacks to
plant malware. <a href="http://www.internetnews.com/security/article.
php/3779021/Adobe+Sites+Hit+by+Malware.htm">Internet News</a> reports that Sophos
has discovered malwares on Adobe åÒ<a href="http://www.sophos.
com/pressoffice/news/articles/2008/10/adobe-infection.html">Vlog it</a>åÓ and åÒ<a
href="http://www.sophos.com/security/blog/2008/10/1863.html">Serious Magic</a>åÓ
2008-34 WHID 2008-34: Adobe hit by malware sites.</p> 17-Oct-08 SQL Injection Improper Input Handling Planting of Malware Technology USA No
<p>A Chinese student penetrated the Shaanxi Provincial Seismic Bureau's web site and
planted a false warning on an earth quake expected the following night reports <a href="
http://www.theaustralian.news.com.au/story/0,25197,24275633-12377,00.html">The
Australian</a>.<br />
The false warning created panic, especially since it was made shortly after the devastating
earth quake hitting China just a few weeks earlier. The faked warning drew 767 page
views within 10 minutes, the bureauåÕs phones became immediately very busy.<br />
As expected in China, authorities were far from forgiving, and the student was jailed for 18
2008-33 WHID 2008-33: Chinese hacker jailed for false quake alarm months.</p> 29-May-08 Unknown Insufficient Authorization Disinformation Government China No China
<p><a href="http://news.netcraft.
com/archives/2008/10/26/ongoing_phishing_attack_exposes_yahoo_accounts.html"
>Netcraft</a> reported an ongoing exploit of XSS vulnerability in Yahoo HotJobs site. The
attackers have been using an obfuscated JavaScript to steal session cookies of victims,
which were in turn sent to a server in the US.<br />
The stolen cookie was a yahoo-wide cookie and therefore by stealing it the hackers could
gain control of every service accessible to the victim within Yahoo, including Yahoo! Mail.
<br />
Netcraft identified the issue by observing irregular activity by its toolbar users and Yahoo!
2008-32 WHID 2008-32: Yahoo HotJobs XSS fixed the vulnerability short after, on Oct 28th.</p> http://news.netcraft.com/archives/2008/10/26/ongoing_phishing_attack_exposes_yahoo_accounts.html 26-Oct-08 Cross-site Scripting (XSS)
Improper Output HandlingSession Hijacking Internet USA No USA
<p>Californian Michael Largent used an automated script to open 58,000 such accounts,
collecting many thousands of the small payments used to verify credit cards when
openning accounts.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.pcpro.co.uk/news/201252/hacker-takes-50000-a-few-cents-at-a-
time.html">Hacker takes $50,000 a few cents at a time</a> [PC Pro, May 28 2008]</li>
<li><a href="http://blog.wired.com/27bstroke6/2008/05/man-allegedly-b.html">Man
Allegedly Bilks E-trade, Schwab of $50,000 by Collecting Lots of Free 'Micro-Deposits'</a>
[Wired, May 27 2008]</li>
<li><a href="http://blog.wired.com/27bstroke6/files/largent_affidavit.pdf">Secret Service
search warrant affidavit</a> [Secret Service, May 7 2008]</li>
2008-31 WHID 2008-31: Hacker takes $50,000 a few cents at a time </ul> 20-Sep-08 Process Automation Insufficient Anti-automation
Monetary Loss Internet USA No
<p>The popular document and media sharing service DivShare, suffered a security
breach that allowed a malicious user to access their database, which included user e-mail
addresses and other basic profile information.
</p><p>Additional information:</p>
<ul>
<li><a href="Dancho Danchev">Security breach hits DivShare, unauthorized access to its
database</a> [Zdnet, Jun 19 2008]</li>
2008-30 WHID 2008-30: Security breach hits DivShare, unauthorized access to its database </ul> 20-Sep-08 SQL Injection Improper Input Handling Leakage of Information Information Services No
<p>someone hacked a machine on the same subnet and was ARP spoofing the gateway.
The metasploit.com machines were not compromised, but all HTTP requests coming into
the ISP network were passed through a MITM defacer that inserted that HTML. Once I as
able to set a static ARP entry and notify the ISP, the problem was resolved. So, to make
2008-29 WHID 2008-29: Sunwear hacks metasploit.com? things clear, the metasploit.com servers were not hacked, the ISP</p> 20-Sep-08 ARP spoofing Insufficient Transport Layer
Defacement
Protection Internet No
While moving to a new hosting provider, a system by Princeton Review used by student to
prepare for a state assessment program exposed due to misconfiguration approximately
34,000 students from 2nd to 10th grade. The information included names, Florida ID
(which is nearly identical to the US social security number) and the students exam report.

2008-28 WHID 2008-28: Confidential data on thousands of students exposed by test preparatory firm The information was available for available online from late June to early August. http://www.nytimes.com/2008/08/19/technology/19review.html?_r=3&amp;adxnnl=1&amp;oref=slogin&amp;adxnnlx=1221859844-4bHK03P+zrmLhJ5Ul2SlPA 20-Sep-08 Misconfiguration Insufficient AuthenticationLeakage of Information Education New York, NY No
<p>Poste Italiane seems to have relocated to a brand new location online, in this case the
U.K's Crime Reduction Portal which is currently hosting a phishing page.
</p><p>Additional information:</p>
<ul>
<li><a href="">U.K's Crime Reduction Portal Hosting Phishing Pages</a> [Dancho
Danchev, Jun 2 2008]</li>
2008-27 WHID 2008-27: U.K&#039;s Crime Reduction Portal Hosting Phishing Pages </ul> 20-Sep-08 Unknown Application Misconfiguration
Phishing Government UK No
<p>The activist group called "anonymous," best known for its jousts with the Church of
Scientology, has apparently hacked into the private Yahoo e-mail account of Alaska Gov.
Sarah Palin, the Republican candidate for vice president.</p>
<p>Contents of that account, including two sample e-mails, an index of messages and
Palin family photos, have been posted by the whistle blower site Wikileaks, which
contends that they constitute evidence that Palin has improperly used her private e-mail to
shield government business from public scrutiny, an issue that had already been raised by
others.</p>
<p><span style="text-decoration: underline;"><em>Update (Oct 8)<br
/></em></span></p>
<p>David Kernell, the 20-year-old Tennessee college student was indicted with the hack.
The most interesting aspect of the identity of the hacker is that his father Mike Kernell is a
longtime Democratic state representative from Memphis</p>
<p>Additional information:</p>
<ul>
<li><a href="http://wikileaks.org/wiki/VP_contender_Sarah_Palin_hacked">VP contender
Sarah Palin hacked</a> [Wiki Leaks, Sep 16 2008]</li>
<li><a href="http://www.networkworld.com/community/node/32838">Palin's private e-mail
hacked, posted to 'Net</a> [Network Wold, Sep 17 2008]</li>
<li><a href="http://www.internetnews.com/security/article.php/3776696">Student Indicted
in Palin E-Mail Hack</a> [Internet News, Oct 8 2008)</li>
<li><a href="http://www.usdoj.gov/opa/documents/indictment.pdf">Court indictment
document</a>, Oct 7 2008</li>
2008-26 WHID 2008-26: Palin&#039;s private e-mail hacked, posted to Net </ul> 20-Sep-08 Brute Force Insufficient Password Recovery
Leakage of Information Politics USA No
<p>Another site hit by the SQL injection bot
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.net-security.org/malware_news.php?id=990">BusinessWeek
website attacked and hosts malware</a> [Net-Security, Sep 15 2008]</li>
2008-25 WHID 2008-25: BusinessWeek website attacked and hosts malware </ul> 20-Sep-08 SQL Injection Improper Input Handling Planting of Malware Information Services USA No
<p>Not a day goes by without yet another prominenent web site hacked by an SQL
injection attack planting Malware.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.networkworld.com/news/2008/070208-sql-attacks-lob-onto-tennis.
html">SQL attacks lob onto tennis association Web site</a> [Network World, Jul 4 2008]
</li>
2008-24 WHID 2008-24: SQL attacks lob onto ATP Web site </ul> 21-Jul-08 SQL Injection Improper Input Handling Planting of Malware Sports Global No
<p>Yet another iframe injection in a very prominent web site, proving yet again that
nobody is immune.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.thetechherald.com/article.php/200827/1393/Sony-PlayStation-s-
site-hit-with-SQL-Injection">Sony PlayStation
2008-23 WHID 2008-23: Sony PlayStation </a></li></ul> 21-Jul-08 SQL Injection Improper Input Handling Planting of Malware Retail USA No
<p> A targeted defacement that modified two specific press releases to ridicule the local
government.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.dailybulletin.com/ci_9668183">Nosy hacker alters sheriff's news
releases</a> [The Daily Bulletin, Jun 22 2008]</li>
2008-22 WHID 2008-22: Hacker changes news releases on sheriff&#039;s Web site </ul> 21-Jul-08 Unknown Improper Output HandlingDefacement Security &amp; Law Enforcement
USA No
<p>The Agency for Health Care Administration (AHCA) Florida's database of organ and
tissue donor registry was open to the public due to an unspecified software glitch.
Personal details of 55,000 people, including name, address, date of birth, driver license
number and social security number where exposed.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.fdhc.state.fl.us/Organ/faq.htm">AHCA Incident Faq</a> [AHCA, ]
</li>
<li><a href="http://www.fdhc.state.fl.
us/Executive/Communications/Press_Releases/pdf/Organ_Tissue7708.pdf">AHCA
Incident PR</a> [AHCA, Jul 7 2008]</li>
<li><a href="http://www.examiner.com/a-
1476582~Breach_in_Fla__donor_registry_may_have_exposed_IDs.html">Breach in Fla.
donor registry may have exposed IDs</a> [Associated Press, Jul 7 2008]</li>
2008-21 WHID 2008-21: Information about organ and tissue donors open to all </ul> 20-Jul-08 Unintentional Information
Insufficient
Disclosure AuthenticationLeakage of Information Government USA No
<p>A proof of concept XSS worm crawled justin.tv, a popular lifecasting platform. The
warm succeeded in planting a self replicating code on 2525 accounts in less than 24 hours
before the vulnerability was fixed.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://cyberinsecure.com/xss-worm-at-justintv-affects-2525-profiles/">XSS
Worm At Justin.tv Affects 2525 Profiles</a> [CyberInsecure, Jul 15 2008]</li>
2008-20 WHID 2008-20: XSS Worm At Justin.tv Affects 2525 Profiles </ul> 16-Jul-08 Cross-site Scripting (XSS)
Improper Output HandlingWorm Web 2.0 No
<p><em><strong>Update (Feb 22^nd 2009)</strong></em> - We were
probably not the only ones not satisfied with Kasperski official press release on the
subject. An interesting <a href="http://www.viruslist.com/en/weblog?
discuss=208187633&amp;return=1">report </a>on Kasperski viruslist blog by a person on
the investigating team provides answers: the data was neither secured well nor the hacker
incapable. The hacker made a mistake in his attack vector and decided to pursue no
further. The data was available for any hacker who was really after it.</p>

<p>I must tkae my hat off to Kasperski for this frank analysis, which is very uncommon to
companies who were breached and can really help to highlight the importance of
application security.</p>

<hr />

<p><em><strong>Update (Feb 13^th 2009)</strong></em> - Kasperski hired

David Litchfield, a well known database security expert, to analyze the incident. In their <a
href="http://www.kaspersky.com/news?id=207575753">response, </a>Ksaperski point
that no sensitive data was actually compromised to the event. The report points that the
hacker and others following his hints did try to access sensitive data but did not succeed.
The carefully worded report does leave many questions open:</p>

<p> </p>

<ul>

<li>Was the data secured well, or were the hackers who tried to access it just not
capable?</li>

<li>Was no data vulnerable or just "sensitive data" and if so what is the data that was
exposed?</li>

<li>Did the investigation go back to check that no one hacked the system prior to the
published incident, potentially abusing it and avoiding publication?</li>

</ul>

<hr />

<p>A researcher <a href="http://hackersblog.org/2009/02/07/usakasperskycom-hacked-

full-database-acces-sql-injection/">found and exploited</a> a serious SQL injection
vulnerability in US web site of Kasperski, an anti-virus software vendor, exposing the full
customers database. Well, the full database actually as the list of tables exposed proves.
<a href="http://www.theregister.co.uk/2009/02/09/kaspersky_compromise_follow_up/"
>Apparently</a>, the vulnerability existed for some time and the researched informed
Kasperski about it to no avail before making it public.</p>

<p> </p>

<p>This is another example of how fatal is SQL injection. SQL Injection is considered one
of the more well understood attack vectors, easy to find during a security review, and
therefore easy to get rid of. However one of its variants, blind SQL injection, can appear
everywhere in the application and not just in key pages managing sensitive information
and expose the entire database, making a review and fix of the application from it much
2008-19 WHID 2009-19: Kaspersky site breached using SQL injection, sensitive data exposed (Updated) harder.</p> 7-Feb-09 SQL Injection Improper Input Handling Leakage of Information Technology No Romania
<p>At the Oklahoma State Universitiy (OSU) a security breach has exposed the names,
addresses and Social Security numbers of 70,000 students, faculty and staff who bought
parking and transit services permits in the past six years. The university failed to report the
incident to affected individuals for two months after it was detected.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.cr80news.com/news/2008/05/16/osu-breach-raises-fears-of-id-
theft/">OSU breach raises fears of ID theft</a> [cr80 News, May 16 2008]</li>
2008-19 WHID 2008-19: OSU breach raises fears of ID theft </ul> 19-May-08 Unintentional Information
Insufficient
Disclosure AuthenticationLeakage of Information Education USA No
<p>Another member of the wave of SQL injection bots injecting malware inflicting code to
web sites.

</p><p>Additional information:</p>

<ul>

<li><a href="http://isc.sans.org/diary.html?storyid=4393">SQL Injection Worm on the

Loose</a> [SANS Internet Storm Center, May 7 2008]</li>

<li><a href="http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080507">New
SQL Injection Attacks and New Malware: winzipices.cn</a> [ShadowServer, May 7 2008]
</li>

2008-18 WHID 2008-18: Winzipices SQL bot </ul> 11-May-08 SQL Injection Improper Input Handling Planting of Malware Multiple No
<p>Up to now we never registered at WHID an incident that caused physical pain on its
victims. Unfortunately, there is always a first. In an attack which gives a whole new
dimension to the term "malicious",hackers recently injected to the Epilepsy Foundation's
Web site hundreds of pictures and links to pages with rapidly flashing images.</p>
<p>The breach caused severe migraines and near-seizure reactions in some site visitors
who viewed the images. People with photosensitive epilepsy can get seizures when
they're exposed to flickering images, a response also caused by some video games and
cartoons.</p>
<p>The Attack_Method is only described as an exploit of a security hole in the
foundation's publishing software. However, the attack looks very much like a variation of
the popular iframe injection SQL bots, used for malice rather than profit, hinting that this
was an SQL injection attack.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://ap.google.
com/article/ALeqM5jEG2MsrwWkzr9_q60h8dojhHsArgD90H3NV01">Hackers' posts on
epilepsy forum cause migraines, seizures</a> [AP, May 7 2008]</li>
2008-17 WHID 2008-17: Hackers&#039; posts on epilepsy forum cause migraines, seizures </ul> 11-May-08 SQL Injection Improper Input Handling Planting of Malware Health USA No
<p>In a twist on the classical defacement incident, supporters of the Turkish PM defaced,
as a retaliation, the web site of hackers who just recently defaced the PM web site. A
disturbing question is whether this is a juvenile mischief or was the act planned and
executed by PM supporters. Did the political spin reached web site hacking?</p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.turkishdailynews.com.tr/article.php?enewsid=104028">Erdogan
supporters hack hacker's Web site</a> [Turkish Daily News, May 9 2008]</li>
2008-16 WHID 2008-16: Turkish PM supporters hack hacker&#039;s Web site </ul> 11-May-08 Unknown Improper Output HandlingDefacement Politics Turkey No
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
<p>In this case SQL injection was not the root cause, but rather the justification. Just as Al
Capone was arrested at the end of the day for tax evasion, ValueClick, which seems to
infuriate the FTC over many nasty commercial misdeeds, was caught at the end of the day
for SQL injection, presumably left open against the company written security policy.</p>
<p>The FTC settlement cost ValueClick a record amount of $2.9 million dollars, plus 20
years of rigorous security procedures that will probably cost as much if not more. On top of
that, eBay, a major partner, left ValueClick as a result.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.ftc.gov/opa/2008/03/vc.shtm">ValueClick to Pay $2.9 Million to
Settle FTC Charges</a> [Federal Trade Commision, Mar 17 2008]</li>
<li><a href="http://www.theregister.co.uk/2008/03/17/ebay_dumps_valueclick/">eBay
dumps ValueClick</a> [The Register, Mar 17 2008]</li>
2008-15 WHID 2008-15: ValueClick to Pay $2.9 Million to Settle FTC Charges </ul> 24-Mar-08 SQL Injection Improper Input Handling Monetary Loss Marketing USA No
<p>Websense <a href="http://cyberinsecure.com/my-barackobama-com-infects-visitors-
with-trojan/">reports</a> that my.barackobama.com, an open blogging service which is
part of <a href="https://www.barackobama.com/">Obama's campaign web site</a> has
been used to point users to malware infecting content.</p>
<p>The scam is a good example of the dangers of Web 2.0 user generated content and
mashups. There was no malicious code on the Obama's site, however an allowed HTML
code looking like a YouTube embedded flick pointed to an external site which carried the
2008-14 WHID 2009-14: My.BarackObama.com Infects Visitors With Trojan malware.</p> 27-Jan-09 Content Spoofing Improper Output HandlingPlanting of Malware Government USA No
<p>### Dallas say the department shut down its Internet presence after a hacker took
over its Web site and filled it with anti-American rants.<br /><br />The vandalized Web
pages included a doctored photograph showing American troops watching over four
people lined up against a wall.<br /><br />Each of the four prisoners had lines leading
away from their faces to individual head shots of President George W. Bush, Vice
President Dick Cheney, Secretary of State Condoleezza Rice and Sen. John McCain
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.upi.
com/NewsTrack/Top_News/2008/02/19/hacker_defaces_dallas_police_web_site/5990/"
>Hacker defaces Dallas police Web site</a> [United Press, Feb 19 2008]</li>
<li><a href="http://www.foxnews.com/story/0,2933,331201,00.html">Dallas Police Web
Site Hacked, Defaced</a> [Fox (AP), Feb 19 2008]</li>
2008-14 WHID 2008-14: Hacker takes over Dallas police Web site </ul> 21-Feb-08 Unknown Improper Output HandlingDefacement Security &amp; Law Enforcement
USA No
<p>Additional information:</p>
<ul>
<li><a href="http://torrentfreak.com/harvard-website-hacked-080218/">Harvard Site
Hacked and Leaked on BitTorrent</a> [TorrentFreak, Feb 18 2008]</li>
<li><a href="http://virtualization.sys-con.com/read/503459.htm">Harvard Web Site Hack is
a Cautionary Tale</a> [Virtualization News Desk, Feb 19 2008]</li>
<li><a href="http://walkah.net/blog/walkah/harvard-joomla-site-hacked-things-learn"
>Harvard Joomla site hacked: things to learn?</a> [James Walker, Feb 19 2008]</li>
<li><a href="http://www.computerworld.com/action/article.do?
command=viewArticleBasic&amp;articleId=9063198">Harvard Web site hacked; database
on file-sharing site</a> [Computer World, Feb 18 2008]</li>
<li><a href="http://www.scmagazineus.com/Harvard-grad-school-site-hacked-files-
distributed-on-BitTorrent-network/article/107028/">Harvard grad school site hacked, files
distributed on BitTorrent network</a> [SC Magazine, Feb 19 2008]</li>
2008-13 WHID 2008-13: Harvard site hacked and leaked on BitTorrent </ul> 20-Feb-08 Unknown Insufficient AuthenticationLeakage of Information Education USA No Joomla
<p>This is yet another case of defacement of a governmental web site. It is amazing to
note it is nearly never the large commercial and financial web sites that are defaced. It is
either small mom and dad shops or government and political web sites. Don't you get the
feeling the government IT is run like a mom and dad shop? Do you wonder if it is only the
IT part that is run that way?
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.ekathimerini.
com/4dcgi/_w_articles_politics_100018_31/01/2008_92784">Ministry websites hit by
hacker intrusion</a> [Kathimerini, Jan 31 2008]</li>
2008-12 WHID 2008-12: Greek ministry websites hit by hacker intrusion </ul> 17-Feb-08 Unknown Improper Output HandlingDefacement Government Greece No
<p>Was it defaced or not? In this extraordinary incident, a hacker broke to the web site of
the Ecuadorian president and said nice things about him. So nice in fact that the
presidential office had to apologize in front of the opposition leader. Was it a hack or an
over enthusiastic marketing person?
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.thaindian.com/newsportal/uncategorized/hacker-breaks-into-
ecuadors-presidential-website_10017070.html">Hacker breaks into Ecuador's presidential
website</a> [Thaindian News, Feb 11 2008]</li>
2008-11 WHID 2008-11: Hacker breaks into Ecuador&#039;s presidential website </ul> 12-Feb-08 Unknown Improper Output HandlingDefacement Government Ecuador No
<p><strong><em>Update (January 5th 2009)</em></strong></p>
<p>We where informed by sources at eBay the Korean sites parent company that the
issue was not CRSF or seesion hijacking. The Attack_Method was not disclosed.</p>
<hr />
<p>A Korean e-commerce site was hacked and a staggering number of record, 18 million,
where stolen. In the US this would be front news. We don't know if it was front news in
Korea, but did not get to the international media.</p>
<p>The attack description is vague but can be best described as session hijacking.</p>
<p>This incident is a great example of the lack of sufficient international coverage at
WHID. Help us by sending us non English incidents! After all, it is not English speakers
only that get hacked, but rather us, the WHID maintainers that speak only this language.
</p>
<p>More Information:</p>
<ul>
<li><a href="http://www.thedarkvisitor.com/tag/auctioncokr-chinese-hacker-attack/">The
Dark Visitor</a></li>
2008-10 WHID 2008-10: Chinese hacker steals user information on 18 Million online shoppers at Auction.co.kr
</ul> 12-Feb-08 Credential/Session Prediction
Insufficient Entropy Leakage of Information Retail Korea No
<p>Sensitive information about people who created an account on the site leaked and
was published through IRC.
</p><p>Additional information:</p>
<ul>
<li><a href="http://en.wikipedia.org/wiki/Stage6#Hacking">Stage 6 - Hacking</a>
[Wikipedia, Feb 9 2008]</li>
2008-09 WHID 2008-09: Hacking Stage 6 </ul> 10-Feb-08 Unknown Unknown Leakage of Information Entertainment USA No
<p>A computer hacker broke into the database of D.A. Davidson, a local Montana
financial services firm and stole their entire customers' database: 226,000 records
including names and social security numbers. Attack_Method is not known, but it seems
very much like a web hack.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.greatfallstribune.com/apps/pbcs.dll/article?
AID=/20080130/NEWS01/801300301">Hacker steals Davidson Cos. clients' data</a>
[Great Falls Tribune, Feb 4 2008]</li>
<li><a href="http://www.davidsoncompanies.com/dc/pressreleases/pressreleasesdetail.
cfm?newsid=1777378305">Davidson Companies Informs Clients of Network Intrusion
Resulting in Illegal Access to Personal Data</a> [Davidson Companies, Jan 30 2008]</li>
<li><a href="http://www.greatfallstribune.com/apps/pbcs.dll/article?
AID=/20080210/NEWS01/802100303">Davidson Co.'s security breach reminds that
personal data isn't as safe as we'd like</a> [Great Falls Tribune, Feb 11 2008]</li>
2008-08 WHID 2008-08: Hacker steals Davidson Cos. clients&#039; data </ul> 4-Feb-08 SQL Injection Improper Input Handling Leakage of Information Finance USA No
<p>Kurt already got his free MacWorld pass last year (<a href="http://www.webappsec.
org/projects/whid/byid_id_2007-14.shtml">WHID 2007-14</a>), but it seems that nothing
changes year after year and he was able to pull a similar trick this year. As the codes that
allow customers to get the passes where hashed but stored on the client browser, Kurt
was able to crack them.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://grutztopia.jingojango.net/2008/01/another-free-macworld-platinum-
pass-yes.html">Another Free MacWorld Platinum Pass? Yes in 2008!</a> [Kurt
Grutzmacher, Jan 14 2008]</li>
2008-07 WHID 2008-07: Another Free MacWorld Platinum Pass? Yes in 2008! </ul> 28-Jan-08 Brute Force Application Misconfiguration
Monetary Loss Technology USA No
<p>>
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.linuxjournal.com/node/1006060">Hackers Take Down
Pennsylvania Government</a> [Linux Journal, Jan 10 2008]</li>
<li><a href="http://ap.google.
com/article/ALeqM5iGKgY3SpKw7_p7A8MGHpTfSpN8mAD8TVE5SG0">Hackers Force
Pa. to Shut State Web Site</a> [AP, Jan 4 2008]</li>
<li><a href="http://www.geeksaresexy.net/2008/01/09/pennsylvania-state-disconnects-
from-internet-over-chinese-hacker-phearz/">Pennsylvania State Disconnects from Internet
Over Chinese Hacker Phearz</a> [Geeks Are Sexy, Jan 9 2008]</li>
<li><a href="http://www.post-gazette.com/pg/08006/847083-85.stm">Officials say no data
was compromised by hackers</a> [Post Gazette, Jan 6 2008]</li>
2008-06 WHID 2008-06: Hackers Take Down Pennsylvania Government </ul> 28-Jan-08 SQL Injection Improper Input Handling Defacement Government USA No
<p>Symantec <a href="http://www.symantec.
com/enterprise/security_response/weblog/2008/01/driveby_pharming_in_the_wild.html"
>reported</a> an active exploit of CSRF against residential ADSL routers in Mexico
(WHID 2008-05). An e-mail with a malicious IMG tag was sent to victims. By accessing the
image in the mail, the user initiated a router command to changethe DNS entry of a
leading Mexican bank, making any subsequent access by a user to the bank go through
the attacker's server.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.symantec.
com/enterprise/security_response/weblog/2008/01/driveby_pharming_in_the_wild.html"
>Drive-by Pharming in the Wild</a> [Symantec, Jan 22 2008]</li>
<li><a href="http://www.heise-security.co.uk/news/102352">Symantec reports first active
attack on a DSL router</a> [Heise, Jan 24 2008]</li>
<li><a href="http://www.xiom.com/?p=12">Client Side Web Server Hacking</a> [WHID
Blog, Jan 28 2008]</li>
2008-05 WHID 2008-05: Drive-by Pharming in the Wild </ul> 28-Jan-08 Cross-site Request Forgery
Insufficient
(CSRF)Process Validation
Phishing Finance Mexico No DSL Router
<p>The web site of RIAA, the Recording Industry Association of America was attacked
twice using SQL injection over the weekend. First a <a href="http://reddit.
com/info/660oo/comments/">query that takes particularly long time was posted on a social
network web site</a> causing a distributed denial of service attack against the site. Later
on hackers found and abused additional SQL injection and XSS vulnerabilities resulting in
major defacement of the site.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.theregister.co.uk/2008/01/21/riaa_hacktivism/">RIAA wiped off the
net</a> [The Register, Jan 21 2008]</li>
<li><a href="http://reddit.com/info/660oo/comments/">This link runs a slooow SQL query
on the RIAA's server. Don't click it; that would be wrong</a> [Reddit, Jan 20 2008]</li>
<li><a href="http://torrentfreak.com/riaa-website-hacked-080120/">RIAA Website Wiped
Clean by "Hackers"</a> [Torrent Freak, Jan 20 2008]</li>
2008-04 WHID 2008-04: RIAA web site cleared </ul> 22-Jan-08 SQL Injection Improper Input Handling Defacement Entertainment No
<p>It has been a while since a phishing scam using XSS vulnerability found its way to the
Web Hacking Incidents database (<a href="http://www.webappsec.
org/projects/whid/byid_id_2004-11.shtml">SunTrust, WHID 2004-11</a>). The current
incident is a good example of what does and does not get into our database: XSS
vulnerabilities in public web sites are discovered daily and reported in sites such as <a
href="http://www.xssed.org/">XSSed</a>, however most of these vulnerabilities are not
included in WHID for lack of public interest. The current incident is different since the
vulnerability is known to be exploited by attackers, moving it from the realm of technical
interest to the realm of a real problem.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://news.netcraft.
com/archives/2008/01/08/italian_banks_xss_opportunity_seized_by_fraudsters.html"
>Italian Bank's XSS Opportunity Seized by Fraudsters</a> [NetCraft, Jan 8 2008]</li>
2008-02 WHID 2008-02: Italian Bank&#039;s XSS Opportunity Seized by Fraudsters </ul> 9-Jan-08 Cross-site Scripting (XSS)
Improper Output HandlingPhishing Finance Italy No
<p><strong><em>Update (Feb 8^th 2009)</em></strong> - The company has
reached a <a href="http://www.ftc.gov/os/caselist/0823113/index.shtm">settlement
</a>with the FTC. Not a breathtaking achievement in the effort to make business care
about web application security, yet a step in this direction. The report also identifies the
attack as an SQL injection attack.</p>
<hr />
&lt;!--break-->
<p>Very detailed records of geeks.com customers were stolen from the site. The records
included name, address, telephone number, e-mail address, credit card number,
expiration date, and most notoriously, card verification number (CVV).</p>
<p>The interesting part is that the site had a Hacker Safe seal. The seal was revoked
twice last year due to vulnerabilities, but restored after they where patched. It seems that
this time the hack preceded the scan or the scan missed the vulnerability. So much for
application scanning and vulnerability assessment....</p>
<p>And don't take it lightly as a geeks site. Geeks.com is a $150M/year business.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.computerworld.com/action/article.do?
command=viewArticleBasic&amp;articleId=9056004&amp;intsrc=news_ts_head">Update:
'Hacker safe' Web site gets hit by hacker</a> [Copmuter World, Jan 7 2008]</li>
<li><a href="http://www.informationweek.com/news/showArticle.jhtml?
articleID=205600099&amp;subSection=All+Stories">'Hacker Safe' Geeks.com
Hacked</a> [Information Week, Jan 7 2008]</li>
<li><a href="http://consumerist.com/341408/geekscom-website-hacked-customer-data-
stolen">Geeks.com Website Hacked, Customer Data Stolen</a> [Consumerist, ]</li>
2008-01 WHID 2008-01: Information stolen from geeks.com (Updated) </ul> 8-Jan-08 SQL Injection Improper Input Handling Leakage of Information Retail USA No
<p><em><strong>Update (January 12^th 2009)</strong></em> An Ukrainian
hacker who who was a member of the TJX hack ring <a href="http://www.theregister.co.
uk/2009/01/08/hacker_30yr_jail_stretch_turkey/">was sentenced to 30 years in jail by a
Turkish court</a>. According to investigation papers Maksym Yastremskiy made
approximately 11 million dollars from the hack!</p>
<hr />
<p>The TJX breach is one of most publicized hacking incident in recent years. However,
until now it was not part of the Web Hacking Incidents Database. And for a good reason:
early report described the hack as a war driving hack, in which the attackers drive around
and find a wireless network not properly secured.</p>
<p>However new information from the trial of the identity theft ring leader Albert Gonzalez,
reveals that in order to penetrate TJX data center from the captured end points, the
hackers employed different techniques including password sniffing and SQL injection. The
later justifies getting the TJX incident for the 1st time into WHID.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.networkworld.com/news/2008/080608-id-theft-ring-attacked-
retailers.html?page=1">Network World</a>, June 8th 2008</li>
2007-89 WHID 2007-89: The big TJX hack </ul> 29-Dec-08 SQL Injection Improper Input Handling Credit Card Leakage Retail USA No
<p>The SVP National Police Academy in Hyderabad, India has had some sort of
compromise on their website resulting in a Bank of America phishing site operating on one
2007-88 WHID 2007-88: Police Academy in India Hosting a Phishing Site of their servers.</p> 20-Sep-08 Unknown Unknown Phishing Government India No
<p>###

