'SwaggSec' Announces Breach of China Telecom, Warner Bros.
The alleged data haul includes internal documents and administrator login credentials
Fortunately for them, we did not destroy their infrastructure and rendered millions of customers without communicationSwaggSec
Swagger Security, or "SwaggSec," announced the breach Sunday on Pastebin, providing a link to the files on The Pirate Bay. The group has been active since early this year when it claimed credit for stealing user names and passwords for an ordering system belonging to the contract manufacturer Foxconn, which builds devices for technology companies including Apple.
SwaggSec said the China Telecom data is 900 user names and passwords for administrators on the company's network. The information was obtained through an insecure SQL server, SwaggSec said in its post. The group said it notified China Telecom of the hack by planting a message in the company's network. The SQL server was moved but not fixed.
"Fortunately for them, we did not destroy their infrastructure and rendered millions of customers without communication," SwaggSec said in a note accompanying the data.
If accurate, the data would provide a would-be hacker a strong start to begin probing Warner Bros. websites
The Warner Bros. data includes a report marked "confidential" and titled "Content Security Status Update" dated the week ending April 27. It is an evaluation of the company's websites, including the top 10 sites with the most open medium-risk vulnerabilities. It also lists the top 10 medium to high-risk vulnerabilities on its networks, with the top two being cross-site scripting and unsupported SSL.
If accurate, the data would provide a would-be hacker a strong start to begin probing Warner Bros. websites. The bundle of data included other documents, some of which are dated 2007.
"Warner Bros.' also approaches the same technique of confidentiality and ignorance when it comes to their own security vulnerabilities," SwaggSec said.
When we hacked their intranet, we were surprised to see their IT department's well documented 'confidential' data about the 'critical vulnerabilities' on their servers and sites. However, their IT department's ignorance to fix any of the vulnerabilities they were aware about granted us complete access to their servers."
The group continued to taunt Warner Bros. on Twitter later on Sunday writing, "So Warner Bros you going to fix your vulns now that we've hacked you?"
Efforts to reach Warner Bros. were not immediately successful. China Telecom officials did not have an immediate comment.
Since Monday, close to 1,000 workers at an IBM factory in China have been protesting the proposed acquisition, fearing they may lose their jobs if the deal goes through.
Incident responders have no good way of distinguishing inconsequential malware from highly damaging malware. They spend way too much time and resources chasing red herrings while truly malicious activity slips past.
According to AppRiver's unscientific survey of IT security professionals, the ethics and legality of NSA activities is simply not part of the day-to-day concern when it comes to defending against malware and cyber attacks.
Having lots of Wi-Fi networks packed into a condominium or apartment building can hurt everyone's wireless performance, but Stanford University researchers say they've found a way to turn crowding into an advantage.