Latest news
The group stated a campaign dubbed "#OpIreland" and mounted DDoS attacks against the websites of the aforementioned politician and junior minister Seán Sherlock, and the Departments of Finance and Justice last week, downing them for a while.
After this "warning shot", last night the hackers turned their sights towards a number of websites tun by the Department of Foreign Affairs, but this time they took it upon themselves to do more damage.
The attack resulted in the breach of the servers hosting the site and the theft and subsequent publication on Pastebin of account and login details and personal information of 19 users of the Irish Aid website, the government’s aid programme for developing countries.
According to The Journal, 17 of the 19 compromised accounts belong to staff of the Department of Foreign Affairs, while the remaining two are used by the company that designed the site.
"A quick look at those passwords shows that despite repeated warnings users still use insecure passwords," pointed out Brian Honan, the founder and head of Ireland's first CERT team and owner of BH Consulting. "Three of the accounts had 'password' as their password with one other being more advanced at having 'password1'. So clearly some user education needs to be done for those users or better alternatives to authorize users are needed."
A spokesman for the Department of Foreign Affairs confirmed the breach but said that other servers belonging to the Department were not compromised. The Irish Aid website is still down as the Department's IT specialists are investigating the matter.
"But before we start pointing fingers at the Department of Foerign Affairs and the weak passwords of those users, we should not forget that they are the victim of this attack," says Honan. "There are no winners in this particular situation but I urge people to view it with a clear head and realize that no matter what vulnerabilities were used to breach the website, the Department and the affected users are victims of a crime."
Also attacked last night was the website of Sherlock's Labour party, but except being made inaccessible for a while during the night, the organization sustained no other damage.
Spotlight
17% of the world's PCs are unprotected
Posted on 30 May 2012. | In a study that analyzed data from voluntary scans from an average of 27-28 million computers per month, McAfee researchers found 17% of the world is browsing the internet completely unprotected.
What's new in ISO 22301
Posted on 29 May 2012. | Currently there are many business continuity frameworks and standards around the world, but none of them have really taken the dominant position.
Trojan spyware promoted as Steam keygen
Posted on 29 May 2012. | To users looking for keygens for their Steam games, read on: we found something that will make you think twice and probably leave you steering clear of key generators forever.
New cyber weapon targets systems in the Middle East
Posted on 28 May 2012. | A new sophisticated piece of malware dubbed "Flame" has been discovered in systems belonging to users in many Middle Eastern countries and is though to have been developed by a nation state.
RuFraud scammers caught and fined
Posted on 28 May 2012. | PhonepayPlus managed to cut off a malware attack that took the form of premium SMS fraudulent apps masquerading as popular apps offered on Google Play and other online stores.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
 |