</p><p>Additional information:</p>

<ul>

<li><a href="http://jeremiahgrossman.blogspot.com/2008/02/it-pays-to-be-hacker.html">It
pays to be a hacker</a> [Jeremiah Grossman, Feb 19 2008]</li>

<li><a href="http://www.nytimes.com/2008/02/15/business/15norris.html">Make Big Profits

Illegally (and Maybe Keep Them, Too)</a> [New York Times (free subscription required),
Feb 15 2008]</li>

<li><a href="http://www.theregister.co.uk/2008/02/19/insider_trading_catch22/">Hacker
holds onto ill-gotten gains thanks to US courts</a> [The Register, Feb 17 2008]</li>

2007-87 WHID 2007-87: Hacker uses Insider information to gain on the stock exhange </ul> 21-Feb-08 Predictable Resource Location
Insufficient Authorization Fraud Health USA No Ukrain
<p>The standard disclaimer that we do not cover each and every defacement is relevant
to this entry as well. So why do we include the defacement incident this time? First and
foremost, it is known to be an XSS abusing a WordPress zero day bug. Secondly, it is a
targeted attack aiming to deface only Mac related web sites. Usually targeted defacement
attacks are carried out against political targets. Did attacking apple become a political
issue? Was Apple transformed into a nation overnight? Well certainly into a cult.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://xssworm.blogvis.com/27/xssworm/mac-sites-are-being-hacked-by-
blackhat-xss-hackers/">Mac sites are being hacked by blackhat XSS hackers</a>
[XSSworm, Nov 23 2007]</li>
<li><a href="http://www.theregister.co.uk/2007/11/27/mac_site_defacer/">Hacker defaces
temples to OS X</a> [The Register, Nov 27 2007]</li>
2007-86 WHID 2007-86: Mac Blogs defaced using XSS </ul> 17-Feb-08 Cross-site Scripting (XSS)
Improper Output HandlingDefacement Technology Global No WordPress
<p>The web site of a leading Indian newspaper is swamped with malware. A recent <a
href="http://www.theregister.co.uk/2008/01/23/embassy_sites_serve_malware/">survey by
WebSense</a> cites by the Register found that of the sites hosing malware, 51% where
legitimate sites that have been broken into. This is a major shift in the threat landscape,
since keeping to web sites that you know is no longer a good protection strategy.
Anecdotally undermining WebSense own web site classification technology as a security
solution.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.informationweek.com/news/showArticle.jhtml?
articleID=202804433">IndiaTimes.com Visitors Risk High Exposure To Malware</a>
[Information Week, Nov 9 2007]</li>
2007-85 WHID 2007-85: IndiaTimes.com Visitors Risk High Exposure To Malware </ul> 17-Feb-08 Unknown Improper Output HandlingPlanting of Malware Media India No
<p>It is already February, and we still add 2007 incidents. If<br />you wonder why, it is
because organizations such as MLS only now find<br />out that they were hacked last
year! Sometime between January and<br />August of 2007, names, addresses, credit and
debit card data, and<br />passwords of an unknown number of people, including 169 New
Hampshire<br />residents were stolen from the site.</p>
<p>Why New Hampshire? Because the company has to report to the<br />authorities
there about the incidents, but only specify the number of<br />individuals from this state
affected. Why only New Hampshire? Since<br />regulations and bills requiring disclosures
exist in many states, one<br />would expect that the company would have to provide such
a testimonial<br />in many states. This incident is another good example of the size of<br
/>the hidden part of the iceberg.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://computerworld.com/action/article.do?command=viewArticleBasic&amp;
taxonomyName=security&amp;articleId=9061858&amp;taxonomyId=17&amp;
intsrc=kc_top">Soccer league's online shoppers get kicked by security breach</a>
[Computer World, Feb 8 2008]</li>
<li><a href="http://doj.nh.gov/consumer/pdf/MLSgear.pdf">MLSgear.com Notification to
NH DOJ</a> [New Hampshire DOJ, Feb 1 2008]</li>
2007-84 WHID 2007-84: Soccer league&#039;s online shoppers get kicked by security breach </ul> 10-Feb-08 SQL Injection Improper Input Handling Leakage of Information Sports USA No
<p>Again a Microsoft Excel file was left on a University's web site for anyone to view.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.montanasnewsstation.com/Global/story.asp?S=7321482&amp;
nav=LpDb">More Social Security numbers leaked at MSU</a> [Montana's News Station,
Nov 7 2007]</li>
2007-83 WHID 2007-83: More Social Security numbers leaked at Montana State University </ul> 28-Jan-08 Administration Error Insufficient AuthenticationLeakage of Information Education USA No
<p>An SQL injection robot is running wild and has already hacked hundreds of thousands
of web sites. Since the robot plants malicious code in infected sites, its traces can be
found by Googling for a name of Chinese sites referred to in malicious code.</p>

<p>As a security practitioner I often see SQL injection bots, and many times when I install
ModSecurity, an open source application firewall but this bot is unique in the way it
exploits web sites. It is easier to perform a wide scale attack by exploiting the least
common denominator, which in the hacking world is the operating system. As a result
most SQL bots tend to try to use SQL injection vectors that will enable issuing OS
commands. A good example is a <a href="http://www.securityfocus.
com/bid/21799/discuss">Cacti vulnerability</a>: since it allows an OS command to be
issued I often see bots looking for it in the wild. This attack is the first I have seen in which
the actual attack vector is SQL based. The bot is modifying every record it has access to
into a malicious code in the hope that it will be fetched and displayed by the application to
its users.</p>

<p>A byproduct if this vector is that is that results are catastrophic for the site owners.
While in a case of common defacement attacks restoring (or recreating) the homepage is
all it required to get back to business, in this case the whole database is ruined.
Considering the scope of the attack and that restoring the database, if it was ever backup,
requires much more expertise, the overall damage of this attack is very high.</p>

<p>Additional information:</p>

<ul>

<li><a href="http://www.informationweek.com/news/showArticle.jhtml?
articleID=205600157&amp;pgno=2&amp;queryText">70,000 Web Pages Hacked By
Database Attack</a> [Information Week, Jan 8 2008]</li>

<li><a href="http://isc.sans.org/diary.html?date=2008-01-04">Realplayer Vulnerability</a>

[SANS Internet Storm Center, Jan 4 2008]</li>

<li><a href="http://www.heise-security.co.uk/news/101488">Massive embedded exploit

web site attack underway</a> [Heise, Jan 8 2008]</li>

<li><a href="http://www.modsecurity.org/blog/archives/2008/01/sql_injection_a.html">SQL
Injection Attack Infects Thousands of Websites</a> [Ryan Barnett, Jan 8 2008]</li>

<li><a href="http://isc.sans.org/diary.html?storyid=3823&amp;rss">Mass exploits with SQL

Injection</a> [SANS, Jan 9 2008]</li>

2007-82 WHID 2007-82: An SQL injection Mass Robot </ul> 8-Jan-08 SQL Injection Improper Input Handling Planting of Malware Multiple No China
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
<p>Another Malware defacement, but this time at a very prominent web site: MSNBC
Turkish edition. There are indications that this is an application layer attack.
</p><p>Additional information:</p>
<ul>
<li><a href="http://blogs.zdnet.com/security/?p=641">MSNBC Turkish site caught serving
malware</a> [Zdnet, Nov 7 2007]</li>
<li><a href="http://www.websense.com/securitylabs/alerts/alert.php?AlertID=817"
>Malicious Website / Malicious Code: MSNBC's Turkish site compromise</a>
[WebSense, Nov 7 2007]</li>
<li><a href="http://isc.sans.org/diary.html?storyid=3621">yl18.net mass defacement </a>
[SANS ISC, Nov 6 2007]</li>
2007-81 WHID 2007-81: MSNBC Turkish site caught serving malware </ul> 1-Jan-08 SQL Injection Improper Input Handling Planting of Malware Media Turkey No
<p>Yet another defacement, but this time at a very major telecommunication provider in
India. These are the guys in charge of our network after all!
</p><p>Additional information:</p>
<ul>
<li><a href="http://timesofindia.indiatimes.
com/Lucknow/Vodafone_blocks_website_after_hacking/articleshow/2523834.cms"
>Vodafone blocks website after hacking</a> [Times of India, Nov 7 2007]</li>
2007-80 WHID 2007-80: Vodafone blocks website after hacking </ul> 1-Jan-08 Unknown Improper Output HandlingDefacement Service Providers India No
<p>RBN was a big story. It was a hackers group that could work relatively freely in Russia
due to rumors connections in high windows. This way it could allow safe hosting for
malware. For getting people to the malware they penetrated web sites around the world,
and the references article mentioned SQL injection as the method they infiltrated more
high profile sites such as US government sites.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.news.com/Infamous-Russian-malware-gang-vanishes/2100-
7355_3-6217852.html?part=rss&amp;tag=2547-1_3-0-5&amp;subj=news">Infamous
Russian malware gang vanishes</a> [News.com, Nov 9 2008]</li>
<li><a href="http://www.grumpysecurityguy.com/governement-sql-injection/">US Gov sites
Hacked with SQL Injection</a> [Bill Pennington, Nov 9 2008]</li>
2007-79 WHID 2007-79: Infamous Russian malware gang used SQL injection to penetrate US government </ul>
sites 1-Jan-08 SQL Injection Improper Input Handling Planting of Malware Government No Russia
<p>IDG now reports a bug in the internet banking application of Unibanco, a Brazilian
Bank. The vulnerability allowed logged users to view transaction receipts of other
unrelated users by changing the "receipt ID" on the form or URL.</p>
<p>Reported by Alexandre Sieira</p>
<p>Additional information:</p>
<ul>
<li><a href="http://translate.google.com/translate?u=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fidgnow.uol.com.
br%2Fseguranca%2F2007%2F01%2F29%2Fidgnoticia.2007-01-29.8751247129%
2FIDGNoticia_view&amp;langpair=pt|en&amp;hl=en&amp;ie=UTF-8">Unibanco tem
brecha em sistema de comprovantes de transa??es online</a> [IDG Now (Google
Translate), Jan 29 2007]</li>
2007-78 WHID 2007-78: A Brazilian banking site allows users to views receipts intended for others </ul> 1-Jan-08 Forceful Browsing Insufficient Authorization Leakage of Information Finance Brazil No
<p>Hackers exploited an unknown cPanel vulnerability to break into HostGator servers
and plant malware on hosted sites.
</p><p>Additional information:</p>
<ul>
<li><a href="http://news.netcraft.
com/archives/2006/09/23/hostgator_cpanel_security_hole_exploited_in_mass_hack.html"
>HostGator: cPanel Security Hole Exploited in Mass Hack</a> [NetCraft, Sep 23 2007]
</li>
<li><a href="http://news.netcraft.
com/archives/2006/09/22/hacked_hostgator_sites_distribute_ie_exploit.html">Hacked
HostGator Sites Distribute IE Exploit</a> [NetCraft, Sep 22 2008]</li>
2007-77 WHID 2007-77: HostGator: cPanel Security Hole Exploited in Mass Hack </ul> 1-Jan-08 Known Vulnerability Application Misconfiguration
Planting of Malware Service Providers USA No cPanel
<p>The Washington Post ran a story about a large scale infiltration to IPower, a major
hosting provider. According to the story and the following comments, it seems that the
problem is plunging IPower for a long time without being resolved. Put in perspective the
<a href="byid_id_2007-75.shtml">PlusNet incident</a> which was serious but swiftly
handled and publicly acknowledged by the company.</p>
<p>Actually the problem is so dominant that a recent <a href="http://stopbadware.org"
>StopBadware</a> report lists Ipower as by far the most Malware infected hosting
company. Reports mention that the problem started as early as mid 2006.
</p><p>The root cause of the breach here is mentioned as being a vulnerability in either
Apache, PHP or cPanel. I have selected the third as being more probably until further
evidence materialize.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://blog.washingtonpost.
com/securityfix/2007/05/cyber_crooks_hijack_activities_1.html">Cyber Crooks Hijack
Activities of Large Web-Hosting Firm</a> [Washington Post, May 23 2007]</li>
<li><a href="http://stopbadware.org/home/pr_050307">StopBadware.org Identifies
Companies Hosting Large Numbers of Websites That Can Infect Internet Users With
Badware</a> [StopBadware, May 4 2007]</li>
2007-76 WHID 2007-76: A large web hosting firm inflicted by mass malware installation </ul> 1-Jan-08 Known Vulnerability Application Misconfiguration
Planting of Malware Service Providers USA No cPanel
<p>Misconfiguration of a webmail system at a British hosting provider led to leakage of the
entire user's database including all e-mails. The e-mail addresses where actively used for
sending spam. Additionally the exploit was used to plant malware on some of the
customers' web sites.</p>
<p>This incident is unique since PlusNet has published a very interesting and revealing
report about the incident that shed a lot of light on real world state of life application
security. A must read.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.theregister.co.uk/2007/05/24/plusnet_takes_blame/">PlusNet
blames itself for webmail spamfest</a> [News Story, May 24 2007]</li>
<li><a href="http://community.plus.net/comms/2007/05/23/webmail-incident-report/">Web
mail Incident Report</a> [PlusNet, May 23 2008]</li>
2007-75 WHID 2007-75: PlusNet blames itself for webmail spamfest </ul> 1-Jan-08 Misconfiguration Application Misconfiguration
Leakage of Information Service Providers UK No
<p>A known vulnerability in the helpdesk software used by hosting provider Layered
Technologies resulted in leakage of information, including names, addresses, phone
numbers and email addresses of up to 6,000 of the company's clients.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.theregister.co.
uk/2007/09/19/layered_technologies_breach_disclosure/">Web host breach may have
exposed passwords for 6,000 clients</a> [The Register, Sep 19 2007]</li>
2007-74 WHID 2007-74: Web host breach may have exposed passwords for 6,000 clients </ul> 1-Jan-08 Known Vulnerability Application Misconfiguration
Leakage of Information Service Providers USA No Cerberus Helpdesk
Brokerage firm DA Davidson has agreed to pay a fine of $375,000 for failing to protect
confidential client data from Latvian hackers who breached the company in 2007 in an
online extortion scheme.

