The backdoor to sixteen military, government and college websites are up for sale.
Security firm Imperva said last week that sixteen government, military and educational websites have been hacked are now up for sale for anyone wanting to take control.
The firm originally stumbled across this revelation while scanning through underground forums. One hacker was discovered to be offering full control of a website used by the U.S. Army's Communications-Electronics Command (CECOM), granting virtual keys to the backdoor for just under $500 bucks.
And that's just for starters. According to Noa Bar-Yosef, Imperva senior security strategist, this particular hacker also claims he has control over numerous additional websites owned by the military, the government and universities. The price to gain access to these websites depend on their importance and level of use, ranging from $33 to $499.
"You can actually buy the capability of being the administrator of the website," she told Computerworld, adding that databases of personal information are also up for grabs at $20 per thousand records-- one case even reveals a data pack of 300,000 people up for a hefty price.
The hacker in question is reportedly using SQL injection to gain access to the websites. According to the Wikipedia definition, this is "a code injection technique that exploits a security vulnerability occurring in the database layer of an application." Typically hackers look for poorly-written web pages sporting search boxes and/or data-entry forms that connect with back-end databases. Hackers then use an automated tool to sneak database commands in through those faulty pages.
Although Imperva marked out the list of website names that are up for sale, security blogger Brian Krebs posted a screenshot of the forum post unedited, revealing sites such as the University of South Carolina in Beaufort, the Department of Defense Pharmacoeconomic Center, the State of Utah's official website and more.
"Amid all of the media and public fascination with threats like Stuxnet and weighty terms such as 'cyberwar,' it’s easy to overlook the more humdrum and persistent security threats, such as Web site vulnerabilities," he said. "But none of these distractions should excuse U.S. military leaders from making sure their Web sites aren’t trivially hackable by script kiddies."
I can see the headlines:
"Pentagon Up For Sale For 500 Thousand!"
what a pathetic way to make money.
p.s if anyone is wondering yes government sites are sometimes easier to get into then online blog sites.
Does that rings any bells?
That's cheap, compared to how much trouble they can get into for doing it.
(ok, they have personal information, but they cant change anything (hoping they have backups of the databases...))
Just websites you say... Oh, it's just the Department of Defence... Nothing important.
but in comparison of die hard 4 it isnt as important, they cant take all your money away and such... (i agree they can try to scam you, but you have to be careful about that all the time)
and about the scholarships: they did that my country once (direct access...) and they got found out rather quickly
(and i'll read that book, thanks)
Come on! People are incapable of recognizing a scam when they see one?
WTF is this world coming to...