'SwaggSec' Announces Breach of China Telecom, Warner Bros.
The alleged data haul includes internal documents and administrator login credentials
Fortunately for them, we did not destroy their infrastructure and rendered millions of customers without communicationSwaggSec
Swagger Security, or "SwaggSec," announced the breach Sunday on Pastebin, providing a link to the files on The Pirate Bay. The group has been active since early this year when it claimed credit for stealing user names and passwords for an ordering system belonging to the contract manufacturer Foxconn, which builds devices for technology companies including Apple.
SwaggSec said the China Telecom data is 900 user names and passwords for administrators on the company's network. The information was obtained through an insecure SQL server, SwaggSec said in its post. The group said it notified China Telecom of the hack by planting a message in the company's network. The SQL server was moved but not fixed.
"Fortunately for them, we did not destroy their infrastructure and rendered millions of customers without communication," SwaggSec said in a note accompanying the data.
If accurate, the data would provide a would-be hacker a strong start to begin probing Warner Bros. websites
The Warner Bros. data includes a report marked "confidential" and titled "Content Security Status Update" dated the week ending April 27. It is an evaluation of the company's websites, including the top 10 sites with the most open medium-risk vulnerabilities. It also lists the top 10 medium to high-risk vulnerabilities on its networks, with the top two being cross-site scripting and unsupported SSL.
If accurate, the data would provide a would-be hacker a strong start to begin probing Warner Bros. websites. The bundle of data included other documents, some of which are dated 2007.
"Warner Bros.' also approaches the same technique of confidentiality and ignorance when it comes to their own security vulnerabilities," SwaggSec said.
When we hacked their intranet, we were surprised to see their IT department's well documented 'confidential' data about the 'critical vulnerabilities' on their servers and sites. However, their IT department's ignorance to fix any of the vulnerabilities they were aware about granted us complete access to their servers."
The group continued to taunt Warner Bros. on Twitter later on Sunday writing, "So Warner Bros you going to fix your vulns now that we've hacked you?"
Efforts to reach Warner Bros. were not immediately successful. China Telecom officials did not have an immediate comment.
Security researchers have long known about the vulnerabilities of the RFID readers that many buildings use instead of door locks, but facilities managers have been slow to upgrade to more secure systems.
The top paying cybersecurity job is a security software engineer with an average annual salary of $233,333, according to a recent report from the job board Dice. That tops the salary for a CSO which is $225,000.
Tonight is the night, Windows fans. Starting around midnight Eastern time on Wednesday, June 29, 2015 Windows 10 will start rolling out to Windows Insider members.
Despite the apparent nearness of the Trans Pacific Partnership Agreement, the contents are still largely cloaked in secrecy, with no official drafts available.