The hackers used a SQL injection attack to obtain access to the company‰Ûªs database
2007-73 WHID 2007-73: Brokerage Firm Fined $375,000 for Unsecured Data on Dec. 25 and 26, 2007. http://www.wired.com/threatlevel/2010/04/brokerage-firm-fined 26-Dec-07 SQL Injection Improper Input Handling Monetary Loss Finance USA No Latvia $375,000.00
<p><em><span style="text-decoration: underline;">Update (Dec 30th 2008)
</span></em></p>
<p>It seems that the original report was not accurate and it was not a CSRF vulnerablity
that was exploited. The mistake is reported by the victim in an imaginary <a href="http:
//www.davidairey.com/google-site-links-gmail-hack-search-penalty/">discussion with
Google</a> blog post (Search the page for XSRF) and by <a href="http:
//googleonlinesecurity.blogspot.com/2008/11/gmail-security-and-recent-phishing.html"
>Google</a>. Google hints that it was a phishing attack, but David Airey is <a href="http:
//www.davidairey.com/google-gmail-phishing-scam/">not convinced</a>.</p>
<hr />
<p>Many times we dismiss seemingly minor vulnerabilities in major web sites. Most
notably, "yet another" XSS or CSRF vulnerability in a well known service is not considered
news anymore. However the following story proves that no matter what, such
vulnerabilities cannot be ignored.</p>
<p>The attack is simple, the result pretty frightening. An attacker, presumably Iranian,
stole the domain name of David Airey, a graphic artist and a known blogger. The attack
was very well timed with David's leaving to a long vacation. The goal was to extort money
in order to return the domain. In David's case there is a happy end, as the attention he got
helped him receive his blog back, with some loss in traffic, search engine ranking and
time. But other victims of the attacker who steal domains for living may not be as fortunate.
</p>
<p>Additional information:</p>
<ul>
<li><a href="http://blogs.securiteam.com/index.php/archives/1054">When fixing is not
enough</a> [Securiteam, Dec 28 2007]</li>
<li><a href="http://www.davidairey.co.uk/google-gmail-security-hijack/">WARNING:
Google's Gmail security failure leaves my business sabotaged</a> [David Airey, Dec 24
2007]</li>
<li><a href="http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/"
>Google GMail E-mail Hijack Technique</a> [GNUcitizen, Sep 25 2007]</li>
<li><a href="http://www.davidairey.com/david-airey-dot-com-restored/">Collective effort
restores David Airey.com</a> [David Airey, Dec 27 2007]</li>
2007-72 WHID 2007-72: David Airey domains hijacked </ul> 30-Dec-07 Domain Hijacking Insufficient Process Validation
Fraud Media UK No Iran
<p>The Secret Service has arrested at least 6 people in an investigation that involves
information theft at an Ohio court web site, which is actively used for identity theft. At least
one known identity theft case resulted in $40,000 loss to the victim.</p>
<p>The sensitive information was stolen by manipulating predictable identifier parameters.
The stolen information belong to at least 270 people and includes the name, address, age
and other information could be used to obtain credit cards and open bank accounts. </p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.ohio.com/news/12763097.html">Hacker uses Social Security
numbers from Ohio court site</a> [Ohio.com/AP, Dec 22 2007]</li>
<li><a href="http://www.dispatch.com/live/content/local_news/stories/2007/12/20/clerkh.
html">Feds take over municipal court Web hacking probe</a> [Columbus Dispatch, Dec
20 2007]</li>
2007-71 WHID 2007-71: Hacker uses Social Security numbers from Ohio court site </ul> 22-Dec-07 Predictable Resource Location
Insufficient Authorization Leakage of Information Security &amp; Law Enforcement
USA No
<p>Just like <a href="byid.php?id=2007-60">WHID 2007-60</a>, this hack is probably a
representative of many other incidents. The Indonesian hacker Hmei7 has left the
message "Hmei7 has touched your soul" on the Web site of the police department in
Tucson, Arizona. Only unlike regular defacement, this time it is not the front page but
rather the news section that was modified.</p>
<p>As many you know, the news section is one of the few database driven parts in many
mostly static sites, as it allows the site owner to add news without requiring a web
designer. Therefore it came as no surprise that the attack was identified by a public source
as an SQL injection attack.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.theregister.co.uk/2007/12/20/tuscon_police_website_defacement/"
>Indonesian hacker touches souls by bringing down police web site</a> [The Register,
Dec 20 2007]</li>
2007-70 WHID 2007-70: Tucson, Arizona police web site defaced using SQL injection </ul> 20-Dec-07 SQL Injection Improper Input Handling Defacement Security &amp; Law Enforcement
USA No Indonesia
<p>A vulnerability in the social networking site Orkut that allowed users to inject HTML
and JavaScript into their profiles set the stage for a persistent XSS worm that appears to
have affected more than 650,000 Orkut users.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.gnucitizen.org/blog/the-orkut-xss-worm">The Orkut XSS
Worm</a> [GNU Citizen, Dec 19 2007]</li>
<li><a href="http://antrix.net/journal/techtalk/orkut_xss.html">Orkut XSS</a> [Sounds
From The Dungeon, Dec 19 2007]</li>
<li><a href="http://www.cgisecurity.com/2007/12/17">Orkut XSS worm in the wild</a>
[CGI Security, Dec 19 2007]</li>
<li><a href="http://www.marrowbones.
com/commons/technosocial/2007/12/orkut_worm_code_and_why_was_go.html#more"
>Orkut Worm Code (and why was Google so slow to respond?)</a> [TechnoSocial, Dec
19 2007]</li>
2007-69 WHID 2007-69: The Orkut XSS Worm </ul> 19-Dec-07 Cross-site Scripting (XSS)
Improper Output HandlingWorm Web 2.0 USA No
<p>In an incident very similar to the <a href="byid.php?id=2007-61">Al Gore Hack</a>,
the personal blog of IT journalist Tim Anderson was also hacked. Unlike Mr. Gore, Tim
discusses the breach and its origins.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.itweek.co.uk/itweek/comment/2205891/day-web-site-hacked-
3714596">The day my web site was hacked</a> [IT Week, Dec 17 2007]</li>
2007-67 WHID 2007-67: The Day My Web Site Was Hacked </ul> 19-Dec-07 Known Vulnerability Application Misconfiguration
Link Spam Media UK No WordPress
<p>To iframe or not to iframe, this is the question. As malware becomes more popular, the
number of incidents, mostly insignificant, in which malware was planted on a hacked site is
rising and WHID is not the right place to list all of them. We currently report such incidents
if the hacked site is of interest or if the Attack_Method is known.
</p><p>Additional information:</p>
<ul>
<li><a href="http://news.portalit.net/fullnews_hacker-conquer-french-embassy-in-libya-
webiste_712.html">Hacker Conquer French Embassy In Libya Webiste</a> [Portalit, Dec
14 2007]</li>
2007-66 WHID 2007-66: Hacker Conquer French Embassy In Libya Web Site </ul> 19-Dec-07 Unknown Improper Output HandlingPlanting of Malware Government No
<p>Use of robots and automated software against a web site, as long as it is not done in
order to break into the site, falls into a grey area. While hard to classify as an unlawful act,
it is usually harmful to the site owner and possibly to the site users. Apart from using
valuable resources, such an automated access may breach the site's usage license of
public information and might also indicate unlawful activity such as using a botnet. Many
times it is hard to know if such a blast of requests is a denial of service attack, brute force
password cracking or just a search engine crawler.</p>
<p>Going forward we are going to add such incidents to WHID if there is a reason to
believe that they are not friendly, even if the actual goal of the attack cannot be easily
classified. The Facebook case at hand is a perfect example: while the details are not clear,
the fact that Facebook filed a law suit implies that there is fire behind the smoke.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://docs.justia.com/cases/federal/district-courts/california/candce/5:
2007cv03404/193531/17/0.pdf">Facebook vs. John Doe</a> [US District Court, San Jose,
CA, Oct 23 2007]</li>
<li><a href="http://www.theregister.co.uk/2007/12/17/facebook_hack_attack_lawsuit/"
>Facebook sues Canadian smut firm over hacking</a> [The Register, Dec 17 2007]</li>
<li><a href="http://www.thestar.com/article/286091">Facebook suing Ontario porn
firm</a> [The Star, Dec 16 2007]</li>
2007-65 WHID 2007-65: Facebook suing a porn site over automated access </ul> 19-Dec-07 Process Automation Insufficient Anti-automation
Leakage of Information Internet No
<p>The personal data of nearly 1,400 prospective Duke Law School students may have
been stolen by a hacker from two separate databases, one including the prospective
students' data and another filled with requests for information about the school.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.upi.
com/NewsTrack/Top_News/2007/12/05/hacker_may_have_stolen_duke_students_data/2
789/">Hacker may have stolen Duke students' data</a> [UPI, Dec 5 2007]</li>
2007-64 WHID 2007-64: Information about Duke&#039;s Students and Applicants Stolen </ul> 19-Dec-07 Unknown Unknown Leakage of Information Education USA No
<p>An unidentified group had stolen credit card numbers and billing addresses of the
Hamburg, Germany ticket sales office Kartenhaus, a subsidiary of Ticketmaster. Some
66,000 customers who purchased tickets with a credit card from the Kartenhaus.de web
site between October 24, 2006 and September 30, 2007 were affected.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.heise.de/english/newsticker/news/96992">Theft of credit card data
affects tens of thousands of Kartenhaus customers</a> [Heise, Oct 5 2007]</li>
2007-63 WHID 2007-63: Credit card data theft at Kartenhaus, a Ticketmaster German subsidiary </ul> 19-Dec-07 Unknown Unknown Credit Card Leakage Retail Germany No
<p>The Web site of the Canadian passports authority enables users to access others'
record by modifying a value of a parameter in the URI.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.theglobeandmail.
com/servlet/Page/document/v5/content/subscribe?user_URL=http://www.theglobeandmail.
com%2Fservlet%2Fstory%2FRTGAM.20071204.wpassport1204%2FBNStory%
2FNational%2Fhome&amp;ord=258556&amp;brand=theglobeandmail&amp;
force_login=true">Passport applicant finds massive privacy breach</a> [The Globe and
Mail, Dec 4 2007]</li>
<li><a href="http://www.cbc.ca/canada/ottawa/story/2007/12/04/passport-security.html"
>Passport Canada strengthens online security following breach</a> [CBC, Dec 4 2007]
</li>
2007-62 WHID 2007-62: A security flaw in Passport Canada&#039;s website </ul> 19-Dec-07 Forceful Browsing Insufficient Authorization Monetary Loss Government Canada No
<p>Whether comment spam by itself is an application failure or a necessary evil for site
allowing rich comments is an open question. However it is reported that in this case
vulnerability in WordPress allowed the spammers to actually penetrate the site and modify
pages and not just abuse comments.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.pcworld.com/article/id,139945-pg,1/article.html">Another
inconvenient truth: Al Gore's Web site hacked</a> [PC World, Nov 26 2007]</li>
<li><a href="http://blog.wired.com/business/2007/11/blog-link-spam.html">Blog Link Spam
Claims Another Victim: Al Gore</a> [Wired, Nov 27 2007]</li>
2007-61 WHID 2007-61: Another inconvenient truth: Al Gore&#039;s Web site hacked </ul> 19-Dec-07 Known Vulnerability Application Misconfiguration
Link Spam Politics USA No WordPress
<p>This story probably represents hundreds of similar stories. Many of us have come to
rely on open source software, which is useful, feature reach and free. It enables us access
to tools available to a few only a couple of years ago. The downside is that this easy
availability means that many use the tools without having the time, resources and
expertise to protect them. Systems such as <a href="http://www.phpbb.com">phpBB</a>
and <a href="http://www.wordpress.org">WordPress</a> are good<br />examples of very
popular open source systems that require constant<br />attention in order to maintain
secure.</p>
<p>I am sure that the guys at Light Blue Touchpaper have the expertise to protect their
WordPress installation, but they donåÕt have the time. They made the compromise
between ease of management of their web site and its security. Actually my <a href="http:
//blog.shezaf.com">personal blog</a> might be just as vulnerable, since as I write this I
am very much not paying attention to its security.</p>
<p>Apart from, or actually because of the fact that the victims are security experts, this
story is noteworthy due to two additional twists in the plot:</p>
<ul>
<li>Zero day exploit in the wild - the attacker penetrated twice, once using a known SQL
injection vulnerability, but the second time using a yet unknown vulnerability in WordPress,
which was reverse engineered and published for the first time by the people at Light Blue
Touchpaper.</li>
<p></p>
<li>The researchers found that they can use Google to retrieve the hashed password of
the hacker. Google has become so big that it actually allows efficient encrypted passwords
lookup.</li>
<p>
</p></ul>
<p>Additional information:</p>
<ul>
<li><a href="http://www.lightbluetouchpaper.org/2007/10/27/upgrade-and-new-theme/"
>Upgrade and new theme</a> [Light Blue Touchpaper Blog, Oct 27 2007]</li>
<li><a href="http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-
cracker/">Google as a password cracker</a> [Light Blue Touchpaper Blog, Nov 16 2007]
</li>
<li><a href="http://blogs.guardian.co.
uk/technology/2007/11/23/forgotten_your_password_google_can_find_it_for_you_unfortu
nately.html">Forgotten your password? Google can find it for you. Unfortunately</a>
[Technology Guardian, Nov 23 2007]</li>
<li><a href="http://www.lightbluetouchpaper.org/2007/11/20/wordpress-cookie-
authentication-vulnerability/">Wordpress cookie authentication vulnerability</a> [Light
Blue Touchpaper Blog, Nov 20 2007]</li>
2007-60 WHID 2007-60: The blog of a Cambridge University security team hacked </ul> 19-Dec-07 SQL Injection Improper Input Handling Downtime Education UK No WordPress
<p>A Crimeware iframe tag on a site is not news anymore. On Monster.com it is.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.computerworld.com/action/article.do?
command=viewArticleBasic&amp;articleId=9048019">Hackers jack Monster.com, infect
job hunters</a> [Computer World, Nov 20 2007]</li>
2007-59 WHID 2007-59: Hackers jack Monster.com, infect job hunters </ul> 21-Nov-07 Unknown Improper Output HandlingPlanting of Malware Internet USA No
<p>Vertical Web Media, publisher of Internet Retailer magazine, suffered a security <a
href="http://www.theregister.co.
uk/2007/08/17/gentoo_disconnects_vulnerable_server/breach" title="http://www.
theregister.co.uk/2007/08/17/gentoo_disconnects_vulnerable_server/breach">http://www.
theregister.co.uk/2007/08/17/gentoo_disconnects_vulnerable_se...</a> and credit card
information of readers had been stolen. The Irony is that Internet Retailed magazine is
covering the risks of e-commerce.</p>
<p>While the actual technique used is not known, signs are that it was a web hack as it
was done by a distributed network of bots all over the world and since the information
stolen belonged to customers who paid online.</p>
<p>The information stolen includes names, addresses, e-mail addresses, phone numbers,
credit card account numbers and card expiration dates. The Number_of_Records stolen is
unknown.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://publications.mediapost.com/index.cfm?fuseaction=Articles.
showArticleHomePage&amp;art_aid=67559">Internet Retailer Publisher Victim Of
Customer File Hack</a> [NBC.com, Sep 18 2007]</li>
2007-58 WHID 2007-58: Internet Retailer Publisher Victim of Customer File Hack </ul> 7-Nov-07 Unknown Unknown Leakage of Information Media USA No
<p>An attack on New Zealand government web sites required New Zealand Prime
Minister, Helen Clark to comment and ensure the public that no confidential information
was stolen. However official sources in New Zealand confirm attacks were carried out by
unnamed, but known, foreign governments on New Zealand government web site that
resulted in stealing of information.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.nzherald.co.nz/section/story.cfm?c_id=5&amp;
objectid=10462899">No classified data lost in cyber attacks - Clark</a> [The New Zealand
Herald, Sep 11 2007]</li>
2007-57 WHID 2007-57: New Zealand&#039;s Government Web Sites Attacked And Information Stolen </ul> 7-Nov-07 Unknown Unknown Leakage of Information Government New Zealand No
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
<p>A small XSS vulnerably caught RSnake eyes. What makes it different, after all xssed.
com lists thousands and thousands of those? What caught RSnames eyes was the
vulnerable site. TJMaxx earned the reputation as the company that suffered the biggest
security breach ever. You would expect them to be more careful.
</p><p>Additional information:</p>
<ul>
<li><a href="http://ha.ckers.org/blog/20070923/tjmaxx-xss-vulnerability/">TJMaxx XSS
Vulnerability</a> [RObert Hansen (Rsnake), Sep 23 2007]</li>
2007-56 WHID 2007-56: TJMaxx XSS Vulnerability </ul> 7-Nov-07 Cross-site Scripting (XSS)
Improper Output HandlingLeakage of Information Retail USA No
<p>Defacement are a dime a dozen this days, and are not normally reported by WHID.
Even invisible defacements in which sites are changed in order to infect their clients with
malicious code are becoming too common. But this time it is the site of a security
organization, and not just any one, but China's internet security organization. So in the
light of the hot debate about china as the source of all hacking, we think that this story has
a value.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.pcworld.com/article/id,138006-c,hackers/article.html">Malicious
Code Infects Chinese Security Site</a> [PC World, Oct 3 2007]</li>
2007-55 WHID 2007-55: Malicious Code Infects Chinese Security Site </ul> 7-Nov-07 Unknown Unknown Planting of Malware Media China No
<p>An Excel spreadsheet was published on containing sensitive information regarding
police officers in York, England. The information included Social Security numbers of 46
offices and the home addresses of 74 offices. As a result identities of 3 offices where
stolen.</p>
<p>While the information was pulled of line after a short period of time, it remained in the
cache of several major search engines.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://nl.newsbank.com/nl-search/we/Archives?p_product=YKDB&amp;
p_theme=ykdb&amp;p_action=search&amp;p_maxdocs=200&amp;s_dispstring=headline
(Mistake%20left%20constables%20open%20to%20ID%20theft)%20AND%20date(2007)
&amp;p_field_date-0=YMD_date&amp;p_params_date-0=date:B,E&amp;p_text_date-
0=2007&amp;p_field_advanced-0=title&amp;p_text_advanced-0=("Mistake%20left%
20constables%20open%20to%20ID%20theft")&amp;xcal_numdocs=20&amp;
p_perpage=10&amp;p_sort=YMD_date:D&amp;xcal_useweights=no0=&amp;
p_text_advanced-0=("Mistake%20left%20constables%20open%20to%20ID%20theft")
&amp;xcal_numdocs=20&amp;p_perpage=10&amp;p_sort=YMD_date:D&amp;
xcal_useweights=no">Mistake left constables open to ID theft -- Clerk of Courts posted
Social Security numbers online</a> [York Dispatch, Sep 17 2007]</li>
<li><a href="http://breachblog.com/2007/09/18/yorkcountybreach.aspx">Cache Comes
Back to Bite York County Constables</a> [The Breach Blog, Sep 18 2007]</li>
2007-54 WHID 2007-54: Mistake Left Constables Open To ID theft </ul> 7-Nov-07 Unintentional Information
Insufficient
Disclosure Authorization Leakage of Information Security &amp; Law Enforcement
UK No
<p>While most WHID entries are about web site breaches, sometimes vulnerability in a
web application is used indirectly. Redirection functions in web applications are commonly
used by spammers and phishers. It allows them to include a honest looking URL in their e-
mail, this way bypassing spam filters and observant users.</p>
<p>Symantec response team found actively used alternative in the best known page on
the internet: Google primary search page. By using the Google famous "I feel lucky"
feature, the spammer can automatically lead the victim to the first result of a search. All
the spammer is left with is finding a query for which his site would pop up first on Google.
</p>
<p>This method has another advantage over a redirection page, as the final target is
specified by a search string and not by a URL, bypassing smarter filters that know, or
learn, that a URL as a parameter of a URL is most probably redirection.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.symantec.
com/enterprise/security_response/weblog/2007/11/googles_advanced_search_operat.
html/">Google's Advanced Search Operators Abused by Spammers</a> [Symantec
Response Team, Nov 2 2007]</li>
2007-53 WHID 2007-53: Google&#039;s Advanced Search Operators Abused by Spammers </ul> 7-Nov-07 Redirection Insufficient Authorization Link Spam Internet Global No
<p>Seems that the there is a new trend to disrupt on line bidding using denial of service
attacks. In this case, an auction for 37 very expensive watches was halted 20 minutes
before the end as the site crashed, in what official sources describe as a hacker attack
that did not result in a site compromise.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.news.com.au/heraldsun/story/0,21985,22703750-662,00.html"
>Hacker halts Rivkin auction of 37 watches</a> [Herald Sun, Nov 5 2007]</li>
2007-52 WHID 2007-52: Hacker halts Rivkin auction of 37 watches </ul> 5-Nov-07 Denial of Service Insufficient Anti-automation
Downtime Retail Australia No
<p>The web servers of Scarborough &amp; Tweed, a company that does business online
selling corporate gifts online, were compromised and information about 570 customers
may have been accessed using an SQL injection attack. The information includes
customers' names, addresses, telephone numbers, account numbers, and credit card
numbers.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.pogowasright.org/article.php?story=20071103140620396">570
Scarborough &amp; Tweed customers' personal information accessed by SQL
injection</a> [PogoWasRight.Org, Nov 3 2007]</li>
<li><a href="http://doj.nh.gov/consumer/pdf/ScarboroughTweed.pdf">Scarborough &amp;
Tweed</a> [State of New Hampshire, Oct 26 2007]</li>
2007-51 WHID 2007-51: 570 Scarborough &amp; Tweed customers&#039; personal information accessed </ul>
by SQL injection 4-Nov-07 SQL Injection Improper Input Handling Leakage of Information Retail USA No
<p>A hacker gained access to names and encrypted credit card numbers of Arts.com.
While the reason is not known, since the information is known to belong to online
shoppers who made transactions from July to September we assume it was a web site
breach.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.marketwatch.com/news/story/artcom-inc-hacker-accessed-
some/story.aspx?guid=%7BAF391148-394C-4ED4-B9A0-01C7D2451E25%7D&amp;
dist=hplatest">Art.com says hacker accessed names, credit cards</a> [MarketWatch, Oct
28 2007]</li>
2007-50 WHID 2007-50: Art.com says hacker accessed names, credit cards </ul> 29-Oct-07 Unknown Unknown Credit Card Leakage Retail Global No
<p>The site of the Rockies was taken down by a denial of service preventing fans from
buying tickets for the World Series games.
</p><p><br />Like any DDoS attack, it is very hard to know if it was an application layer or
network layer attack, but since this attack had a very significant financial impact by
crippling a web site, we think it deserve a place in WHID.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.associatedcontent.
com/article/424906/hackers_block_sale_of_colorado_rockies.html">Hackers Block Sale of
Colorado Rockies World Series Tickets</a> [Associated Content, Oct 24 2007]</li>
2007-49 WHID 2007-49: Hackers Block Sale of Colorado Rockies World Series Tickets </ul> 25-Oct-07 Denial of Service Insufficient Anti-automation
Loss of Sales Sports USA No
<p>Information including birth date and social security number of 1400 students who
enrolled online to the Montana State University has been stolen by hackers. While no
technical explanation is provided, the fact that only students who enrolled online where
affected points to a web site breach.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.montanasnewsstation.com/Global/story.asp?S=7220235&amp;
nav=menu227_3">MSU investigating hacking incident</a> [Montana's News Station, Oct
16 2007]</li>
2007-48 WHID 2007-48: MSU investigating hacking incident </ul> 17-Oct-07 Unknown Unknown Leakage of Information Education USA No
<p>3,000 records were exposed and 20 actually stolen at Commerce Bank, a small bank
in Central USA. While the vulnerability exploited is not clear, SQL injection was mentioned.
Therefore the record is uncertain and based on further information, it might be withdrawn.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.theregister.co.uk/2007/10/11/commerce_bank_hack/">US
regional bank hacked</a> [The Register, ]</li>
<li><a href="http://columbiatribune.com/2007/Oct/20071010Busi001.asp">Customer
information compromised at bank</a> [Columbia Tribune, Oct 10 2007]</li>
2007-47 WHID 2007-47: Commerce Bank, a US regional bank, hacked </ul> 12-Oct-07 SQL Injection Improper Input Handling Leakage of Information Finance USA No
<p>Personal information on anyone who worked or volunteered for the Pembroke schools
in the last four years was accessible via the Internet because of a weakness in the
district's computer system. The information, including names, birth dates and Social
Security numbers, was available from May until Oct. 2, when school officials learned of the
problem.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.patriotledger.com/articles/2007/10/09/news/news01.txt">School
Web site breached? Personal info of Pembroke workers, volunteers accessible for
months</a> [Patriot Ledger, Oct 11 2007]</li>
2007-46 WHID 2007-46: School Web site breached? Personal info of Pembroke workers, volunteers accessible
</ul> for months 11-Oct-07 Unintentional Information
Insufficient
Disclosure Authorization Leakage of Information Education USA No
<p>Using XSS on the sites of both Australian major political parties a security researcher
nicknamed Bsoric caused the Liberal Party's Web site to read: "John Howard says: I want
to suck your blood", while another script caused a window to pop up on the Labor Party's
Web site, urging viewers to "Vote Liberal!"
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.builderau.com.au/news/soa/XSS-flaw-makes-PM-say-I-want-to-
suck-your-blood-/0,339028227,339282682,00.htm">XSS flaw makes PM say: "I want to
suck your blood"</a> [Builder.AU, Oct 9 2007]</li>
2007-45 WHID 2007-45: XSS flaw makes PM say: &quot;I want to suck your blood&quot; </ul> 10-Oct-07 Cross-site Scripting (XSS)
Improper Output HandlingDefacement Politics Australia No
<p>A hacker exploited a leftover admin function on eBay to block users and close sales.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.pcworld.com/article/id,138193-c,hackers/article.html">Hacker
Breaks Into eBay Server, Locks Users Out</a> [PC World, Oct 8 2007]</li>
<li><a href="http://www.auctionbytes.com/cab/abn/y07/m10/i09/s01">eBay Explains
Security Hole Used by Hacker</a> [Action Bytes, Oct 9 2007]</li>
2007-44 WHID 2007-44: Hacker Breaks Into eBay Server, Locks Users Out </ul> 10-Oct-07 Misconfiguration Insufficient AuthenticationDowntime Retail USA No
<p>Yet another defacement, and as usual in the political arena.<br />However, this one is
worth a note as the attack is very targeted, while<br />usually such political defacements
are carried quote randomly against<br />sites loosely related to the opponent and usually
has little to do with<br />the actual message the attackers want to convey. In this case
the<br />defacement seems to be a direct response to the hot debate about<br />housing
prices in Spain.<br /></p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.typicallyspanish.com/news/publish/article_12212.shtml">Hacker
attacks the Ministry for Housing website as Spanish mortgages come under the
international spotlight</a> [Typically Spanish, Aug 30 2007]</li>
2007-43 WHID 2007-43: Hacker attacks the Ministry for Housing website as Spanish mortgages come under
</ul>the international spotlight 3-Sep-07 Unknown Improper Output HandlingDefacement Government Spain No
<p>This very serious hacking incident provides insight into a lot<br />of the failures
information security in general and web application<br />security particularly beyond the
simple fact that the web site of the<br />largest state owned bank in India was invisibly
defaced with Trojan<br />inflicting code.</p>
<p>Firstly, the entire discussion in the references is about the<br />Trojan payload, with
no word about the vulnerability that led to the<br />defacement. Actually a reviewer on the
SiteAdvisor report gives the<br />green mark to the web site after the Trojan is removed,
without<br />requiring any information about the actual problem.</p>
<p>Secondly, most trust systems, including SiteAdvisor,<br />completely fail to detect the
breach. Which makes me think about those<br />trust models: they check that the site was
not breached, while they<br />should check that the site is not vulnerable. I guess the
reason is<br />that their primary goal is to detect intentionally malicious sites and<br />not
breaches is normative sites, but others use them to assess the<br />level of security of the
later.<br /></p>
<p>Additional information:</p>
<ul>
<li><a href="http://sunbeltblog.blogspot.com/2007/08/breaking-bank-of-india-seriously.
html">Breaking: Bank of India seriously compromised</a> [Sunblet Blog, Sep 2 2007]</li>
<li><a href="http://www.siteadvisor.com/sites/bankofindia.com">McAfee SiteAdvisor</a>
[McAfee, ]</li>
2007-42 WHID 2007-42: Bank of India seriously compromised </ul> 3-Sep-07 Unknown Improper Output HandlingPlanting of Malware Finance India No
<p>Still defacement but this time with a twist. This was a genuine XSS rewriting attack,
and was carried out by well known people as a stunt. No information is provided on how
the XSS vector found its way to the victim computers.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.stuff.co.nz/stuff/4182914a28.html">Hackers hit New Zealand
Herald website</a> [Stuff, Aug 29 2007]</li>
2007-41 WHID 2007-41: Hackers hit New Zealand Herald website </ul> 2-Sep-07 Cross-site Scripting (XSS)
Improper Output HandlingDefacement Media No
<p>Defacements seem to dominate the list recently, probably because they reach
everywhere. Two important conclusions from this particular one are that patch
management is a key problem and that it is a problem mainly at government sites across
the world.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.journalgazette.net/apps/pbcs.dll/article?
AID=/20070828/LOCAL/708280400/1002/LOCAL">County's Web site hacked; no data
lost</a> [Journal Gazetter, Aug 28 2007]</li>
2007-40 WHID 2007-40: County&#039;s Web site hacked; no data lost </ul> 2-Sep-07 Known Vulnerability Application Misconfiguration
Defacement Government USA No
<p>Defacements seem to start dominating this list. Alas, they are the most obvious web
site hacks out there. While not every defacement is reported in the Web Hacking Incidents
Database, key ones are. I included this one since the attacked web site is significant, and
since it emphasizes what is becoming a major goal of attacking: politics and international
affairs. <br />As a side note, this incident is also interesting because it was repeated after
discovered and presumably fixed, which goes a long way to show how much effort there is
in protecting web sites and how difficult it cab be.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.metimes.com/storyview.php?StoryID=20070726-053627-3518r"
>Hacker sabotages Peru president's Web site</a> [Middle East Times, Jul 26 2007]</li>
2007-39 WHID 2007-39: Hacker sabotages Peru president&#039;s Web site </ul> 30-Aug-07 Unknown Application Misconfiguration
Defacement Politics Peru No
<p>This gem is very interesting since it happened on Gentoo servers. It therefore
combines transparency into the incident that only an open source project can offer with the
importance and resource of a large one. As a result we have a detailed report about the
vulnerability, exploit attempts and event people shouting at each other during the patching
process. <br />What can we learn from this? That no server is secure, and that patching is
hard.
</p><p>Additional information:</p>
<ul>
<li><a href="https://bugs.gentoo.org/show_bug.cgi?id=187971">Bugzilla Bug 187971 -
Gentoo Website Command Injection Issue</a> [Gentoo, Aug 7 2007]</li>
<li><a href="http://www.gentoo.org/proj/en/infrastructure/nuthatch-writeup/">Analysis and
Timeline of the Nuthatch exploitation attempts</a> [Gentoo, ]</li>
<li><a href="http://www.gentoo.org/proj/en/infrastructure/nuthatch-writeup/apache-log-
extract.txt">Log of all usages of the exploit</a> [Gentoo, ]</li>
<li><a href="http://www.theregister.co.
uk/2007/08/17/gentoo_disconnects_vulnerable_server/">Gentoo cuts key parts of itself
from net for its own good</a> [The Register, Aug 17 2007]</li>
2007-38 WHID 2007-38: Gentoo takes server offline due to security vulnerabilities </ul> 30-Aug-07 SQL Injection Improper Input Handling Downtime Technology No
<p>Defacements are usually beyond the scope of the Web Hacking Incidents Database.
We only publish those that stand out, and this one certainly stands out.</p>
<p>The site of the United Nations was broken into and defaced using a pretty basic SQL
injection technique, and the referenced article has all the details</p>
<p>Additional information:</p>
<ul>
<li><a href="http://hackademix.net/2007/08/12/united-nations-vs-sql-injections/">United
Nations VS SQL Injections</a> [Hackademix, Aug 12 2007]</li>
<li><a href="http://news.bbc.co.uk/2/hi/technology/6943385.stm">UN's website breached
by hackers</a> [BBC, Aug 13 2007]</li>
2007-37 WHID 2007-37: United Nations VS SQL Injections </ul> 13-Aug-07 SQL Injection Improper Input Handling Defacement Government United Nations No
<p>A command injection vulnerability at 1&amp;1, a large German hosting provider, lead
to denial of service and possible home page modification at 30 servers and up to 1700
web sites. </p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.heise-security.co.uk/news/93642">Server hacked through holes in
Confixx management software</a> [Heise Security, Aug 1 2007]</li>
2007-36 WHID 2007-36: Server hacked through holes in Confixx management software </ul> 12-Aug-07 OS Commanding Application Misconfiguration
Downtime Service Providers Germany No Confixx
<p>In a classic case of lack of proper separation between the production and
development sites, an application under production with lack of proper authentication and
authorization was installed on a hospital's public web site, enabling anyone to query a
database of 51,000 names, addresses and social security numbers.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.indystar.com/apps/pbcs.dll/article?AID=2007707250428">Data
lapse involved 51,000, St. Vincent says</a> [Indy Star, Jul 25 2007]</li>
2007-35 WHID 2007-35: Data lapse involved 51,000 at a hospital </ul> 30-Jul-07 Unintentional Information
Insufficient
Disclosure AuthenticationLeakage of Information Health USA No
<p>Fox News left non public files on a directory accessible to everyone on their web
server.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.0x000000.com/?i=398">Foxnews File Disclosure</a> [The Hacker
Webzine, Jul 23 2007]</li>
<li><a href="http://www.theinquirer.net/default.aspx?article=41187">Fox News leaks
secret files</a> [The Inquierer, Jul 24 2007]</li>
2007-34 WHID 2007-34: Fox News leaks secret files </ul> 25-Jul-07 Unintentional Information
Insufficient
Disclosure AuthenticationLeakage of Information Media USA No
<p>While defacements are usually not the bread and butter of this database, when it hits
an important government site, especially of a ministry in charge of information technology,
it is worth mentioning it.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.asiamedia.ucla.edu/article.asp?parentid=74329">THAILAND: ICT
Ministry website sabotaged by hacker</a> [Bangkok Times, Jul 20 2007]</li>
<li><a href="http://64.233.183.104/search?q=cache:4emUUaBp2L8J:www.asiamedia.ucla.
edu/article.asp%3Fparentid%3D74329+www.asiamedia.ucla.edu/article.asp%
3Fparentid%3D74329&amp;hl=en&amp;ct=clnk&amp;cd=1&amp;client=firefox-a">Cached
Version</a> [Bangkok Times (Google Cache), Jul 20 2008]</li>
2007-33 WHID 2007-33: THAILAND: ICT Ministry website sabotaged by hacker </ul> 22-Jul-07 Unknown Unknown Defacement Government Thailand No
<p>I seldom add disclosures anymore to WHID, even less XSS disclosures, but since this
time they were discovered in banking sites, I thought it was worth it. After all, too many
times people think that application vulnerabilities are found only at less "serious" or less
"important" web sites where no real damage can occur.
</p><p>Additional information:</p>
<ul>
<li><a href="http://seclists.org/fulldisclosure/2007/May/0274.html">XSS vulnerability on
various german online banking sites</a> [Full Disclosure, May 17 2007]</li>
2007-32 WHID 2007-32: XSS vulnerability on various German online banking sites </ul> 1-Jul-07 Cross-site Scripting (XSS)
Improper Output HandlingLeakage of Information Finance Germany No
<p>Somebody snitched names, social security number and birth dates of approximately
1500 students at the vet school of UC Davis. Indication is that the web application used by
the students was as fault. The school's web site described the incident as a result of "the
computer attacker being able to manipulate a university computing application to accept
unauthorized commands". A disgruntled cow?

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.informationweek.com/industries/showArticle.jhtml?
articleID=200001374">Hackers Make Off With Personal Info On Applicants At UC
Davis</a> [Information Week, Jun 28 2007]</li>

<li><a href="http://www.vetmed.ucdavis.edu/computer%5Fsecurity/">UC David Vet

School Web Site</a> [UC Davis, Jun 28 2007]</li>

2007-31 WHID 2007-31: Hackers Make Off With Personal Info On Applicants At UC Davis </ul> 1-Jul-07 Unknown Insufficient AuthenticationLeakage of Information Education No
<p>Yet another defacement, but with a very high profile target, and a detailed description
of the attack which took advantage of an SQL injection vulnerability. The report even
includes a video recording of the attack.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.pcworld.com/article/id,133583-c,hackers/article.html">Microsoft.
co.uk Succumbs to SQL Injection Attack</a> [PC world, Jun 29 2007]</li>
<li><a href="http://www.zone-h.org/content/view/14780/31/">Microsoft Defaced, again!
</a> [Zone-H, Jun 27 2007]</li>
<li><a href="http://www.unbase.com/n/5725974396">Video Recording of the Attack</a>
[Hacker, Jun 27 2007]</li>
2007-30 WHID 2007-30: Microsoft UK site defaced </ul> 1-Jul-07 SQL Injection Improper Input Handling Defacement Technology UK No
<p>As you may know, defacement usually do not find their way to WHID, especially if the
method used is not known. However, since in this case the victim was the Belgian police, I
though it is worth including.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.physorg.com/news101998423.html">Teen arrested for hacking
Belgian police website</a> [Physorg.org, Jun 25 2007]</li>
2007-29 WHID 2007-29: Teen arrested for hacking Belgian police website </ul> 26-Jun-07 Unknown Improper Output HandlingDefacement Security &amp; Law Enforcement
Belgium No
<p>If you live in a country from which you need a Visa to get to the states, you knew this
would happen. The US online Visa appointment system is very open. Indeed too open.
Someone in Jamaica took advantage of this to pre-allocate appointments.
</p><p><br />While this might be classified as a business process design flaw, isn't
security also about this?
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.rjr94fm.com/news/story.php?category=2&amp;story=36819">US
Embassy probes hacking of online visa appointment system</a> [RJR 94FM, Jun 13
2007]</li>
2007-28 WHID 2007-28: US Embassy probes hacking of online visa appointment system </ul> 17-Jun-07 Process Automation Insufficient Process Validation
Disinformation Government No
<p>Google left some files at the wrong place at the wrong time. These files includes,
surprisingly, database connection strings, including a user name and a password. Hardly
news, but this time it is Google.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.0x000000.com/?i=319">Breaking News: Files From Google On
the Streets</a> [The Hacker Webzine, May 30 2007]</li>
2007-27 WHID 2007-27: Files From Google On the Streets </ul> 12-Jun-07 Unintentional Information
Insufficient
Disclosure AuthenticationLeakage of Information Internet USA No
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
<p>The CNBC stock trading reality TV show was even more real than contenders thought
it would be. It seems that players learned to cheat the game by opening a browser form to
by a stock before closing and issuing the transaction, at the set price, only after closing,
when more information is already available.
</p><p><br />The interesting anecdote is that the person who discovered the issue has
used a different, but also questionable technique of maintaining a very large number of
portfolios automatically managed by automated programs using the fact that the game
allowed a user to have any number of portfolios but only the best one is counted. Kosher,
but stinks.
</p><p><br />This story remind <a href=" http://www.webappsec.
org/projects/whid/list_id_2005-36.shtml">an older story</a> about a predictable delay in a
poker game that enabled gamblers to beat the house.
</p><p>Additional information:</p>
<ul>
<li><a href="http://jeremiahgrossman.blogspot.com/2007/06/1000000-cnbc-stock-trading-
contest.html"> $1,000,000 CNBC stock trading contest hacked</a> [ Jeremiah Grossman,
Jun 11 2007]</li>
<li><a href="http://www.businessweek.
com/bwdaily/dnflash/content/jun2007/db20070607_007145.htm">CNBC's Easy
Money</a> [Business Week, Jun 7 2007]</li>
2007-26 WHID 2007-26: $1,000,000 CNBC stock trading contest hacked </ul> 12-Jun-07 Process Automation Insufficient Session Expiration
Disinformation Media USA No
<p>Approximately 1100 students and faculty members' personal information records
which includes social security numbers were exposed by a vulnerable web application at
the Molecular and Cellular Biology program at the University of Iowa. The report suggests
that the application was actually compromised.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://news-releases.uiowa.edu/2007/june/060807website-breach.html">UI
Notifies Graduate Program Students, Faculty About Security Breach</a> [Univ. Of Iowa,
May 19 2007]</li>
<li><a href="http://www.informationweek.com/news/showArticle.jhtml?
articleID=199903218">Two Universities Hit By Security Breaches</a> [Information Week,
Jun 11 2007]</li>
2007-25 WHID 2007-25: University of Iowa Molecular and Cellular Biology Program Security Incident </ul> 12-Jun-07 Unknown Application Misconfiguration
Leakage of Information Education USA No
<p>An undisclosed vulnerability in a web application at the University of Virginia allowed
hackers to access names, social security numbers and birth dates of faculty members
from May 2005 until April of 2007. Approximately 5700 records where stolen in 54 distinct
break-ins.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.computerworld.com/action/article.do?
command=viewArticleBasic&amp;taxonomyId=17&amp;articleId=9024279&amp;
intsrc=hm_topic">Hackers access personal info on faculty members at Univ. of
Virginia</a> [Computer World, Jun 11 2007]</li>
<li><a href="http://www.informationweek.com/software/showArticle.jhtml?
articleID=199903218&amp;cid=RSSfeed_IWK_News">Two Universities Hit By Security
Breaches</a> [Information Week, Jun 11 2007]</li>
<li><a href="http://www.virginia.edu/uvatoday/newsRelease.php?id=2217">U.Va. Faculty
Names, SSN Security Breach</a> [Univ. of Va., Jun 8 2007]</li>
2007-24 WHID 2007-24: Hackers access personal info on faculty members at Univ. of Virginia </ul> 12-Jun-07 Unknown Application Misconfiguration
Leakage of Information Education USA No
<p>A spreadsheet left on the web site of the US office of national intelligence includes
secret information on the total budget of the US intelligence. Interestingly the not all the
required information appears in the document, but combined with other pieces of
information made available prior, the total number can be calculated.
</p><p><br />This is a very interesting example of the sensitivity of partial data or small
pieces of information and not just the big secrets.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.thespywhobilledme.
com/the_spy_who_billed_me/2007/06/exclusive_offic.html">Office of Nation's Top Spy
Inadvertently Reveals Key to Classified National Intel Budget</a> [The Spy Who Billed
Me, Jun 3 2007]</li>
2007-23 WHID 2007-23: Office of Nation&#039;s Top Spy Inadvertently Reveals Key to Classified National
</ul>
Intel Budget 12-Jun-07 Unintentional Information
Insufficient
Disclosure AuthenticationLeakage of Information Security &amp; Law Enforcement
USA No
<p>The web site of the chief minister of Kerala (an Indian State) was hacked and defaced.
The local police has contacted the Interpol to help in finding who is behind the web site
hacking.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.newindpress.com/NewsItems.asp?ID=IEO20070609142217&amp;
Page=O&amp;Title=Thiruvananthapuram&amp;Topic=0">Hacking of CM's website:
Interpol's help sought</a> [NewindPress, Jun 10 2007]</li>
2007-22 WHID 2007-22: Hacking of CM&#039;s website: Interpol&#039;s help sought </ul> 12-Jun-07 Unknown Improper Output HandlingDefacement Government India No
<p>The site of the Belgian Defense Ministry was defaced by Turks who protested a pro-
Kurdish remarks by the Belgian government.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.armenian.ch/forum/phpBB2/viewtopic.php?=&amp;p=10536"
>Belgian defense ministry web site remains off line after weekend hacking</a>
[Associated Press, Jan 15 2007]</li>
2007-21 WHID 2007-21: Belgian Defense Ministry site defaced by Turks </ul> 17-May-07 SQL Injection Improper Input Handling Defacement Security &amp; Law Enforcement
Belgium No Turkey
<p>Private Bay is a BitTorrent information exchange blog site. Hackers used an SQL
Injection vulnerability in the web site to steal 1.6 million users and passwords of the site. At
least the passwords where hashed, which means that the hacker would need a cracking
software and only the lame passwords will be found.<br />This incident highlights the Web
authentication problem. Just think how many of those users use the same username and
password in many other sites.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.securityfocus.com/brief/499">Pirate Bay breach leaks
database</a> [Security Focus, May 14 2007]</li>
<li><a href="http://thepiratebay.org/blog/68">User data stolen but not unsecured</a>
[Private Bay, May 11 2007]</li>
<li><a href="http://www.theinquirer.net/default.aspx?article=39604">Pirate Bay says
stolen database safe</a> [The Inquierer, May 14 2007]</li>
2007-20 WHID 2007-20: Pirate Bay breach leaks database </ul> 14-May-07 SQL Injection Improper Input Handling Leakage of Information Internet Sweden No
<p>A report within the help desk system used to track the status of open service calls
created a file that was a accessible to everyone. A hacker abused the problem to get
information regarding 22,000 current and former students.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.msnbc.msn.com/id/18561756/">Hacker accessed data at
University of Missouri</a> [MSNBC, May 8 2007]</li>
<li><a href="http://computerworld.com/action/article.do?command=viewArticleBasic&amp;
taxonomyName=cybercrime_and_hacking&amp;articleId=9018982&amp;
taxonomyId=82&amp;intsrc=kc_top">One-at-a-time hacker grabs 22,000 IDs from Univ. of
Missouri</a> [Computerworld, May 9 2007]</li>
<li><a href="http://doit.missouri.edu/computersecurity/">May 2007 Security Incident</a>
[University of Missouri, May 8 2007]</li>
2007-19 WHID 2007-19: Hacker accessed data at University of Missouri </ul> 9-May-07 Unintentional Information
Insufficient
Disclosure AuthenticationLeakage of Information Education USA No
<p>This incredible story from our friends at Zone-H shed light on one of those defacement
attacks, which usually go unexplained. This time an infamous Saudi-Arabian hacker
abused SQL injection vulnerability in Internet Explorer Administration Kit web site. And
guess what type of SQL injection: A login form SQL injection!
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.zone-h.org/content/view/14734/31/">Microsoft.com defaced</a>
[zone-H, May 3 2007]</li>
2007-18 WHID 2007-18: Microsoft.com defaced </ul> 6-May-07 SQL Injection Improper Input Handling Defacement Technology USA No Saudi Arabia
<p>The site of "Big Brother", a reality show in Australia issued duplicate session IDs to
different users since the session ID pool was exhausted. Naturally, the 2nd person to get
the same session ID got to see all the details of the 1st one!
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.theage.com.au/news/tv--radio/porn-privacy-glitches-hit-big-
bro/2007/04/23/1177180548617.html">Porn and privacy: Big Brother's big bother</a>
[The Age, Apr 23 2007]</li>
2007-17 WHID 2007-17: Big Brother&#039;s big bother </ul> 26-Apr-07 Credential/Session Prediction
Application Misconfiguration
Leakage of Information Media Australia No
<p>Details about 63,000 loans granted to farmers by USDA (The US department of
agriculture) where posted online by mistake.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.axcessnews.com/index.php/articles/show/id/10832">USDA admits
data breach, thousands of social security numbers revealed</a> [Axcess News, Apr 23
2007]</li>
2007-16 WHID 2007-16: USDA admits data breach, thousands of social security numbers revealed </ul> 23-Apr-07 Unintentional Information
Insufficient
Disclosure AuthenticationLeakage of Information Government USA No
<p>Two girls modified a schools home page by adding a note that school was closed due
to a snow storm. The attack was probably done using a rouge admin accounts.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.firstcoastnews.com/news/strange/news-article.aspx?
storyid=75657">High School Hackers Cancel School With Fake Snow Day</a> [http:
//www.firstcoastnews.com/news/strange/news-article.aspx?storyid=75657, Feb 9 2007]
</li>
2007-15 WHID 2007-15: High School Hackers Cancel School With Fake Snow Day </ul> 5-Apr-07 Brute Force Insufficient AuthenticationDisinformation Education USA No
<p>A priority code, used to get free platinum pass to MacWorld Expo, was validated on
the client and enabled anyone get the pass for free. While "grutz" informed the organizers
about it, when going over their log files they found out that others abused the vulnerability
without letting anyone know about it.
</p><p>Additional information:</p>
<ul>
<li><a href="http://news.com.com/2100-1002_3-6149994.html?part=rss&amp;tag=2547-
1_3-0-5&amp;subj=news">Macworld crack offers VIP passes, hacker says</a> [CNet, Jan
12 2007]</li>
<li><a href="http://grutztopia.jingojango.net/2007/01/your-free-macworld-expo-platinum-
pass_11.html">Your Free MacWorld Expo Platinum Pass (valued at $1,695)</a> [Grutz,
Jan 11 2007]</li>
2007-14 WHID 2007-14: Your Free MacWorld Expo Platinum Pass </ul> 2-Apr-07 Credential/Session Prediction
Application Misconfiguration
Loss of Sales Technology USA No
<p>The personal information of about 3,000 current and former Georgia Tech employees
may have been compromised. The informatoin included names, addresses, Social
Security numbers and other sensitive information, including about 400 state purchasing
card numbers.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://atlanta.bizjournals.com/atlanta/stories/2007/02/19/daily20.html?
t=printable">Hackers hit Georgia Tech and steal personal info</a> [Atlanta Business
Chronicle, Feb 21 2007]</li>
2007-13 WHID 2007-13: Hackers hit Georgia Tech and steal personal info </ul> 2-Apr-07 Unknown Unknown Leakage of Information Education USA No
<p>While vulnerabilities in public web sites are dime a dozen this days and rarely included
in WHID, a classic SQL injection in the login form on the home page of the web site of a
very big company is worth an entry. In my presentation I usually claim that such
vulnerabilities have disappeared years ago and then go on to show advanced SQL
injection techniques. It seems that they exit.
</p><p>Additional information:</p>
<ul>
<li><a href="http://blog.gjl-network.net/blog/index.php?/archives/78-Knorr.de-SQL-
Injection-and-XSS-Vulnerabilities.html">Knorr.de SQL Injection and XSS
Vulnerabilities</a> [Sebastian Bauer, Mar 2 2007]</li>
2007-12 WHID 2007-12: SQL injection at knorr.de login page </ul> 2-Apr-07 SQL Injection Improper Input Handling Leakage of Information Retail Germany No
<p>Nokia's Canadian Web Site was defaced using an XSS attack.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.mad4mobilephones.com/news/383/">Nokia website hacked</a>
[Mad4mobilephones, Jan 29 2007]</li>
2007-11 WHID 2007-11: Nokia defaced by XSS </ul> 30-Mar-07 Cross-site Scripting (XSS)
Improper Output HandlingDefacement Technology Canada No
<p>Hackers penetrated the Dolphins stadium web site just days before the Super Bowl
was held there and modified the home page to include a Trojan inflecting script.
</p><p>Additional information:</p>
<ul>
<li><a href="http://cbs.sportsline.com/nfl/story/9971314">Hacker installs malicious code
on Dolphin Stadium website</a> [CBS/AP, Feb 2 2007]</li>
<li><a href="http://www.websense.com/securitylabs/alerts/alert.php?AlertID=733"
>Malicious Website: Super Bowl XLI / Dolphin Stadium</a> [WebSense, Feb 2 2007]</li>
<li><a href="http://eset.com/threat-center/blog/?p=39">Super Bowl Dolphin Stadium
Website Trojan</a> [eSet, Feb 2 2007]</li>
<li><a href="http://www.securityfocus.com/brief/473">Chinese servers host malicious
cursor attacks</a> [Security Focus, Mar 30 2007]</li>
2007-10 WHID 2007-10: Super Bowl Site Hacked with Trojan, Key logger </ul> 30-Mar-07 Unknown Improper Output HandlingPlanting of Malware Sports USA No
<p>Names and social security numbers of former employees of Fruit of the Loom where
available for download from the company's web site.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.thenortheastgeorgian.
com/articles/2007/02/23/news/business/01business.prt">Former Fruit of the Loom
workers' identities compromised</a> [The Northwest Georgian, Feb 23 2007]</li>
2007-09 WHID 2007-09: Former Fruit of the Loom workers&#039; identities compromised </ul> 29-Mar-07 Unknown Unknown Leakage of Information Retail USA No
<p>Backdoor was planted in a new official release of WordPress, the most popular
blogging software in the world. It was available for download for a few days before the
backdoor was located.

</p><p>Additional information:</p>

<ul>

<li><a href="http://wordpress.org/development/2007/03/upgrade-212/">WodPress
dangerous, Upgrade</a> [, Mar 2 2007]</li>

<li><a href="http://news.com.
com/Intruder+adds+backdoor+to+WordPress+blog+software/2100-7349_3-6164967.html"
>Intruder adds back door to WordPress blog software</a> [News.com, Mar 6 2007]</li>

2007-08 WHID 2007-08: WordPress Backdoor </ul> 29-Mar-07 Unknown Unknown Planting of Malware Blogs No WordPress
<p>Personal information about 2,000 patients was mistakenly published on the hospital's
web site. The leakage was discovered only when a patient found her information when
"Googling" herself.
</p><p><br />The information included personal data such as social security numbers,
birth dates, address, phone number, insurance numbers and in some cases the reason for
the visit.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.pbn.com/stories/23678.html">Westerly Hospital data breach
affects 2,000</a> [Providence Business News, Mar 2 2007]</li>
<li><a href="http://www.westerlyhospital.com/news_events/patient_data_incident_report.
htm">Patient Data Incident</a> [, Mar 5 2007]</li>
2007-07 WHID 2007-07: Westerly Hospital data breach affects 2,000 </ul> 29-Mar-07 Unintentional Information
Insufficient
Disclosure AuthenticationLeakage of Information Health USA No
<p>11,500 credit card numbers have been stolen from the web site of Johnny's Selected
Seeds a small ($13M in revenue per annum) on line vendor of seeds in Main. 20 of these
are known to have been abused. As usual, the hack was discovered because of fraudulent
use of stolen credit cards rather than security measures used protect the web site.
</p><p><br />The direct cost of the breach, informing customers, researching the incident
and upgrading the protection of the web site cost the company tens of thousands of
dollars.
</p><p>Additional information:</p>
<ul>
<li><a href="http://kennebecjournal.mainetoday.com/news/local/3676190.html">Hackers
swipe seed company's customers' data</a> [Kennebec Journal, Mar 3 2007]</li>
<li><a href="http://www.realtime-itcompliance.
com/privacy_incidents/2007/03/maine_seed_company_website_hac.htm">Maine Seed
Company Website Hacked: Demonstrates SMB Vulnerability &amp; Questions Hacker
Safe Seals</a> [Realtime IT compliance, Mar 3 2007]</li>
2007-06 WHID 2007-06: Hackers swipe seed company&#039;s customers&#039; data </ul> 29-Mar-07 Unknown Unknown Monetary Loss Retail USA No
<p>An open source developer virtually defaced John McCain's MySpace page. He did not
have to commit any crime, because the page pulled an image directly from the open
source developer's site.
</p><p>Additional information:</p>
<ul>
<li><a href="http://mike.newsvine.com/_news/2007/03/27/633799-hacking-john-mccain"
>Hacking John McCain</a> [, Mar 27 2007]</li>
<li><a href="http://news.com.com/2061-10796_3-6170883.html">Oops! John McCain's
MySpace page gets pranked</a> [CNet, Mar 27 2007]</li>
2007-05 WHID 2007-05: Hacking John McCain </ul> 29-Mar-07 Misconfiguration Application Misconfiguration
Defacement Politics USA No
<p>A student at a community college in Sacramento who was &quot;Googling&quot;
himself last month found his name, among 2000 others, in a file accidentally left by school
staff online and picked by Google crawler.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.azcentral.com/arizonarepublic/business/articles/0310biz-
googleshock0310.html">College glitch avails student information to public</a> [The
Arizona Republic, Mar 10 2007]</li>
2007-04 WHID 2007-04: College glitch avails student information to public </ul> 27-Mar-07 Unintentional Information
Insufficient
Disclosure AuthenticationLeakage of Information Education USA No
<p>Personal information for about 2,700 University of Idaho employees was inadvertently
posted at the school's Web site for 19 days in February, though officials say it was not
easy to access and there's no reason yet to believe it was misused.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.spokesmanreview.com/tools/story_pf.asp?ID=178531">UI put
staff data on Web</a> [Spokesman Review, Mar 10 2007]</li>
<li><a href="http://www.vandalidentity.net/default.aspx?pid=97037"></a> [Vandal Identity
Resource Center, ]</li>
2007-03 WHID 2007-03: UI put staff data on Web </ul> 26-Mar-07 Unintentional Information
Insufficient
Disclosure AuthenticationLeakage of Information Education USA No
<p>On January 3, a hacker broke into Indiana's government web site and made off with
personal information for 71,000 health care aides who obtained certifications from the
state, as well as 5,600 credit card numbers from people who had paid the state through
the IN.gov web site.</p>
<p>While officials in Indiana tried to write it off as a harmless prank played by a teenager,
the U.S. Department of Justice has also been investigating the case, and they believe the
same hacker is responsible for attempts on other state government web sites.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.informationweek.com/news/showArticle.jhtml?
articleID=198500410">Hacker Suspected Of Multistate Break-In Spree</a> [Information
Week, Mar 23 2007]</li>
<li><a href="http://www.theindychannel.com/news/10973406/detail.html">Hacker
Accesses Credit Card Info On State Web Site</a> [The Indy Channel, Feb 9 2007]</li>
<li><a href="http://www.theindychannel.com/news/11315796/detail.html">State Notifies
71,000 Workers Of Web Site Breach</a> [The Indy Channel, Mar 21 2007]</li>
<li><a href="http://www.theindychannel.com/news/11334932/detail.html">State: Web Site
Breach May Have Been Prank</a> [The Indy Channel, Mar 22 2007]</li>
2007-01 WHID 2007-01: Credit Card Information stolen from Indiana&#039;s Web Site </ul> 26-Mar-07 Unknown Unknown Leakage of Information Government USA No
<p>Unlike other XSS cases, this was discovered due to actual abuse on a specific auction
at EBay.

</p><p>Additional information:</p>

<ul>

<li><a href="http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0730.html"
>Ebay XSS</a> [Full Disclosure, Feb 28 2006]</li>

2006-9 WHID 2006-9: EBay XSS </ul> 3-Mar-06 Cross-site Scripting (XSS)
Improper Output HandlingDisinformation Retail No
<p>Links sent to a user as part of the mail content are not properly sanitized, so a user
receiving such mail and activating a link would be affected.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.nukedx.com/?viewdoc=15">Advisory: ICQmail.com &amp;

Mail2World.com (ms_inbox.asp Current_folder) XSS vulnerability</a> [NukedX, Feb 25
2006]</li>

2006-8 WHID 2006-8: ICQmail.com - Mail2World.com XSS vulnerability </ul> 5-Mar-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Service Providers No
<p>Google reader allows redirection so sites can fool users to subscribe to malicious
content.

</p><p>Additional information:</p>

<ul>

<li><a href="http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042439.html"
>Google Reader "preview" and "lens" script improper feed validation</a> [Full Disclosure,
Feb 22 2006]</li>

2006-7 WHID 2006-7: Google Reader &quot;preview&quot; and &quot;lens&quot; script improper feed validation
</ul> 5-Mar-06 Redirection Improper Input Handling Disclosure Only Search Engine No
<p>A site of a minor league baseball team was hacked and personal details of fans was
stolen.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.wstm.com/Global/story.asp?S=4633614&amp;nav=2aKD">Hacker
breaks into Buffalo sports site</a> [NBC, Mar 15 2006]</li>

<li><a href="http://www.buffalonews.com/editorial/20060314/1033934.asp">Hacker gains

access to Bisons fans' Web data</a> [The Buffalow News, Mar 14 2006]</li>

2006-6 WHID 2006-6: Hacker breaks into Buffalo sports site </ul> 22-Mar-06 Unknown Unknown Leakage of Information Sports No
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
<p>Hotmail's filtering engine insufficiently filters JavaScript scripts. It is possible to write
JavaScript in the BGCOLOR attribute of the BODY tag, using CSS. This leads to
execution when the email is viewed. JavaScript must be Unicode encoded in order to fool
the filter. This encoding is recognized with IE >= 6

</p><p>Additional information:</p>

<ul>

<li><a href="http://seclists.org/lists/bugtraq/2006/Mar/0509.html">Microsoft MSN Hotmail :

Cross-Site Scripting Vulnerability</a> [Bugtraq Archives, Mar 23 2006]</li>

2006-5 WHID 2006-5: Hotmail XSS (1) </ul> 29-Mar-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Service Providers No
<p><em><strong>Update (Jan 26^th 2009) </strong></em>- an <a href="http:
//www.scmagazineus.com/Clothing-retailer-settles-with-FTC-over-credit-card-
breach/article/109217/">SC magazine article sheds more light on the incident</a>
revealing that there was actually a breach, apparently using SQL injection, which resulted
in leakage of 10,000 credit card numbers</p>
<p><hr />
An SQL injection vulnerability that could result in a hacker being able to access credit card
numbers, expiration dates, and security codes of thousands of consumers was discovered
in the web site of retailer "life is good".</p>
<p>The US Federal Trade Commission charged "life is good" with lack of reasonable and
appropriate security for the sensitive consumer information stored on its servers. The
company's settlement with the company requires the company to accept a very
comprehensive and costly security procedure going forward.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.informationweek.com/news/showArticle.jhtml?
articleID=205901219">Online Retailer Settles Charges That It Left Consumer Data Open
To Hackers</a> [Information Week, Jan 18 2008]</li>
<li><a href="http://www.storefrontbacktalk.com/story/011808ftc">FTC Wags Finger At Site
For Weak Consumer Data Security</a> [Storefront Backtack, Jan 18 2008]</li>
<li><a href="http://www.ftc.gov/os/caselist/0723046/index.shtm">n the Matter of Life is
good, Inc., a corporation, and Life is good Retail, Inc., a corporation. FTC Matter No. 072-
3046</a> [Federal Trade Commission, Jan 17 2008]</li>
2006-48 WHID 2006-48: SQL Injection Used to Steal Information from &quot;Life is Good&quot; </ul> 19-Jan-08 SQL Injection Improper Input Handling Credit Card Leakage Retail USA No
<p>Zone-h is one of the best (well, the best, not just one of them) web sites to follow if you
interested in what the bad guys do. Their account of how their own web site was defaced
is a classic. And no, it was not their fault. The incident shows how a seemingly minor
vulnerability in a major web site (a hotmail XSS bug), can be used to deface another,
unrelated site in a very elaborate and targeted attack.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.zone-h.org/content/view/14458/31/">Santa brought to Zone-H a

brand new defacement</a> [Zone-H, Dec 22 2006]</li>

2006-47 WHID 2006-47: Santa brought to Zone-H a brand new defacement </ul> 2-Apr-07 Cross-site Scripting (XSS)
Improper Output HandlingDefacement Hacking No
<p>A small credit union web site was hacked and the traffic redirected to a pharming site.
About 180 users where redirected, out of which 12 where tricked into providing their
personal information to the attackers. $500 are known to have been stolen from one of the
victims.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.thekansascitychannel.com/news/10408223/detail.html">Hacker
Redirects Bank Customers To Phony Site</a> [The Kensas City Channel, Nov 27 2006]
</li>

2006-46 WHID 2006-46: Hacker Redirects Bank Customers To Phony Site </ul> 30-Mar-07 Redirection Improper Input Handling Phishing Finance No
<p>A Korean shopping system was vulnerable to hidden field manipulation and a
determined hacker purchased $6000 worth of merchandize at 45 stores for much less.

</p><p>Additional information:</p>

<ul>

<li><a href="http://english.hani.co.kr/arti/english_edition/e_national/178464.html">Man
arrested for hacking Internet shopping malls</a> [The Hankyorea, Dec 17 2006]</li>

2006-45 WHID 2006-45: Man arrested for hacking Internet shopping malls </ul> 30-Mar-07 Hidden Parameter Manipulation
Insufficient Process Validation
Monetary Loss Retail No
<p>Most XSS vulnerabilities are benign. In many cases they are hardly exploitable. In this
case Netscape's new digg like shared news site was hacked using a persistent XSS
attack, so every viewer of the site was attacked, luckily only to show funny dialog boxes.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.f-secure.com/weblog/archives/archive-072006.html#00000927"
>Netscape.com hacked</a> [F-Secure, Jul 26 2006]</li>

<li><a href="http://searchsecurity.techtarget.com/originalContent/0,289142,
sid14_gci1204568,00.html">Netscape.com hit with cross-site scripting attack</a> [Search
Security, Jul 26 2006]</li>

<li><a href="http://www.betanews.
com/article/AOL_Fixes_Netscapecom_XSS_Hack/1153940441">AOL Fixes Netscape.
com XSS Hack</a> [Beta News, Jul 26 2006]</li>

<li><a href="http://www.securitypronews.com/news/securitynews/spn-45-
20060726NetscapeHackedProfessorDeniesSexinessClaims.html">Netscape Hacked,
Professor Denies Sexiness Claims</a> [SecurityPro News, Jul 26 2006]</li>

<li><a href="http://www.threadwatch.org/node/7714">NetScape.com - JavaScript Exploit

Embaressment</a> [Threadwatch.org, Jul 26 2006]</li>

2006-42 WHID 2006-42: Netscape.com hacked </ul> 27-Jul-06 Cross-site Scripting (XSS)
Improper Output HandlingDefacement Information Services No
<p>A bug in MySpace allowed a single click on an incoming bulletin by a person to
forward it to all his contacts, making spreading a worm (or any content for that matter) too
easy.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.boogybonbon.com/2006/06/16/making-money-with-myspace-
bulletin-system/">Making money with Myspace bulletin system!</a> [, Jun 16 2006]</li>

2006-41 WHID 2006-41: Making money with MySpace bulletin system! </ul> 24-Jul-06 Cross-site Scripting (XSS)
Abuse of Functionality Worm Web 2.0 No
<p>MySpace bulletins, presumably accessible only to the social network of the originator
can be access by anyone by iterating through a message id query parameter.

</p><p>Additional information:</p>

<ul>

<li><a href="http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047579.html">Data
Mining Myspace Bulletins</a> [Full Disclosure Mailing List, Jun 30 2006]</li>

2006-40 WHID 2006-40: Data Mining MySpace Bulletins </ul> 24-Jul-06 Predictable Resource Location
Insufficient Authorization Leakage of Information Web 2.0 No
<p>A hoster was broken into by brute forcing passwords in a management interface. Sites
of many clients, including three municipalities where defaced.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.contracostatimes.
com/mld/cctimes/news/local/crime_courts/13643743.htm">Hacker diverts traffic from city's
Web page</a> [ContraCosta times, Jan 17 2006]</li>

2006-4 WHID 2006-4: Hacker diverts traffic from city&#039;s Web page </ul> 26-Feb-06 Brute Force Insufficient Anti-automation
Defacement Government No
<p>An XSS vulnerability in the feature allowing adding an arbitrary RSS to personal web
pages. Since this page resides on the main <a href="http://www.google.com" title="www.
google.com">www.google.com</a> host, the executed JavaScript can access any Google
resource.

</p><p>Additional information:</p>

<ul>

<li><a href="http://blog.outer-court.com/archive/2006-07-06-n81.html">Google Fixes XSS

Security Problem</a> [Google Blogoscoped, Jul 6 2006]</li>

<li><a href="http://ha.ckers.org/blog/20060704/cross-site-scripting-vulnerability-in-google/"
>Cross Site Scripting Vulnerability in Google</a> [ha.ckers, Jul 4 2006]</li>

<li><a href="http://news.com.com/Google+fixes+security+flaw+in+Reader/2100-1002_3-
6090974.html?part=rss&amp;tag=6090974&amp;subj=news">Google fixes security flaw in
Reader</a> [News.com, Jul 5 2006]</li>

2006-39 WHID 2006-39: Another Google XSS </ul> 24-Jul-06 Cross-site Scripting (XSS)
Improper Output HandlingLeakage of Information Information Services No
<p>Altiris seems to have designed their servers so that it is easy to both access their
customers upload as well as find out their e-mail addresses.

</p><p>Additional information:</p>

<ul>

<li><a href="http://seclists.org/lists/webappsec/2006/Jul-Sep/0052.html">Convenience or
just bad design?</a> [WebAppSec, Jul 12 2006]</li>

2006-38 WHID 2006-38: Convenience or just bad design? </ul> 24-Jul-06 Predictable Resource Location
Insufficient Authorization Leakage of Information Technology No
<p>MySpace seems to be a heaven for XSS worms. This one seems to be even more
interesting as it uses JavaScript embedded in a flash file. It is also interesting as it seems
to combine the popular political defacement trend with high level application layer exploit.
</p>
<p>Additional information:</p>
<ul>
<li><a href="http://chaseandsam.com/2006/07/myspace-hack-spreading-like-wildfire.html"
> Myspace Hack spreading like wildfire: SPAIRLKAIFS</a> [Chase and Sam page, Jul 16
2006]</li>
<li><a href="http://kinematictheory.phpnet.us/">How the myspace SWF hack worked</a>
[Unknown, Jul 16 2006]</li>
<li><a href="http://www.scmagazine.
com/uk/news/article/569987/political+hacking+hits+myspace/">Political hacking hits
MySpace</a> [SC Magazine, Jul 17 2006]</li>
2006-37 WHID 2006-37: MySpace Hack Spreading </ul> 24-Jul-06 Cross-site Scripting (XSS)
Improper Output HandlingWorm Web 2.0 No
<p>While XSS vulnerabilities in public web sites are found daily, this one is of special
interest. It was found in one of the sites most targeted by Phishers, it is exploitable for
Phishing and was exploited. On top of that, it seems to have been discovered and
reported to PayPal already two years ago but ignored due to a communication failure.

</p><p>Additional information:</p>

<ul>

<li><a href="http://news.netcraft.
com/archives/2006/06/16/paypal_security_flaw_allows_identity_theft.html">PayPal
Security Flaw allows Identity Theft</a> [Netcraft, Jun 16 2006]</li>

<li><a href="http://news.netcraft.
com/archives/2006/07/20/paypal_xss_exploit_available_for_two_years.html">PayPal XSS
Exploit available for two years?</a> [Netcraft, Jul 20 2006]</li>

<li><a href="http://news.com.com/PayPal+fixes+phishing+hole/2100-7349_3-6084974.
html">PayPal fixes phishing hole</a> [News.com, Jun 16 2006]</li>

<li><a href="http://computerworld.com/blogs/node/3028"> Responsible Disclosure? -

Paypal vulnerable for two years</a> [Computer World, Jul 20 2006]</li>

2006-36 WHID 2006-36: PayPal Flaw Gets Accidental Two-Year Reprieve? </ul> 24-Jul-06 Cross-site Scripting (XSS)
Improper Output HandlingPhishing Retail No
<p>Yahoo mail does not filter properly the CSS "expression" keyword when it includes a
comment that is encoded.

</p><p>Additional information:</p>

<ul>

<li><a href="http://applesoup.googlepages.com/yahoo_mail_xss.txt">Yahoo! Mail XSS

Vulnerability</a> [Cheng Peng Su, Apr 21 2006]</li>

2006-35 WHID 2006-35: Yahoo mail XSS in CSS expression keyword </ul> 9-May-06 Cross-site Scripting (XSS)
Improper Output HandlingLeakage of Information Search Engine No
<p>This community site allows including scripts in multiple locations including ones
personal profile thus enabling XSS.

</p><p>Additional information:</p>

<ul>

<li><a href="http://addict3d.org/index.php?page=viewarticle&amp;type=security&amp;
ID=5754&amp;title=XSS%20Exploit%20at%20sms.ac"> XSS Exploit at sms.ac</a>
[Addict3D, Jan 3 2006]</li>

2006-34 WHID 2006-34: XSS Exploit at sms.ac </ul> 9-May-06 Cross-site Scripting (XSS)
Improper Output HandlingLeakage of Information Information Services No
<p>Alexadex is an online investment game. There is an XSS vulnerability in the group
adding functionality.

</p><p>Additional information:</p>

<ul>

<li><a href="http://seclists.org/lists/bugtraq/2006/May/0113.html">Alexadex.com players.

py XSS Exploit</a> [Bugtraq, May 5 2006]</li>

2006-33 WHID 2006-33: Alexadex.com players.py XSS Exploit </ul> 9-May-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Entertainment No
<p>Libero.it is a Web portal of big Italian ISP offering dial-up, Broadband and talk
services. A script on it's customer service pages which enabled a connection speed test is
vulnerable to XSS.

</p><p>Additional information:</p>

<ul>

<li><a href="http://seclists.org/lists/bugtraq/2006/May/0079.html">libero.it XSS

vulnerability - HTML injection</a> [Bugtraq (Posted by Davide Denicolo), May 2 2006]</li>

2006-32 WHID 2006-32: libero.it XSS vulnerability - HTML injection </ul> 9-May-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Service Providers No
<p>A researcher found that the login error page on this sites can be injected.

</p><p>Additional information:</p>

<ul>

<li><a href="http://seclists.org/lists/bugtraq/2006/May/0121.html">URL Bug On 1ASPHost

and DomainDLX Hosting Services</a> [Bugtraq, Jun 6 2006]</li>

2006-31 WHID 2006-31: URL Bug On 1ASPHost and DomainDLX Hosting Services </ul> 9-May-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Hosting Providers No
<p>A hacker successfully abuse a vulnerability in Horde to penetrate a site owned by the
National Security Agency of the Slovak Republic

</p><p>Additional information:</p>

<ul>

<li><a href="http://blackhole.sk/node/442">Narodny Bezpecnostny Urad pwn3d (Slovak

with Code Snippets</a> [Blackhole.sk, Apr 25 2006]</li>

<li><a href="http://www.securityfocus.com/archive/75/432202">National Secret Agency of

Slovak Republic</a> [Incidents Mailing List, Apr 26 2006]</li>

2006-30 WHID 2006-30: National Secret Agency of Slovak Republic Hacked </ul> 30-Apr-06 OS Commanding Improper Input Handling Leakage of Information Government No
<p>Russian hackers broke into a Rhode Island government Web site and allegedly stole
credit card data from individuals who have done business online with state agencies. The
hackers claimed to have stolen 53,000 credit card numbers, while the hosting service
provider claims the number was just 4113.<br /><br />The technical reference site is in
Russian, you can use <a href=http://www.appliedlanguage.com/free_translation.
shtml>Applied Languages Solutions</a> for an online translations.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.fcw.com/article92132-01-27-06-Web">Hackers steal credit card

info from R.I. Web site</a> [Federal Computer Week, Jan 27 2006]</li>

<li><a href="http://www.xakep.ru/post/29550/default.asp">Competition: As it was broken

up ri.gov or as become the owner of the island</a> [, ]</li>

2006-3 WHID 2006-3: Russian hackers broke into a RI GOV website </ul> 26-Feb-06 SQL Injection Improper Input Handling Leakage of Information Government No
<p>Tlen.PL is a popular Polish IM system provided by o2.pl, which includes e-mail
accounts. The e-mail client is web based with a browser embedded in the communicator
software. Certain webmail servers do not validate e-mail subject for HTML tags, allowing
attacker to inject script code.

</p><p>Additional information:</p>

<ul>

<li><a href="http://security.pass.pl/adv/160406_XSS_tlen_pl.txt">Tlen.PL e-mail XSS

vulnerability</a> [<a href="http://security.pass.pl/">Tomasz Koperski</a>, ]</li>

2006-28 WHID 2006-28: Tlen.PL e-mail XSS vulnerability </ul> 20-Apr-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Service Providers No
<p><a href="http://www.incredibleindia.org" title="www.incredibleindia.org">www.
incredibleindia.org</a> is official Indian government tourism website.<br /><br /><br />The
researcher has found that the parameter PageID in the page ms_Page.asp is vulnerable
to SQL injection. He further tested that SQL error messages enable standard probing
methods for finding out the number of columns and their type work.

</p><p>Additional information:</p>

<ul>

<li><a href="http://seclists.org/lists/bugtraq/2006/Apr/0408.html">SQL Injection in

incredibleindia.org</a> [Susam Pal, Apr 16 2006]</li>

2006-27 WHID 2006-27: SQL Injection in incredibleindia.org </ul> 20-Apr-06 SQL Injection Improper Input Handling Disclosure Only Government No
<p>An XSS vulnerability in Yahoo Mail is actively exploited for targeted phishing.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.webappsec.org/lists/websecurity/archive/2006-04/msg00049.html"
>Alert - Yahoo! Webmail XSS</a> [Cesar Cerrudo, <a href="http://www.argeniss.com"
>Argeniss</a>, Apr 17 2006]</li>

<li><a href="http://seclists.org/lists/fulldisclosure/2006/Apr/0823.html">Alert - Yahoo! Mail

XSS vulnerability</a> [Cesar Cerrudo, <a href="http://www.argeniss.com">Argeniss</a>,
Apr 28 2006]</li>

2006-26 WHID 2006-26: Yahoo XSS used for phishing </ul> 18-Apr-06 Cross-site Scripting (XSS)
Improper Output HandlingPhishing Search Engine No
<p>Everyone.net login script (loginuser.pl) is prone to a cross site scripting attack in the
variable loginName.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.morx.org/everyoneXSS.txt">Everyone.net XSS</a> [Simo Ben

Youssef, Feb 12 2006]</li>

2006-25 WHID 2006-25: Everyone.net XSS </ul> 12-Apr-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Service Providers No
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
<p>The $a variable in Hotmail's inbox is vulnerable to cross site scripting vulnerability.
Exploit requires the victim to open the email message.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.morx.org/HotmailCookieXploit.txt">Hotmail Cross Site

Scripting</a> [Simo Ben Youssef, Feb 20 2006]</li>

2006-24 WHID 2006-24: Hotmail XSS (2) </ul> 12-Apr-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Service Providers No
<p>ICQ.com search script (search_result.php) is vulnerable to cross-site scripting attacks.
This problem is due to a failure<br />in the application to properly sanitize user input, the
input can be passed to the vulnerable script in 2 variables<br />(gender and
home_country_code).

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.morx.org/ICQ-XSS.txt">ICQ Cross Site Scripting</a> [Simo Ben

Youssef, Jan 10 2006]</li>

2006-23 WHID 2006-23: ICQ search vulnerable to XSS </ul> 12-Apr-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Information Services No
<p>A CIO of a bank in Singapore reports that many application layer vulnerabilities,
including SQL injection, where discovered in a banking application they purchased before
it was put into production.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.cio-asia.com/ShowPage.aspx?pagetype=2&amp;
articleid=3381&amp;pubid=5&amp;issueid=81">Pulled in All Directions</a> [CIO Asia, Jan
1 2006]</li>

2006-22 WHID 2006-22: SQL injection in a banking application </ul> 12-Apr-06 SQL Injection Improper Input Handling Disclosure Only Finance No
<p>Sourceforge download pages are vulnerable to XSS

</p><p>Additional information:</p>

<ul>

<li><a href="http://seclists.org/lists/bugtraq/2006/Feb/0537.html">Sourceforge XSS</a>

[Bugtraq, Feb 24 2006]</li>

2006-21 WHID 2006-21: Sourceforge.net XSS (1) </ul> 12-Apr-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Technology No
<p>Sourceforge forums search is vulnerable to XSS

</p><p>Additional information:</p>

<ul>

<li><a href="http://seclists.org/lists/vuln-dev/2006/Apr/0018.html">Sourceforge.net
XSS</a> [Vulnerability Development, Apr 9 2006]</li>

2006-20 WHID 2006-20: Sourceforge.net XSS (2) </ul> 10-Apr-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Technology No
<p>Documents uploaded to GSA site where accessed using a predictable sequential
identifier without requiring special permissions. The documents where available both for
viewing and modifying. The site was in service for more than 18 months until the
vulnerability was discovered.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.fcw.com/article91960-01-13-06-Web">GSA takes down eOffer

after finding security flaw</a> [Federal Computing, Jan 13 2006]</li>

<li><a href="http://www.thinkcomputer.com/corporate/news/pressreleases.html?id=25"
>Think Reveals Flaws in U.S. Government Security</a> [Think Computers, Jan 13 2006]
</li>

2006-2 WHID 2006-2: GSA takes down eOffer after finding security flaw </ul> 26-Feb-06 Predictable Resource Location
Insufficient Authorization Disclosure Only Government No
<p>Yet another Google XSS. This time it seems to hit Arabic variant of the main search
site. It seems that the actual language selector parameter enables the attack.

</p><p>Additional information:</p>

<ul>

<li><a href="http://seclists.org/lists/bugtraq/2006/Apr/0213.html">Google XSS (1)</a>

[Bugtraq, Apr 10 2006]</li>

<li><a href="http://seclists.org/lists/bugtraq/2006/Apr/0222.html">Google XSS (2)</a>

[Bugrtaq, Apr 10 2006]</li>

2006-19 WHID 2006-19: Google XSS </ul> 10-Apr-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Search Engine No
<p>Forget putting &lt;script&gt; tags in input field. This high tech vulnerability exploits the
code handling online/offline flags by inserting a malicious online/offline flag. Awesome.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.silent-products.com/advisory4.5.06.txt">Myspace.com - Intricate

Script Injection Vulnerability</a> [Justin Lavoie, Apr 5 2006]</li>

2006-18 WHID 2006-18: Myspace.com - Intricate Script Injection Vulnerability </ul> 10-Apr-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Web 2.0 No
<p>Israblog is a large Israeli blogging site. A hacker used XSS to hijack bloggers sessions
and deface them. The defacing was used to inform the world that Israblog lead developer
is a bad programmer.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.nrg.co.il/online/10/ART1/070/252.html">Large Scale Breakin to

Israblog</a> [NRG (Hebrew), Apr 5 2006]</li>

2006-17 WHID 2006-17: Mass defacement using XSS at Israblog </ul> 10-Apr-06 Cross-site Scripting (XSS)
Improper Output HandlingDefacement Blogs No
<p>A security hole in Sydney internet provider Astratel's LiveBilling online account
management system has seriously compromised its customers' privacy.

</p><p> The service redirected users to a different server and propagated the user
information in a hidden field without re-authenticating.

</p><p>Additional information:</p>

<ul>

<li><a href="http://australianit.news.com.au/articles/0,7204,18665780%5E15331%5E%
5Enbv%5E15306%2D15318,00.html">Privacy breach at ISP</a> [Australian IT, Mar 31
2006]</li>

<li><a href="http://forums.whirlpool.net.au/forum-replies.cfm?t=498645">AstraTel
customer call records leaked</a> [Public Forum, Mar 31 2006]</li>

2006-16 WHID 2006-16: AstraTel customer call records leaked </ul> 10-Apr-06 Unintentional Information
Insufficient
Disclosure AuthenticationLeakage of Information Service Providers No
<p>eBay contains a cross-site scripting vulnerability. When an eBay user posts an
auction, eBay allows SCRIPT tags to be included in the auction description which creates
a cross-site scripting vulnerability in the eBay website

</p><p>Additional information:</p>

<ul>

<li><a href="http://addict3d.org/index.php?page=viewarticle&amp;type=security&amp;
ID=5986&amp;title=eBay%20contains%20a%20cross-site%20scripting%20vulnerability">
eBay contains a cross-site scripting vulnerability</a> [Addict3D, Apr 4 2006]</li>

<li><a href="http://news.com.com/Phishers+set+hidden+traps+on+eBay/2100-7349_3-
6056687.html">Phishers set hidden traps on eBay</a> [CNet, Mar 31 2006]</li>

2006-15 WHID 2006-15: eBay contains a cross-site scripting vulnerability </ul> 4-Apr-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Retail No
<p>A UK Security Consulting firm reports that 54 UK sites that it has surveyed have flaws
in the "forgotten password" feature.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.theregister.co.uk/2006/03/20/forgotten_password_security_risk/"
>Forgotten password clues create hacker risk</a> [The Register, Mar 20 2006]</li>

2006-14 WHID 2006-14: Forgotten password clues create hacker risk </ul> 4-Apr-06 Brute Force Insufficient Password Recovery
Disclosure Only Multiple No
<p>In this very interesting attack a hacker broke into the informational web sites of several
smaller banks in Florida. He than changed the link on the informational pages that points
to the outsourced transactional web site to point to his own phishing site.<br />While the
vulnerability that enabled the hacker to penetrate the informational sites is not known, this
is a very interesting example of a targeted web attack. It highlights the importance of
protecting every web site and not just the core business logic.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.techweb.com/wire/security/184401079">Hackers Tap Banks' Web

Sites In Unique Phishing Attack</a> [TechWeb, Mar 29 2006]</li>

<li><a href="http://www.tallahassee.com/apps/pbcs.dll/article?
AID=/20060317/BUSINESS/603170343/1003">Banks pull plug on Web sites</a>
[Tallahassee Democrat, Mar 17 2006]</li>

<li><a href="http://www.tallahassee.com/apps/pbcs.dll/article?
AID=/20060318/BUSINESS/603180310/1003">Hackers create a new scam</a>
[Tallahassee Democrat, Mar 18 2006]</li>

<li><a href="http://riskman.typepad.com/perilocity/2006/03/a_new_phishing_.html">A New

Phishing Variation</a> [John S. Quarterman, Mar 24 2006]</li>

2006-13 WHID 2006-13: Hackers Tap Banks&#039; Web Sites In Unique Phishing Attack </ul> 4-Apr-06 Unknown Unknown Phishing Finance No
<p>A musical instrument and sound gear Web site that advertises its relationship with
artists such as Dave Matthews, Carlos Santana and Mary J. Blige was breached and
notified some customers that their credit card information may have been stolen.

</p><p>Additional information:</p>

<ul>

<li><a href="http://news.yahoo.com/s/ap/20060317/ap_on_hi_te/web_site_breach">Music
Web Site: Breach Exposed Accounts</a> [AP, Mar 16 2006]</li>

2006-12 WHID 2006-12: Music Web Site: Breach Exposed Accounts </ul> 22-Mar-06 Unknown Unknown Leakage of Information Entertainment No
<p>A 14 years old claims to have discovered an XSS flaw in Google's Gmail. Comments
have been mixed, and Google did not comment, so either the flaw was fixed pretty fast, or
did not exits.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.networkworld.com/news/2006/030206-teen-flaw-gmail.html"
>Teenager claims to find code flaw in Gmail</a> [Network World, Feb 3 2006]</li>

<li><a href="http://ph3rny.blogspot.com/2006/03/vulnerability-in-gmail.html"> Vulnerability

in Gmail</a> [Ph3rny's Blog, ]</li>

<li><a href="http://news.zdnet.com/2100-1009_22-6045416.html">Google fixes 'minor'

Gmail flaw</a> [ZDnet, Feb 2 2006]</li>

2006-11 WHID 2006-11: Teenager claims to find code flaw in Gmail </ul> 5-Mar-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Search Engine No
<p>A mass defacement of a Philippine hosting service was carried our using SQL
injection. It accidentally also defaced the site of the National Union of Journalists of the
Philippines, which led some to believe that it was a targeted political attack.

</p><p>Additional information:</p>

<ul>

<li><a href="http://news.inq7.net/infotech/index.php?index=1&amp;story_id=68097"
>NUJP website defacement seen not related to political crisis</a> [inq7, Mar 2 2006]</li>

2006-10 WHID 2006-10: NUJP website defacement seen not related to political crisis </ul> 5-Mar-06 SQL Injection Improper Input Handling Defacement Hosting Providers No
<p>Additional information:</p>

<ul>

<li><a href="http://o0o.nu/~meder/o0o_Blogger_HTTP_response_splitting.txt">Blogger.
com classic HTTP response splitting vulnerability</a> [, Jan 2 2006]</li>

2006-1 WHID 2006-1: Google&#039;s Blogger HRS vulnerability </ul> 26-Feb-06 HTTP Response Splitting
Improper Input Handling Disclosure Only Blogs No
<p>An undisclosed application security issue on Cisco web site required resetting
passwords for all registered users.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.computerworld.com/developmenttopics/websitemgmt/story/0,
10801,103661,00.html?source=NLT_PM&amp;nid=103661">Cisco.com passwords reset
after Web site exposure</a> [Computer World, Mar 8 2005]</li>
<li><a href="http://www.betanews.
com/article/Cisco_Web_Site_Breached_by_Hackers/1123086248">Cisco Web Site
Breached by Hackers</a> [Beta News, Mar 8 2005]</li>
<li><a href="http://news.com.com/Customers+warned+that+Cisco.
com+was+breached/2100-7349_3-5816809.html?part=rss&amp;tag=5816809&amp;
subj=news">Cisco warns customers of site breach</a> [Cnet, Mar 8 2005]</li>
<li><a href="http://taosecurity.blogspot.com/2005/08/cisco-connection-online-
compromised.html">Cisco Connection Online Compromised? </a> [TaoSecurity Blog, Mar
8 2005]</li>
<li><a href="http://www.eweek.com/article2/0,1895,1843451,00.asp">Cisco Web Portal
Password Security Compromised</a> [eWeek, Mar 8 2005]</li>
2005-9 WHID 2005-9: Undisclosed application security issue on Cisco's site forces global passwords reset
</ul> 8-Apr-05 Abuse of Functionality Insecure Indexing Disclosure Only Technology No
<p>Additional information:</p>
<ul>
<li><a href="http://www.betanews.
com/article/eBay_Redirect_Becomes_Phishing_Tool/1109886753">eBay Redirect
Becomes Phishing Tool</a> [Beta News, Mar 3 2005]</li>
2005-8 WHID 2005-8: eBay Redirect Becomes Phishing Tool </ul> 3/3/2005 Redirection Improper Input Handling Phishing Retail No
<p>Parameter tampering to jump into someone else's account data
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.thecrimson.com/article.aspx?ref=506140">Hacker Tips Off B-
School Applicants</a> [The Crimson, Mar 3 2005]</li>
<li><a href="http://poweryogi.blogspot.com/2005/03/hbsapplyyourself-admit-status-snafu.
html">HBS/ApplyYourself Admit Status snafu</a> [Personal Blog, Mar 2 2005]</li>
2005-7 WHID 2005-7: Hacker Tips Off B-School Applicants </ul> 3/3/2005 Credential/Session Prediction
Insufficient Authorization Leakage of Information Education No
<p>The LexisNexis data breach is not new, but we have recently decided to <a hre="http:
//www.webappsec.org/projects/whid/byid_id_2007-65.shtml">start tracking</a> abuse of
insufficient automation measures and are adding historical incidents.</p>
<p>In this incident a group of people opened accounts at data broker LexisNexis and used
automated tools to extract a large amount of personal information provided by the service.
</p>
<p>As usual in such cases there is a question of whether the attack was a criminal
activity, violation of the license agreement of the information provider or plainly legal. In
this regard it is interesting to note that the group arrested in the incident was also
responsible for the hacking to <a href=" http://www.webappsec.
org/projects/whid/byid_id_2005-5.shtml">Paris Hilton Vodafone account</a>, which was
clearly an unlawful act.
</p><p>Back in 2005 this data breach was one of the first such incidents, generated a lot
of media interest, and led to more regulation regarding information aggregators.
Interestingly, the excuse given by the company was that the incident was that there was
no security failure in the web site, but that the procedures where lacking. We accepted this
story at the time, but today we believe that such automation and scraping attacks are
among the most dangerous attacks.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.washingtonpost.com/wp-
dyn/content/article/2006/06/30/AR2006063001222.html">Arrests Made in '05 LexisNexis
Data Breach</a> [Washington Post, Jun 30 2006]</li>
<li><a href="http://www.washingtonpost.com/wp-dyn/articles/A45756-2005Apr12.html"
>LexisNexis Data Breach Bigger Than Estimated</a> [Washington Post, Apr 13 2008]</li>
<li><a href="http://www.nytimes.com/2005/04/13/technology/13theft.html">Security
Breach at LexisNexis Now Appears Larger</a> [New York Times, Apr 13 2008]</li>
2005-65 WHID 2005-65: LexisNexis Data Breach </ul> 17-Feb-08 Process Automation Insufficient Anti-automation
Leakage of Information Information Services USA No
<p>A woman exploited a bug in QVC shopping network web site to get, without paying,
more than 1800 items worth $412,000 items from the March to November 2005. The glitch
enabled her to cancel orders she placed at a specific time and still get the product.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.tgdaily.com/content/view/34608/113/">Woman scammed QVC for

$400,000+ in Internet glitch</a> [TG Daily, Oct 30 2007]</li>

<li><a href="http://www.philly.
com/dailynews/local/20071026_N_C__woman_admits_400G_scam_of_QVC.html">N.C.
woman admits 400G scam of QVC</a> [Phily.com, Oct 26 2007]</li>

2005-64 WHID 2005-64: Woman scammed QVC for $400,000+ in Internet glitch </ul> 20-Nov-07 Abuse of Functionality Insufficient Process Validation
Monetary Loss Retail USA No
<p>While lacking in technical details, this story is certainly juicy. It demonstrates well the
business use of web site hacking. The downside is that the hacker got only a minimal
punishment, which unless the incident itself is overrated in the media, is a very bad sign
on how courts view computer crime.

</p><p>Additional information:</p>

<ul>

<li><a href="http://news.cnet.co.uk/software/0,39029694,49292191,00.htm">Web
designer sentenced for hacking competitor's site</a> [CNet, Aug 14 2007]</li>

2005-63 WHID 2005-63: Web designer sentenced for hacking competitor&#039;s site </ul> http://www.onekit.com/store/review/web_designer_sentenced_for_hacking.html 14-Aug-07 Unknown Unknown Leakage of Information Marketing No
<p>3,800 customer credit-card numbers were stolen in the attack on Guidance Software
web site. This incident is made more severe since Guidance software is a provider of
software for investigating security breaches and many of its clients are security and law
enforcement agencies, some of them known to be affected.

</p><p><br />As usual in such cases the actual way in which the information was stolen
was not disclosed. A federal trade commission report on the incident, published only in
2007, revealed that the incident was a result on an SQL injection attack on Guidance
servers. In a settlement with the FTC, Guidance agreed to implement a comprehensive
information security program, including independent, third-party audits every other year for
the next ten years.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.ftc.gov/os/caselist/0623057/0623057%20-Guidance%20complaint.
pdf">United States Of America Federal Trade Commission In The Matter Of Guidance
Software, Inc.</a> [Federal Trade Commission, Apr 1 2007]</li>

<li><a href="http://www.internetnews.com/security/article.php/3572386">Guidance
Software Investigating Stolen Data</a> [Internet News, Dec 20 2005]</li>

<li><a href="http://www.internetnews.com/security/article.php/3669561">FTC Approves

Final Guidance Settlement</a> [Internet News, Apr 3 2007]</li>

2005-62 WHID 2005-62: Guidance Software </ul> 18-Apr-07 SQL Injection Improper Input Handling Leakage of Information Technology No
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
<p>A bug in Gmail's authentication and session management allows direct login to
anybodies account without requiring any involvement of the victim.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.elhacker.net/gmailbug/english_version.htm">Gmail bug</a>

[elhacker.net, Oct 18 2005]</li>

<li><a href="http://www.eweek.com/article2/0,1759,1889050,00.asp">Google Downplays

Gmail Security Fix</a> [eWeek, Oct 18 2005]</li>

2005-61 WHID 2005-61: Gmail session management bug </ul> 12-Apr-06 Credential/Session Prediction
Insufficient Authorization Disclosure Only Service Providers No
<p>Web site used to file online for housing at KU was shutdown for lack of proper security
measures to prevent visitors from viewing personal information about others

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.kansascity.com/mld/kansascity/news/local/13495104.htm">KU
shuts down housing application Web site</a> [Associated Press, Dec 27 2005]</li>

2005-60 WHID 2005-60: KU shuts down housing application Web site </ul> 26-Feb-06 Unknown Unknown Leakage of Information Government No
<p>Parameter tampering enabled jumping into someone else's account data on PayMaxx
Inc. site
</p><p>Additional information:</p>
<ul>
<li><a href="http://news.com.com/Payroll+site+closes+on+security+worries/2100-1029_3-
5587859.html?tag=cd.hed">Payroll site closes on security worries</a> [CNet, Feb 23
2005]</li>
<li><a href="http://www.thinkcomputer.com/corporate/news/pressreleases.html?id=18"
>Think Finds Flaw Revealing Up To 100,000 Social Security Numbers</a> [Vulnerabiliy
Publisher's Site, Feb 23 2005]</li>
2005-6 WHID 2005-6: Tampering with parameters allows access to others account data on PayMaxx Inc.</ul>
site 2/23/2005 Credential/Session Prediction
Insufficient Authorization Leakage of Information Finance No
<p>Janus mutual fund uses predictable identifier to authenticate its share holders enabling
them to vote for others.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.schneier.com/blog/archives/2005/11/vote_someone_el.html">Vote
Someone Else's Shares</a> [Bruce Schneier, Nov 24 2005]</li>

2005-59 WHID 2005-59: Vote Someone Else&#039;s Shares </ul> 28-Feb-06 Credential/Session Prediction
Insufficient Authorization Disclosure Only Finance No
<p>An attacker can send an e-mail with a malicious script to a victim which is perform its
actions immediately when the e-mail is read.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.morx.org/yahoo-XSS.txt">Yahoo mail Cross Site Scripting</a>

[Morx, Dec 22 2005]</li>

2005-58 WHID 2005-58: Yahoo mail Cross Site Scripting </ul> 28-Feb-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Service Providers No
<p>User data stolen from an online game web site. The hacker tried to extort RPG by
threatening to publish the users' data. The news item states that the hack was a result of a
flaw in custom web site software.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.scmagazine.com/uk/news/article/533573/rpg-site-bit-hackers/"
>RPG site bit by hackers</a> [SC Mazagine, Dec 21 2005]</li>

2005-57 WHID 2005-57: RPG site bit by hackers </ul> 26-Feb-06 Unknown Unknown Extortion Entertainment No
<p>A redirection to an error page on Google.com includes values sent by the the user.
This vulnerability allows phishers to send an e-mail with links to Google that will include
their attack page.

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.webappsec.org/lists/websecurity/archive/2005-12/msg00059.html"
>XSS vulnerabilities in Google.com</a> [Watchfire, Dec 21 2005]</li>

<li><a href="http://www.betanews.
com/article/Google_CrossSite_Scripting_Flaw_Fixed/1135201187">Google Cross-Site
Scripting Flaw Fixed</a> [Beta News, Dec 21 2005]</li>

<li><a href="http://news.com.com/Google+plugs+obscure+phishing+holes/2100-1002_3-
6004471.html">Google plugs 'obscure' phishing holes</a> [CNet, Dec 21 2005]</li>

<li><a href="http://shiflett.org/archive/178">Google XSS Example</a> [Chris Shiflett, Dec

21 2005]</li>

<li><a href="http://shiflett.org/archive/177">Google's XSS Vulnerability</a> [Chris Shiflett,

Dec 21 2005]</li>

2005-56 WHID 2005-56: XSS vulnerabilities in Google.com </ul> 28-Feb-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Search Engine No
<p>A malicious site can offer users a malformed RSS XML file to be included Yahoo RSS
aggregation that would enable stealing Yahoo cookies

</p><p>Additional information:</p>

<ul>

<li><a href="http://www.alljer.com/yahoorssxss.htm">Yahoo RSS XSS Vulnerability</a>

[alljer.com, Dec 18 2005]</li>

2005-55 WHID 2005-55: Yahoo RSS XSS Vulnerability </ul> 28-Feb-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Search Engine No
<p>Netcraft discovered an XSS vulnerability in NIST web site, which ironically hosts the U.
S. National Vulnerability Database.

</p><p>Additional information:</p>

<ul>

<li><a href="http://news.netcraft.
com/archives/2005/12/14/us_government_security_site_vulnerable_to_common_attack.
html">US Government Security Site Vulnerable to Common Attack</a> [NetCraft, Dec 14
2005]</li>

2005-54 WHID 2005-54: XSS vulnerability in NIST web site </ul> 26-Feb-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Government No
<p>A UK Church charity web site was hacked and at least 3000 credit card numbers
where stolen. Credit card information is known to have been used by the hackers. While
no specific details are given, the article indicates that the way site was hacked.
</p><p>Additional information:</p>
<ul>
<li><a href="http://software.silicon.com/malware/0,3800003100,39154991,00.htm">Police
investigate charity credit card data hack</a> [Silicon.com, Dec 12 2005]</li>
2005-53 WHID 2005-53: Charity Web Site Hacked </ul> 26-Feb-06 Unknown Unknown Credit Card Leakage Religious No
<p>An XSS when receiving notification of an incoming IM message. Additionally it is
possible to send an IM message to somebody who has blocked such messages by
pretending to be answering a message from him.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.silent-products.com/advisory12.5.05.txt">Critical Myspace
Vulnerabilities Leave Every Active Account Exploitable</a> [Silent Productions, Dec 5
2005]</li>
2005-51 WHID 2005-51: Critical MySpace Vulnerabilities Leave Every Active Account Exploitable </ul> 28-Feb-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Web 2.0 No
<p>Inserting code in an HTML attachments enables changing the user interface of Yahoo
mail, which may enable fraud.
</p><p>Additional information:</p>
<ul>
<li><a href="http://archives.neohapsis.com/archives/bugtraq/2005-11/0289.html">XSS on
Yahoo Mail</a> [Bugtraq, Nov 23 2005]</li>
<li><a href="http://richard.computeiro.com/yahoo_bug.jpg">XSS on Yahoo Mail</a>
[Bugtraq, Nov 23 2005]</li>
2005-50 WHID 2005-50: XSS on Yahoo Mail </ul> 28-Feb-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Hosting Providers No
<p>Details remain sketchy, but news reports include social engineering, a guessable
secret question for password recovery, and a known vulnerability is BEA WebLogic
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.washingtonpost.com/wp-
dyn/content/article/2005/05/19/AR2005051900711.html">Paris Hilton Hack Started With
Old-Fashioned Con</a> [Washington Post, May 19 2005]</li>
<li><a href="http://www.pcworld.com/news/article/0,aid,119851,00.asp">Paris Hilton:
Victim of T-Mobile's Web Flaws?</a> [PCWorld, Mar 1 2005]</li>
<li><a href="http://www.wired.com/news/privacy/0,1848,66735,00.html">Known Hole
Aided T-Mobile Breach</a> [Wired.com, Feb 28 2005]</li>
<li><a href="http://www.macdevcenter.com/pub/a/mac/2005/01/01/paris.html">How Paris
Got Hacked?</a> [O'Reilly Network, Feb 22 2005]</li>
2005-5 WHID 2005-5: Paris Hilton&#039;s T-Mobile online account hacked </ul> 11-Jul-05 Abuse of Functionality Insufficient Password Recovery
Leakage of Information Technology No
<p>XSS in Google Base search function
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.pcworld.idg.com.au/index.php/id;751088708;fp;2;fpid;1">Google
Base launched with security hole</a> [PC World, Nov 21 2005]</li>
<li><a href="http://jibbering.com/blog/?p=189">More Google security failures</a>
[Jibbering.com, Nov 16 2005]</li>
2005-49 WHID 2005-49: Google Base launched with security hole </ul> 28-Feb-06 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Search Engine No
<p>Additional information:</p>
<ul>
<li><a href="http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0156.html"
>Zero Day Pizza Party - Yo Noid Advisory #00001</a> ["Full Disclosure" Mailing List, Nov
7 2005]</li>
<li><a href="http://news.com.
com/Pizza+chain+caught+without+fully+baked+security/2100-7349_3-5938572.html"
>Pizza chain caught without fully baked security</a> [Cnet, Nov 7 2005]</li>
2005-48 WHID 2005-48: Insufficient authorization on Papa John's Pizza chain web site </ul> 10-Nov-05 Predictable Resource Location
Insufficient Authorization Leakage of Information Retail No
<p>Business wire allowed access to non published press releases.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.webpronews.com/topnews/topnews/wpn-60-
20051102SECVsTheEstonianSpiders.html">SEC Vs. The Estonian Spiders</a> [Web Pro
News, Nov 2 2005]</li>
2005-47 WHID 2005-47: SEC Vs. The Estonian Spiders </ul> 8-Nov-05 Process Automation Insufficient Anti-automation
Leakage of Information Finance No
<p>A high school student used SQL injection to break into the site of a Taiwanese
information security magazine from the Tech Target group and steal customer's
information.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.taipeitimes.com/News/front/archives/2006/01/22/2003290158"
>Teenage hacker facing court case for data theft</a> [Taipe Times, Jan 22 2006]</li>
2005-46 WHID 2005-46: Teen uses SQL injection to break to a security magazine web site </ul> http://www.taipeitimes.com/News/front/archives/2006/01/22/2003290158 26-Feb-06 SQL Injection Improper Input Handling Leakage of Information Media No
<p>Configuration mistake left an unprotected unused virtual host. No details on the
configuration problems given.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.xoops.org/modules/news/article.php?storyid=2639">Xoops web
site hacked</a> [Vendor Web Site, Oct 28 2005]</li>
2005-44 WHID 2005-44: Xoops web site hacked </ul> 8-Nov-05 Administration Error Application Misconfiguration
Leakage of Information Technology No
<p>XSS in Yahoo mail, Allows phishing
</p><p>Additional information:</p>
<ul>
<li><a href="http://news.com.com/Yahoo+fixes+Web+mail+security+flaw/2100-1002_3-
5907383.html">Yahoo fixes Web mail security flaw</a> [News.com, Oct 21 2005]</li>
2005-43 WHID 2005-43: XSS in Yahoo&#039;s Web mail enables phishing </ul> 10-Nov-05 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Hosting Providers No
<p>The software has a default password for teachers, enabling anyone to access the
system with teachers privileges.
</p><p>Additional information:</p>
<ul>
<li><a href="http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2005/10/21/SNAFU.TMP">
Software glitch reveals private data for thousands of state's students<br />
S.F. administrators close program to update passwords</a> [Sfgate, Oct 21 2005]</li>
2005-42 WHID 2005-42: Default password in a common application used by schools </ul> 10-Nov-05 Administration Error Insufficient AuthenticationLeakage of Information Education No
<p>Additional information:</p>
<ul>
<li><a href="http://news.com.com/Google+fixes+Web+site+security+bug/2100-1002_3-
5892525.html?part=rss&amp;tag=5892525&amp;subj=news">Google fixes Web site
security bug</a> [News.com, Oct 10 2005]</li>
2005-41 WHID 2005-41: XSS on Google&#039;s AdWords enables phishing </ul> 10-Nov-05 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Search Engines No
<p>Script upload due to a scoop known vulnerability
</p><p>Additional information:</p>
<ul>
<li><a href="http://lists.suse.com/archive/suse-security-announce/2005-Oct/0001.html"
>Defacement of several Novell websites</a> [Mailing list post, Oct 4 2005]</li>
2005-40 WHID 2005-40: Defacement of several Novell websites </ul> 8-Nov-05 Administration Error Application Misconfiguration
Defacement Technology No
<p>An Israeli public debates site called Hyde Park has an XSS vulnerability that exposes
session cookies.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.nrg.co.il/online/10/ART1/049/017.html">Identity theft in Hyde
Park</a> [nrg.co.il, Feb 16 2005]</li>
2005-4 WHID 2005-4: An Israeli debate site vulnerable to XSS </ul> 2/16/2005 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Politics No
<p>Exploited unpatched Twiki
</p><p>Additional information:</p>
<ul>
<li><a href="http://arstechnica.com/news.ars/post/20051004-5383.html">Promotional
Firefox community site hacked (again)</a> [ARStechnica, Oct 4 2005]</li>
<li><a href="http://www.net-security.org/article.php?id=836">SpreadFirefox.com
Community Website Hacked Once Again</a> [ARStechnica, Oct 4 2005]</li>
2005-39 WHID 2005-39: Promotional Firefox community site hacked (again) </ul> 8-Nov-05 OS Commanding Improper Input Handling Leakage of Information Technology No
<p>Teen convicted of threatening an ISP with DOS attack, among other computer hacking
activities
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&amp;
STORY=/www/story/09-08-2005/0004103380&amp;EDATE=">Massachusetts Teen
Convicted for Hacking into Internet and Telephone Service Providers </a> [Press Release,
Sep 8 2005]</li>
2005-38 WHID 2005-38: Massachusetts Teen Convicted for Hacking into Internet and Telephone Service </ul>
Providers 12-Sep-05 Denial of Service Insufficient Anti-automation
Extortion Service Providers No
<p>A 12 years old guess login information of a woman and abused her account, stealing
game items from her.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.buslab.org/index.php/content/view/22317/2/">Boy, 12, referred to
child guidance center for hacking into online game site</a> [Manchini Daily News, Sep 7
2005]</li>
2005-37 WHID 2005-37: A 12 years old hacked an online game and stole game items </ul> 12-Sep-05 Brute Force Insufficient Anti-automation
Information Warfare Entertainment No
<p>A player of an online game discovered that considerable delay hinted on the cards the
dealer holds.
</p><p>Additional information:</p>
<ul>
<li><a href="http://haacked.com/archive/2005/08/29/9748.aspx">Online Games Are
Written By Humans</a> [Personal , Aug 29 2005]</li>
2005-36 WHID 2005-36: Predictable delay in an online poker game enabled users to beat the casino </ul> 4-Sep-05 Unintentional Information
Abuse
Disclosure
of Functionality Monetary Loss Entertainment No
<p>Sites where defaced by utilizing an issue in an XMLRPC library used by PHP
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.zone-h.org/en/news/read/id=205962/">Brazilian defacers hack
hundreds of Stanford University web sites</a> [Zone-H, Aug 21 2005]</li>
2005-35 WHID 2005-35: Stanford University web sites defaced using XMLRPC bug </ul> 23-Aug-05 OS Commanding Improper Input Handling Defacement Education No
<p>Additional information:</p>
<ul>
<li><a href="http://www.channelregister.co.uk/2005/08/18/dabs_password_misdirected/"
>Man logs into dabs.com customer account shocker</a> [channel register, Aug 18 2005]
</li>
2005-34 WHID 2005-34: Man logs into dabs.com misc customer account </ul> 22-Aug-05 Abuse of Functionality Insufficient Password Recovery
Leakage of Information Retail No
<p>A web site flaw could have allowed a user to view another subscriber's balance of
remaining airtime minutes and the number of minutes that customer had used in the
current billing cycle
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.washingtonpost.com/wp-
dyn/content/article/2005/08/11/AR2005081102122.html">Glitch on Verizon Wireless Web
Site Left Data at Risk</a> [Washington Post, Aug 12 2005]</li>
2005-33 WHID 2005-33: Insufficient authorization on Verizon's MyAccount feature </ul> 22-Aug-05 Credential/Session Prediction
Insufficient Authorization Disclosure Only Service Providers No
<p>Weak password recovery procedure at Citrix
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.securityfocus.com/archive/107/407243/30/0/threaded">Example
of the worst passwd recovery interface</a> [WebAppSec mailing list, Aug 3 2005]</li>
2005-32 WHID 2005-32: Weak password recovery on Citrix's site </ul> 8-Aug-05 Unintentional Information
Insufficient
Disclosure Password Recovery
Disclosure Only Service Providers No
<p>Additional information:</p>
<ul>
<li><a href="http://www.theinquirer.net/?article=25031">Hacker forced new planet
discovery out of the closet </a> [The Inquierer, Aug 1 2005]</li>
2005-31 WHID 2005-31: Hacker forced new planet discovery out of the closet </ul> 4-Aug-05 Unknown Unknown Extortion Education No
<p>Official answer from Blogger was that this was not the result of a hack attempt but of a
subtle bug that occurred because our Developer's Network blog is a special case [it's got
two names, 'code.blogger.com' and 'code.blogspot.com'].
</p><p>Additional information:</p>
<ul>
<li><a href="http://google-blog.dirson.com/post.new/0272/">Blogger Developers Network
Blog Cracked</a> [, Jul 31 2005]</li>
2005-30 WHID 2005-30: Blogger Developers Network Blog Cracked </ul> 4-Aug-05 Administration Error Application Misconfiguration
Defacement Blogs No
<p>Multiple misconfiguration problems such as browsable directories, physical path
revealing and default or weak passwords
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.thinkcomputer.com/corporate/news/pressreleases.html?id=17"
>Think Discovers Critical Flaws in U.S. Transportation Security</a> [Vulnerabiliy
Publisher's Site, Feb 1 2005]</li>
2005-3 WHID 2005-3: Misconfiguration issues in paid wireless access and billing applications </ul> 2/1/2005 Unintentional Information
Directory
Disclosure
Indexing Leakage of Information Service Providers No
<p>While not strictly web security, this discussion of hotel rooms TV application security is
a very good example of the dangers of our networked society
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.wired.com/news/privacy/0,1848,68370,00.html">A Hacker Games
the Hotel </a> [Wired, Jul 30 2005]</li>
2005-29 WHID 2005-29: Security issues in interactive hotel TVs </ul> 31-Jul-05 Credential/Session Prediction
Insufficient AuthenticationDisclosure Only Hospitality No
2005-28 WHID 2005-28: Phishers Steal Trust from eBay Sign In Pages Phishers Steal Trust from eBay Sign In Pages http://news.netcraft.com/archives/2005/07/29/phishers_steal_trust_from_ebay_sign_in_pages.html 6-Sep-00 Redirection Improper Input Handling Phishing Retail Campbell, CA No
<p>A bug in an eBay site allowed Phishers to redirect users to their own servers after
feeling details at the genuine eBay site
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.macworld.com/news/2005/08/02/phishers/index.php?lsrc=mwrss"
>Phishers hack eBay</a> [MacWorld, Aug 2 2005]</li>
2005-27 WHID 2005-27: Phishers hack eBay </ul> 8-Aug-05 Redirection Improper Input Handling Phishing Retail No
<p>Additional information:</p>
<ul>
<li><a href="http://www.computerweekly.
com/Home/Articles/2005/07/28/211124/NISCCrevealsSAPR3securityflaw.htm">NISCC
reveals SAP R/3 security flaw</a> [Computer Weekly, Jul 28 2005]</li>
2005-26 WHID 2005-26: NISCC reveals SAP R/3 security flaw </ul> http://www.computerweekly.com/Articles/2005/07/28/211124/NISCC-reveals-SAP-R3-security-flaw.htm 31-Jul-05 Path Traversal Improper Input Handling Disclosure Only Technology No
<p>A man hacked into a competing web site
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.wsoctv.com/news/4773654/detail.html">No Charges Filed Yet
Against South Charlotte Computer Hacker</a> [WSOC-TV, Jul 26 2005]</li>
2005-25 WHID 2005-25: No Charges Filed Yet Against South Charlotte Computer Hacker </ul> 31-Jul-05 Unknown Unknown Leakage of Information Education No
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
<p>Additional information:</p>
<ul>
<li><a href="http://news.zdnet.com/2100-1009_22-5790030.html">Firefox marketing site
hacked</a> [Zdnet, Jul 15 2005]</li>
<li><a href="http://news.com.com/Firefox+marketing+site+hacked/2100-7349_3-5790030.
html?part=rss&amp;tag=5790030&amp;subj=news">Firefox marketing site hacked</a>
[C-Net, Jul 15 2005]</li>
<li><a href="http://arstechnica.com/news.ars/post/20050715-5101.html">Promotional
firefox community site hacked</a> [ars technica, Jul 15 2005]</li>
<li><a href="http://www.eweek.com/article2/0,1759,1837657,00.asp?
kc=EWRSS03119TX1K0000594">SpreadFirefox Site Hacked, Data Leaked</a> [eWeek,
Jul 15 2005]</li>
<li><a href="http://www.spreadfirefox.com/node/16836">Spread Firefox Downtime</a>
[Spread Firefox, Jul 15 2005]</li>
<li><a href="http://www.networkworld.com/news/2005/071505-mozilla-hack.html?fsrc=rss-
security">Mozilla marketing site hacked</a> [Network World, Jul 15 2005]</li>
2005-24 WHID 2005-24: Firefox marketing site hacked </ul> 15-Jul-05 Unknown Unknown Leakage of Information Technology No
<p>The hacker who penetrated Kakaku.com was arrested after breaking into Club
Tourism International Inc. Hacking was done in order to earn money to pay for tuition.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.contentguarder.com/news/web-content-news-0009.htm">Chinese
hacker held in Web data theft</a> [Asahi Shimbun, Jul 7 2005]</li>
2005-23 WHID 2005-23: Chinese hacker held in Web data theft </ul> http://www.contentguarder.com/news/web-content-news-0009.htm 11-Jul-05 SQL Injection Improper Input Handling Leakage of Information Hospitality No
<p>Microsoft UK site defaced due to server misconfiguration
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.theregister.co.uk/2005/07/06/msuk_hacked/">MS UK defaced in
hacking attack</a> [The Register, Jul 6 2005]</li>
<li><a href="http://www.zone-h.org/index2.php?option=com_mirrorwrp&amp;
Itemid=43&amp;id=2531794">MS UK Zone-H defacements archive</a> [Zone-H, Jul 6
2005]</li>
2005-22 WHID 2005-22: MS UK defaced in hacking attack </ul> 11-Jul-05 Misconfiguration Application Misconfiguration
Defacement Technology No
A person who discovered an SQL injection vulnerability in a USC system and informed
2005-21 WHID 2005-21: Insufficient authentication on USC admissions site allowed access to applicants security
data focus about the flaw was criminally charged with breaking into the system. 4/20/2006 SQL Injection Improper Input Handling Disclosure Only Education No
<p>An audit of a major Environmental Protection Agency contract management system
uncovered significant security lapses that, if exploited by hackers, could have serious
consequences for the agency's operations, assets and personnel. The audit focused on
lack of monitoring for known vulnerabilities on these systems.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.govexec.com/dailyfed/0206/020306p1.htm"> Security gaps found
in EPA contracting system</a> [GovExec, Feb 3 2006]</li>
<li><a href="http://www.epa.gov/oig/reports/2006/20060131-2006-P-00010.pdf"
>Information Security Series: Security Practices - Integrated Contract Management
System</a> [EPA, Jan 31 2006]</li>
2005-20 WHID 2005-20: Security gaps found in EPA contracting system </ul> 26-Feb-06 Known Vulnerability Application Misconfiguration
Disclosure Only Government No
<p>An XSS was found in Froogle
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.theregister.co.uk/2005/01/17/google_security_bugs/">Google
plugs brace of GMail security flaws</a> [The Register, Jan 14 2005]</li>
<li><a href="http://www.eweek.com/article2/0,1759,1751689,00.asp">Google Plugs
Cookie-Theft Data Leak</a> [eWeek, Jan 14 2005]</li>
<li><a href="http://packetstormsecurity.nl/0501-exploits/froogleCookie.txt">Froogle
XSS</a> [Packet Storm, ]</li>
2005-2 WHID 2005-2: Froogle XSS </ul> 11-Jul-05 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Search Engines No
<p>Additional information:</p>
<ul>
<li><a href="http://www.computerworld.com/securitytopics/security/story/0,
10801,102773,00.html">Privacy Fears Prompt CVS To Turn Off Online Service </a>
[Computer World, Jun 27 2005]</li>
2005-19 WHID 2005-19: Privacy Fears due to insufficient authentication on CVS drugstore chain web site</ul> 6/7/2005 Credential/Session Prediction
Insufficient Authorization Disclosure Only Retail No
<p>Additional information:</p>
<ul>
<li><a href="http://seclists.org/lists/isn/2005/Jun/0005.html">Hacker hits Duke system</a>
[The News Observer, Jun 5 2005]</li>
2005-18 WHID 2005-18: Hacker hits Duke system </ul> 6/27/2005 Unknown Unknown Leakage of Information Education No
<p>Additional information:</p>
<ul>
<li><a href="http://www.vnunet.com/vnunet/news/2137707/hotmail-hack-fixed">Microsoft
fixes Hotmail hack</a> [VUnet, Jun 9 2005]</li>
<li><a href="http://www.theregister.co.uk/2005/06/08/hotmail_hack/">Hotmail users
exposed to cookie snaffling exploit</a> [The Registrer, Jun 8 2005]</li>
<li><a href="http://www.pcmag.com/article2/0,1759,1825250,00.asp">MSN Site Flaw
Exposes Hotmail Accounts to Prying Eyes</a> [PC Magazine, Jun 7 2005]</li>
<li><a href="http://news.com.com/MSN+flaw+put+Hotmail+accounts+at+risk/2100-
1002_3-5734448.html?part=rss&amp;tag=5734448&amp;subj=news">MSN flaw put
Hotmail accounts at risk</a> [CNet, Jun 6 2005]</li>
<li><a href="http://www.net-force.nl/files/articles/hotmail_xss/">Hacking hotmail, by Alex
de Vries</a> [Personal Web Page, Jun 4 2005]</li>
2005-17 WHID 2005-17: Leakage of information due to XSS in Hotmail </ul> 6/9/2005 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Hosting Providers No
<p>The web site was modified to include password stealing code
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.usatoday.com/tech/news/2005-06-02-hacked_x.htm">Microsoft
admits MSN site hacked in South Korea</a> [USA Today, Jun 2 2005]</li>
<li><a href="http://abcnews.go.com/Technology/wireStory?id=817338">MSN Site Hacking
Went Undetected for Days</a> [ABC News, Jun 3 2005]</li>
2005-16 WHID 2005-16: MSN site hacked in South Korea </ul> 6/2/2005 Unknown Unknown Session Hijacking Search Engines No
<p>Files containing sensitive information left unprotected on the web server
</p><p>Additional information:</p>
<ul>
<li><a href="http://incidentresponse.uchicago.edu/">University of Chicago</a> [Victim's
Site, May 30 2005]</li>
<li><a href="http://maroon.uchicago.edu/news/articles/2005/05/27/private_records_disc.
php">Private records discovered on server</a> [Chicago Maroon, May 27 2005]</li>
2005-15 WHID 2005-15: Unprotected information on the University of Chicago web site </ul> 5/30/2005 Unintentional Information
Insufficient
Disclosure AuthenticationLeakage of Information Education No
<p>Additional information:</p>
<ul>
<li><a href="http://news.com.com/Microsoft+plugs+phishing+hole+in+Xbox+site/2100-
1029_3-5720241.html?tag=nl">Microsoft plugs phishing hole in Xbox site</a> [news.com,
May 25 2005]</li>
2005-14 WHID 2005-14: XSS on Microsoft Xbox site allowed phishing </ul> 8-Nov-05 Cross-site Scripting (XSS)
Improper Output HandlingPhishing Entertainment No
<p>Additional information:</p>
<ul>
<li><a href="http://seclists.org/lists/isn/2005/May/0041.html">Web sites get costly lesson
in security</a> [Asahi (Japan), May 18 2005]</li>
<li><a href="http://www.cdrinfo.com/forum/tm.asp?m=110616&amp;mpage=1&#110616"
>Hacker attacked weak point on Kakaku.com's Web Site</a> [Asahi (Japan), May 25
2005]</li>
2005-13 WHID 2005-13: Hacker attacked weak point on Kakaku.com's Web Site </ul> 5/25/2005 SQL Injection Improper Input Handling Downtime Retail No
<p>Extranet system accessible to the public
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.boston.
com/business/technology/articles/2005/05/05/insurers_website_error_reveals_data_on_dri
vers/?rss_id=Boston+Globe+">Insurer's website breach reveals data on drivers</a> [The
Boston Globe, May 5 2005]</li>
2005-12 WHID 2005-12: Insufficient authentication on Arbela mutual insurance allowed access to private </ul>
data 5/5/2005 Unintentional Information
Insufficient
Disclosure AuthenticationDisclosure Only Retail No
<p>The Samy worm at my space is now a classic, both a sophisticated attack and a well
documented one, it became a case study in the web application security field. Recently
Robert Hansen (RSnake) wrote a very interesting blog entry about Samy and what
happened to him since.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://ha.ckers.org/blog/20070310/my-lunch-with-samy/">My Lunch With
Samy</a> [ha.ckers, Mar 10 2007]</li>
<li><a href="http://fast.info/myspace/">MySpace XSS worm writer notes</a> [bindshell,
Apr 10 2005]</li>
<li><a href="http://www.bindshell.net/papers/xssv/myspace/code/">MySpace XSS worm
source</a> [bindshell, Apr 10 2005]</li>
<li><a href="http://namb.la/popular/tech.html">MySpace XSS virus development</a>
[bindshell, Apr 10 2005]</li>
<li><a href="http://www.betanews.
com/article/CrossSite_Scripting_Worm_Hits_MySpace/1129232391">Cross-Site Scripting
Worm Hits MySpace</a> [Beta News, Apr 10 2005]</li>
2005-11 WHID 2005-11: Samy XSS Worm Hits MySpace </ul> 8-Nov-05 Cross-site Scripting (XSS)
Improper Output HandlingWorm Web 2.0 No
<p>Additional information:</p>
<ul>
<li><a href="http://blogs.law.harvard.edu/philg/comments?u=philg&amp;p=7726&amp;
link=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fblogs.law.harvard.edu%2Fphilg%2F2005%2F03%2F08%
23a7726#a7777">Indian SATs results leaking</a> [Blog talkback, Mar 10 2005]</li>
2005-10 WHID 2005-10: Indian SATs results leaking </ul> 8-Nov-05 Unintentional Information
Insufficient
Disclosure AuthenticationDisclosure Only Education No
<p>Parameter tampering enabled exposing sensitive information in G-Mail
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.betanews.
com/article/Gmail_Bug_Exposes_Emails_to_Hackers/1105561408">Gmail Bug Exposes
E-mails to Hackers</a> [Beta News, Jan 12 2005]</li>
<li><a href="http://it.slashdot.org/article.pl?sid=05/01/12/1655246&amp;tid=172&amp;
tid=215&amp;tid=217&amp;tid=218">Gmail Messages Are Vulnerable To Interception</a>
[Slash.Dot, Jan 12 2005]</li>
2005-1 WHID 2005-1: Gmail Bug Exposes E-mails messages of other users </ul> 11-Jul-05 Predictable Resource Location
Improper Input Handling Disclosure Only Hosting Providers No
<p>A billing information system required only phone number and zip code to pull up
account details
</p><p>Additional information:</p>
<ul>
<li><a href="http://searchsecurity.techtarget.com/originalContent/0,289142,
sid14_gci969836,00.html">A security tale: From vulnerability discovery to disaster</a>
[Search Security, Jun 14 2004]</li>
2004-9 WHID 2004-9: Billing and personal information leakage due to lack of authentication on a phone </ul>
company web site 6/14/2004 Predictable Resource Location
Insufficient AuthenticationLeakage of Information Service Providers No
<p>Previously moderated weather announcements could be changed by the user
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.securityfocus.com/news/8191">Pranksters bedevil TV weather
announcment system</a> [Security Focus, Mar 4 2004]</li>
2004-8 WHID 2004-8: Broadcast TV announcements changed by hacking the stations web site </ul> 3/4/2004 Abuse of Functionality Insufficient Process Validation
Disinformation Media No
<p>Additional information:</p>

<ul>

<li><a href="http://snafu.fooworld.org/~fubob/pubs/wsj-gomes2.txt">More Scary Tales

Involving Big Holes In Web-Site Security</a> [Wallstreet Journal (Archive Copy), Feb 2
2004]</li>

2004-7 WHID 2004-7: More Scary Tales Involving Big Holes In Web-Site Security - University Sub Service
</ul> http://www.cs.umass.edu/~kevinfu/news/wsj-gomes2.txt 4-Aug-05 Predictable Resource Location
Insufficient Authorization Leakage of Information Education No
<p>Additional information:</p>
<ul>
<li><a href="http://snafu.fooworld.org/~fubob/pubs/wsj-gomes2.txt">More Scary Tales
Involving Big Holes In Web-Site Security</a> [Wallstreet Journal (Archive Copy), Feb 2
2004]</li>
2004-6 WHID 2004-6: More Scary Tales Involving Big Holes In Web-Site Security - Tiffany </ul> http://www.cs.umass.edu/~kevinfu/news/wsj-gomes2.txt 4-Aug-05 SQL Injection Improper Input Handling Leakage of Information Retail No
<p>Additional information:</p>
<ul>
<li><a href="http://snafu.fooworld.org/~fubob/pubs/wsj-gomes2.txt">More Scary Tales
Involving Big Holes In Web-Site Security</a> [Wallstreet Journal (Archive Copy), Feb 2
2004]</li>
2004-5 WHID 2004-5: More Scary Tales Involving Big Holes In Web-Site Security - Gateway </ul> 4-Aug-05 Credential/Session Prediction
Insufficient AuthenticationLeakage of Information Technology No
<p>Additional information:</p>
<ul>
<li><a href="http://snafu.fooworld.org/~fubob/pubs/wsj-gomes2.txt">More Scary Tales
Involving Big Holes In Web-Site Security</a> [Wallstreet Journal (Archive Copy), Feb 2
2004]</li>
2004-4 WHID 2004-4: More Scary Tales Involving Big Holes In Web-Site Security - Kohl's </ul> 4-Aug-05 Predictable Resource Location
Insufficient Authorization Leakage of Information Retail No
<p>Additional information:</p>
<ul>
<li><a href="http://snafu.fooworld.org/~fubob/pubs/wsj-gomes2.txt">More Scary Tales
Involving Big Holes In Web</a> [Wallstreet Journal (Archive Copy), Feb 2 2004]</li>
2004-3 WHID 2004-3: More Scary Tales Involving Big Holes In Web-Site Security - Iomega </ul> 4-Aug-05 Predictable Resource Location
Insufficient Authorization Leakage of Information Retail No
<p>Additional information:</p>

<ul>

<li><a href="http://snafu.fooworld.org/~fubob/pubs/wsj-gomes1.txt">Biggest Web Problem

Isn't About Privacy, It's Sloppy Security</a> [Wallstreet Journal (Archive Copy), Jan 26
2004]</li>

2004-2 WHID 2004-2: Biggest Web Problem Isn&#039;t About Privacy, It&#039;s Sloppy Security - Saks</ul> http://www.cs.umass.edu/~kevinfu/news/wsj-gomes1.txt 4-Aug-05 Predictable Resource Location
Insufficient Authorization Leakage of Information Retail No
<p>Following a software upgrade, Cahoot, a UK based Internet only bank allowed
accessing user accounts by guessing their user names. At least on one page allowed
accessing an account by only specifying the user name in the URL. The bug was open for
12 days before being discovered.
</p><p><br />The site was taken off line for 10 hours to fix the issue. It is a significant
incident, as it is one of those rare occasions where vulnerability was serious enough to
force the organization to just take the site off line until it is fixed.
</p><p><br />We somehow missed this story so it finds its way to WHID only now in late
2007.
</p><p>Additional information:</p>
<ul>
<li><a href="http://software.silicon.com/security/0,39024655,39125639,00.htm">Security
flaw exposed in Cahoot bank accounts</a> [Silicon.com, Oct 5 2004]</li>
<li><a href="http://software.silicon.com/security/0,39024655,39125665,00.htm">Leader:
Not another security scare</a> [Silicon.com, Oct 5 2004]</li>
<li><a href="http://news.bbc.co.uk/2/hi/business/3984845.stm">Cahoot hit by web security
scare</a> [BBC, Oct 5 2004]</li>
2004-18 WHID 2004-18: Security flaw exposed in Cahoot bank accounts </ul> 25-Oct-07 Predictable Resource Location
Insufficient AuthenticationDisclosure Only Finance No
<p><em><strong>Update (May 27th 2009)</strong></em> - The CardSystems incident is
refusing to die. Merrick Back is now <a href="http://www.courthousenews.
com/2009/05/26/Merrick.pdf">suing Savvis</a> for certifying CardSystems as CISP
compliant while it systems where wide open. CISP is a VISA program for certifying credit
card processing systems which existed prior to PCI DSS.</p>
<p>The actual damage to an organization of an attack is rarely disclosed, and coverage
focuses on the Number_of_Records stolen. In the court documents Merrick reveals that its
own damage from the CardSystems incident was $16,000,000! The money was paid to
card holders to compensate for losses and for legal fees and fines.</p>
<p>The case is also interesting as it put to test the liability of the certifying entity (in this
case Savvis) resulting from assessing. The results may have profound influence on the
PCI QSA market and therefore PCI itself. David Navetta posts an <a href="http:
//infoseccompliance.com/2009/06/03/merrick-bank-v-savvis-analysis-of-the-merrick-bank-
complaint/">excellent legal analysis</a> of the potential implications of the lawsuit.</p>
<hr />
<p>This entry is a very important one. Most are already familiar with the infamous
CardSystems incident where hackers stole 263,000 credit card numbers, exposed 40
million more and several million dollars fraudulent credit and debit card purchases had
been made with these counterfeit cards. As a result of the breach CardSystems nearly
went out of business and was eventually purchased by PayByTouch. CardSystems is
considered by many the most severe publicized information security breach ever and it
caused company share holders, financial institutes and card holders damage of millions of
dollars.</p>
<p>But since the publication of the incident a year ago the way in which the breach
occurred remained a mystery.</p>
<p>Recently new articles about the case (listed below) revealed that SQL injection was
used by the attackers to install malicious script on the CardSystems web application
database which where scheduled to run every four days, extract records, zip them and
export them to an FTP site.</p>
<p>This is one of the most stunning examples where a web application security hole was
used to launch a targeted attack in order to steal money.</p>
<p>Additional information:</p>
<ul>
<li><a href="http://searchsecurity.techtarget.com/originalContent/0,289142,
sid14_gci1180411,00.html">Cleaning up after a hack job: CardSystems' Christensen</a>
[Information Security (mirror), Apr 14 2006]</li>
<li><a href="http://www.ftc.gov/os/caselist/0523148/0523148complaint.pdf">FTC complain
In the Matter of CardSystems Solutions</a> [FTC, ]</li>
<li><a href="http://wiki.midrange.com/index.php/CardSystems">Midrange CardSystems
Wiki</a> [Midrange, ]</li>
<li><a href="http://www.webappsec.org/lists/websecurity/archive/2006-04/msg00051.html"
>CardSystems was a Web Application Hack</a> [Cesar Cerrudo, <a href="http://www.
argeniss.com">Argeniss</a>, Apr 18 2006]</li>
<li><a href="http://www.schneier.com/blog/archives/2005/06/cardsystems_exp.html"
>CardSystems Exposes 40 Million Identities</a> [Bruce Schneier, Jun 23 2005]</li>
2004-17 WHID 2004-17: The CardSystems breach was an SQL Injection hack (Updated) </ul> 20-Apr-06 SQL Injection Improper Input Handling Credit Card Leakage Finance No Credit Card Number
40,000,000
<p>An XSS was found in Lycos Web Mail
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.securiteam.com/securitynews/6A00N20C1C.html">Lycos Free
Email Cross-Site Scripting Vulnerability</a> [SecriTeam, Dec 27 2004]</li>
2004-16 WHID 2004-16: Lycos Free Email XSS </ul> 11-Jul-05 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Hosting Providers No
<p>phpBB worm</p>
<p>Additional information:</p>
<ul>
<li><a href="http://www.frsirt.com/exploits/20041225.PhpIncludeWorm.php">PHP Scripts
Automated Arbitrary File Inclusion</a> [Vulnerabiliy Publisher's Site, Dec 25 2004]</li>
<li><a href="http://www.pcworld.com/news/article/0,aid,119051,pg,1,RSS,RSS,00.asp"
>New Variant of Santy Worm Spreads</a> [PC World, Dec 27 2004]</li>
<li><a href="http://www.computerworld.com/securitytopics/security/holes/story/0,
10801,98553,00.html">Santy.E worm poses threat to sites badly coded in PHP </a>
[Computer World, Dec 27 2004]</li>
2004-15 WHID 2004-15: New Variant of Santy Worm Spreads </ul> 25-Dec-04 OS Commanding Improper Input Handling Worm Multiple No phpBB
<p>Worm used Google to locate sites vulnerable to OS</p>
<p>Additional information:</p>
<ul>
<li><a href="http://news.bbc.co.uk/1/hi/technology/4117711.stm">Santy worm makes
unwelcome visit</a> [BBC, Dec 22 2004]</li>
<li><a href="http://isc.sans.org/diary.php?date=2004-12-21">Santy worm defaces
websites using php bug</a> [Sans Storm Center, Dec 21 2004]</li>
2004-14 WHID 2004-14: Santy worm defaces websites using PHP bug </ul> 22-Dec-04 OS Commanding Improper Input Handling Worm Multiple No Various phpBB
<p>Phishing based on XSS (Same vulnerability but a different attack that the similar
September 2004 attack)
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.fool.com/News/mft/2004/mft04120810.htm">Do Online Banks
Facilitate Fraud?</a> [The Motley Fool, Dec 8 2004]</li>
<li><a href="http://news.netcraft.
com/archives/2004/12/06/suntrust_site_exploited_by_fraudsters.html">SunTrust site
exploited by fraudsters</a> [NetCraft, Dec 6 2004]</li>
2004-13 WHID 2004-13: SunTrust site XSS vulnerability exploited by for phishing </ul> 8-Nov-05 Cross-site Scripting (XSS)
Improper Output HandlingPhishing Finance No
<p>An XSS was found in G-Mail
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.theregister.co.uk/2004/10/29/gmail_vuln/">Gmail accounts 'wide
open to exploit' - report</a> [The Register, Oct 29 2004]</li>
<li><a href="http://net.nana.co.il/Article/?ArticleID=155025&amp;sid=10">NetLife
Exclusive: Security hole found in Gmail</a> [Nana NetLife, Oct 27 2004]</li>
2004-12 WHID 2004-12: XSS in Gmail </ul> 11-Jul-05 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Hosting Providers No
<p>Phishing based on XSS
</p><p>Additional information:</p>
<ul>
<li><a href="http://news.netcraft.
com/archives/2004/09/28/phishers_manipulate_suntrust_site_to_steal_data.html"
>Phishers Manipulate SunTrust Site to Steal Data</a> [NetCraft, Sep 28 2004]</li>
2004-11 WHID 2004-11: Phishers Manipulate SunTrust Site to Steal Data </ul> 9/28/2004 Cross-site Scripting (XSS)
Improper Output HandlingPhishing Finance USA No
On Sunday, security analyst Richard Smith did a quick check of the Bush and Kerry
campaign sites and found several security problems on each, all of which are common on
2004-10 WHID 2004-10: SQL Injection and XSS on presidential campaign web sites many other websites. http://www.wired.com/techbiz/it/news/2004/06/64036 6/30/2004 SQL Injection Improper Input Handling Disclosure Only Politics No
<p>Additional information:</p>
<ul>
<li><a href="http://snafu.fooworld.org/~fubob/pubs/wsj-gomes1.txt">Biggest Web Problem
Isn't About Privacy, It's Sloppy Security</a> [Wallstreet Journal (Archive Copy), Jan 26
2004]</li>
2004-1 WHID 2004-1: Biggest Web Problem Isn&#039;t About Privacy, It&#039;s Sloppy Security - OpenTable
</ul> 4-Aug-05 Credential/Session Prediction
Insufficient AuthenticationLeakage of Information Hospitality No
<p>Additional information:</p>
<ul>
<li><a href="http://www.securityfocus.com/news/7739">Defenses lacking at social network
sites</a> [Security Focus, Dec 31 2003]</li>
2003-9 WHID 2003-9: Defenses lacking at social network sites </ul> 12/31/2003 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Web 2.0 No
<p>Additional information:</p>
<ul>
<li><a href="http://www.infoworld.com/article/04/11/17/HNpetco_1.html">Petco settles
charge it left customer data exposed</a> [Infoeworld, Nov 17 2004]</li>
<li><a href="http://www.securityfocus.com/news/9957">Petco settles with FTC over cyber
security gaffe</a> [Security Focus, Nov 17 2004]</li>
<li><a href="http://www.securityfocus.com/news/7581">FTC investigates PetCo.com
security hole</a> [Security Focus, Dec 5 2003]</li>
2003-8 WHID 2003-8: SQL Injection in PetCo.com leads to FTC investigation </ul> 11/17/2004 SQL Injection Improper Input Handling Disclosure Only Retail No
WHID ID Entry Title Incident Description Reference Date Occurred
Attack Method Application Weakness Outcome Attacked Entity Field Attacked Entity Geography
Mass Attack Mass Attack Name Number of Sites Affected
Attack Source
Attacked
Geography
System Technology
Cost Items LeakedNumber of Records
Additional Link
<p>View other customers orders by changing a sequential number within a URL
parameter
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.cbsnews.com/stories/2003/10/22/tech/main579547.shtml"
>Victoria's Secret Reveals Too Much</a> [CBS News, Oct 22 2003]</li>
<li><a href="http://cooltech.iafrica.com/technews/280300.htm">Victoria's Secret reveals
far too much</a> [iAfrica, Oct 24 2003]</li>
2003-7 WHID 2003-7: Victoria&#039;s Secret reveals far too much </ul> 10/22/2003 Predictable Resource Location
Insufficient Authorization Disclosure Only Retail No
<p>A person convicted of blackmailing Best Buy. He threatened to expose a breach in the
company's web site if not paid $2.5 million.
</p><p>Additional information:</p>
<ul>
<li><a href="http://news.zdnet.com/2100-1009_22-5136932.html?tag=nl">Mississippi man
denies Best Buy blackmail</a> [ZDnet, Jan 7 2004]</li>
<li><a href="http://news.zdnet.com/2100-1009_22-5980008.html">Police blotter: Best Buy
'hacker' loses in court</a> [Zdnet, Dec 2 2005]</li>
<li><a href="http://caselaw.lp.findlaw.com/data2/circs/8th/051655p.pdf">Appeals Court's
Opinion</a> [, Nov 22 2005]</li>
2003-6 WHID 2003-6: Mississippi man blackmails Best Buy </ul> 26-Feb-06 Unknown Unknown Extortion Retail No
<p>User submitted information was being stored in a publicly available location. The URL
found in the source code of a publicly available web page.
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.securityfocus.com/news/7067">Car shoppers' credit details
exposed in bulk</a> [Security Focus, Sep 25 2003]</li>
2003-5 WHID 2003-5: Car shoppers&#039; credit details exposed in bulk </ul> 9/25/2003 Predictable Resource Location
Insufficient Authorization Leakage of Information Automotive No
<p>Additional information:</p>
<ul>
<li><a href="http://www.ftc.gov/opa/2003/06/guess.htm">Guess Settles FTC Security
Charges</a> [FTC Web Site, Jun 18 2003]</li>
2003-4 WHID 2003-4: SQL injection on Guess site triggers an FTC inquiry </ul> 6/18/2003 SQL Injection Improper Input Handling Disclosure Only Retail No
<p>Additional information:</p>
<ul>
<li><a href="http://news.zdnet.co.uk/business/0,39020645,2134469,00.htm">Microsoft
faces huge fine over security</a> [Zdnet, May 9 2003]</li>
<li><a href="http://www.atnewyork.com/news/article.php/2203651">Microsoft Patches .
NET Passport Hole</a> [AnyNetwork, May 8 2003]</li>
2003-3 WHID 2003-3: User passwords could be stolid in Microsoft&#039;s Passport service </ul> 5/9/2003 Predictable Resource Location
Insufficient Password Recovery
Disclosure Only Service Providers No
<p>While an old incident, further research into it suggest that it was a web hack. While the
initial reports talk about a database break in, a report in the Register identify the database
as txClass, which is a web based system.<br />55,200 social security numbers where
stolen, though the hacker claimed that he did not perform the act for profit. He was caught
and sentenced to 5 years probation.
</p><p>Additional information:</p>
<ul>
<li><a href="https://www.utexas.edu/datatheft/">Data Theft Incident Response</a> [UofT,
Sep 7 2005]</li>
<li><a href="http://www.theregister.co.uk/2003/03/18/student_owns_up_to_texas/"
>Student owns up to Texas Uni cyber-heist</a> [The Register, Mar 18 2003]</li>
<li><a href="http://www.computerworld.com/securitytopics/security/holes/story/0,
10801,79102,00.html">UT Austin hack yields personal info on thousands</a> [Computer
World, Mar 6 2003]</li>
<li><a href="http://www.securityfocus.com/news/2935">Hackers steal names, Social
Security numbers from University of Texas database</a> [Security Focus, Mar 6 2006]
</li>
2003-2 WHID 2003-2: UT Austin hack yields personal info on thousands </ul> 4-Apr-06 Brute Force Insufficient Anti-automation
Leakage of Information Education No
<p>View other customers information by modifying a cookie
</p><p>Additional information:</p>
<ul>
<li><a href="http://news.com.com/2100-1017-984585.html">FTD.com hole leaks personal
information</a> [CNet, Feb 13 2003]</li>
2003-1 WHID 2003-1: FTD.com hole leaks personal information </ul> 2/13/2003 Credential/Session Prediction
Insufficient AuthenticationLeakage of Information Retail No
<p>View other customers orders by changing a guessable number within a URL
parameter
</p><p>Additional information:</p>
<ul>
<li><a href="http://www.securityfocus.com/news/8508">Tower Records settles charges
over hack attacks</a> [Security Focus, Apr 21 2004]</li>
<li><a href="http://news.com.com/2100-1017-976271.html">Tower Records site exposes
data</a> [CNet, Dec 5 2002]</li>
2002-4 WHID 2002-4: Tower Records settles charges over hack attacks </ul> 4/21/2004 Predictable Resource Location
Insufficient Authorization Leakage of Information Retail No
<p>A company put its earnings report on site before its official release, but did not linked
to it. Reuters found the document and published it.
</p><p>Additional information:</p>
<ul>
<li><a href="http://news.com.com/2100-1023-963658.html">Reuters accused of
hacking</a> [Cnet, Nov 29 2002]</li>
2002-3 WHID 2002-3: Reuters accused of hacking </ul> 11/26/2002 Unintentional Information
Insufficient
Disclosure Authorization Leakage of Information Technology No
<p>Additional information:</p>
<ul>
<li><a href="http://www.bindshell.net/papers/xssv/advogato/">Advogato xss virus
account</a> [Bindshell, Sep 21 2002]</li>
2002-2 WHID 2002-2: Advogato XSS virus account </ul> 11-Jul-05 Cross-site Request Forgery
Improper
(CSRF)
Output HandlingWorm Technology No
<p>Opening an account with a discontinued e-mail address exposes all the information of
the discontinues account
</p><p>Additional information:</p>
<ul>
<li><a href="http://wired-vig.wired.com/news/ebiz/0,1272,53942,00.html">BN.com: The
Hole Story</a> [Wired, Jul 19 2002]</li>
<li><a href="http://www.marktaw.com/technology/HackingBarnesAndNoble.com.html"
>BarnesAndNoble.com Security Flaw</a> [Personal Web Page, Jul 9 2002]</li>
<li><a href="http://itmanagement.earthweb.com/secu/article.php/3347761">Barnes &amp;
Noble.com Fined for Customer Data Leak</a> [Datamation, Apr 30 2004]</li>
2002-1 WHID 2002-1: Flawed authentication at BN.com exposes personal information </ul> 7/19/2002 Predictable Resource Location
Insufficient Password Recovery
Leakage of Information Retail No
2001-6 WHID 2001-6: XSS at Microsoft Passport http://www.pcworld.com/news/article/0,aid,69543,00.asp 11/5/2001 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Service Providers No
The privacy hole affected users who logged on to the Verizon Wireless Web site and used
the My Account feature to view or change their cell phone billing and account information.
The Web site address for the feature assigns session identifications sequentially as each
2001-5 WHID 2001-5: Privacy hole found in Verizon Wireless Web site user logs in which allows for forceful browsing. http://www.computerworld.com/securitytopics/security/privacy/story/0,10801,63587,00.html 6-Sep-01 Credential/Session Prediction
Insufficient Authorization Disclosure Only Service Providers No
Users who visited the Price Lotto site using Microsoft's IE (Internet Explorer) 4.x and 5.x,
automatically downloaded malicious JavaScript that was programmed to alter the software
2001-4 WHID 2001-4: Hacked Web site damaged PCs in Japan configuration of their PCs. http://www.computerworld.com.au/article/52716/hacked_web_site_damaged_pcs_japan/ 8/22/2001 Cross-site Scripting (XSS)
Improper Output HandlingPlanting of Malware Retail No
2001-3 WHID 2001-3: Persistent XSS in Hotmail Persistent XSS HTML Injection inside an HTML email message to hotmail http://www.usatoday.com/tech/news/2001-08-31-hotmail-security.htm 8/31/2001 Cross-site Scripting (XSS)
Improper Output HandlingDisclosure Only Service Providers No
View other orders by changing a sequential parameter number. Security was provided by
2001-2 WHID 2001-2: Computer E-Retailer Exposes Credit Card Numbers client side JavaScript http://www.extremetech.com/article2/0,3973,103782,00.asp 6/18/2001 Predictable Resource Location
Insufficient Authorization Disclosure Only Retail No
2001-1 WHID 2001-1: Travelocity exposes customer information Sensitive files were left in a publicly accessible directory of a new web server install http://news.com.com/2100-1017-251344.html?legacy=cnet 1/22/2001 Predictable Resource Location
Insufficient Authorization Disclosure Only Hospitality No
2000-6 WHID 2000-6: Inforeading.com defacement using command injection Executing local commands using URL parameters http://www.inforeading.com/library/infoarticles/InfoReading/logs/deface/02.txt 15-Dec-00 OS Commanding Improper Input Handling Defacement Entertainment No
2000-5 WHID 2000-5: Eve.com exposes customers order information View other customers orders by changing a sequential number within a URL parameter http://news.com.com/2100-1017-245700.html?legacy=cnet 9/13/2000 Credential/Session Prediction
Insufficient Authorization Leakage of Information Retail No
2000-4 WHID 2000-4: Sensitive files left unprotected on Western Union&#039;s Web Sensitive files were left in a publicly accessible directory during a maintenance window http://news.com.com/2100-1023-245525.html?legacy=cnet 10-Sep-00 Unintentional Information
Insufficient
Disclosure Authorization Leakage of Information Finance USA No
2000-3 WHID 2000-3: Gaffe at Amazon leaves email addresses exposed E-mail addresses of other customers displayed by mistake, no hacking was required http://news.com.com/2100-1017-245387.html?legacy=cnet 6-Sep-00 Abuse of Functionality Application Misconfiguration
Leakage of Information Retail USA No
2000-2 WHID 2000-2: IKEA exposes customer information on catalog site Error message revealed a database file location, which could be downloaded. http://news.com.com/2100-1017-245372.html?legacy=cnet 9/6/2000 Unintentional Information
Insufficient
Disclosure AuthenticationLeakage of Information Retail No
A very early XSS issue at eBay. Interesting historically as it seems that at the time the
1999-1 WHID 1999-1: eBay downplays security hole term XSS was not yet in use. http://packetstormsecurity.org/9904-exploits/ebayla.txt 4-Apr-06 Cross-site Scripting (XSS)
Improper Output HandlingSession Hijacking Retail No
Timestamp Untitled Question