Presentation highlighting incidents from the Web Hacking Incident Database over the last 18 months. Incidents only from WHID an project started by the Web Application Security Consortium. Source : http://projects.webappsec.org/w/page/13246995/Web-Hacking-Incident-Database Embedded video link: http://rt.com/usa/news/anonymous-attack-video-cia-219/ (not vewable in the ppt. )

1. Nullcon 2012
International Security Conference

2. What is the talk about?
•Only reported incidents
•Mostly pertaining to government and corporate establishments.
What is the Talk not about?
•Unreported activities of intelligence agencies
•Data gatheredIntelligence agencies

3. Who am I?

4. Hacked Industries
Healthcare Automotive Hospitality Internet Credit Card Issuer
Service
Provider
Education Finance Government
Music Sports

5. Hacked Industries
United States Search Engines Newspaper
University
Recruitment
Web 2.0 Travel Social Networking
Internet Service Provider
News Entertainment

6. Statistics
Application Weakness in the Outcome in the Year 2011-12
Year 2011-12 Miscellaneous Defacement
Monetary Loss 13% 16%
Improper IO
7%
Misc Handling
(IPV,ITLP,PRL 25% Planting of
etc) Malware
41% 7%
Downtime
Leakage of
30%
Information
Insufficient 27%
Inefficient Anti-
AAA Automation
7% 27%
Source : projects.webappsec.org

7. Statistics
Attack Entity Geography Year Attacked Entity Field in Year
2011-12 2011-12
Australia
Europe Government
4%
17% 24%
North America Misc (Retail,
44% 36% Education
Asia 3%
19%
Technology
20%
Entertainment
Africa South America 9%
3% 13% Finance
8%
Source : projects.webappsec.org

8. Reasons why cybercrimes occur?
Monetary
Hackers steal $6.7M in cyber bank
1st April 2012 robbery all this over new year break
Monetary (Computer hacker tries to steal
$1.8 million from Arlington's bank account Jan 18th 2012

9. Reasons why cybercrimes occur?
Recognition
Hactivism:
DOS/DDOS Attacks
April 2012, February 2012, June
2011 CIA website Downed by
Anonymous on three occasions

10. Reasons why cybercrimes occur?
Political
North Korea, South Korea

11. Reasons why cybercrimes occur?
Political
Geopolitical rivalry manifesting in corporate cybercrime
3rd January 2012 Saudi Hackers Post Israeli Credit Card
Numbers Online
Intelligence:FBI Partner website hacked
FBI Partner Organization Website
Dayton FBI partner website hacked

12. Reasons why cybercrimes occur?
Defacement
27th April 2012
Taliban Website Hacked As
Afghan Cyberwar Heats

13. Reasons why cybercrimes occur?
Fun
black hat/ white hat/GreyHat??
January 2012 to March 2012
15-year-old arrested for
hacking 259 companies
Google kills Iranian blog with 3
million hacked bank accounts

14. Anonymous
video :
anonymous message
to the world and CIA
who are they?
“First, who is this group called Anonymous? Put simply, it is an
international cabal of criminal hackers dating back to 2003, who have
shut down the websites of the U.S. Department of Justice and the
F.B.I. They have hacked into the phone lines of Scotland Yard. They are
responsible for attacks against MasterCard, Visa, Sony and the
Governments of the U.S., U.K., Turkey, Australia, Egypt, Algeria, Libya,
Iran, Chile, Colombia and New Zealand. ”
—Canadian MP Marc Garneau, 2012

15. Hacktivist Group

16. Anonymous
Govt site taken down in censorship protest - Jun 10, 2012

17. Hacks in 2012
CSLEA hack Taking down Monsanto's Hungarian website
Occupy Nigeria
Symantec source code leak
Operation Megaupload
April 2012 Chinese attack
Anti-ACTA activism in Europe
Operation Russia Operation Bahrain and Formula One attacks
Boston Police Department attacks Occupy Philippines
Syrian Government E-mail Hack Operation India
AntiSec Leak and CIA Attack
Operation Quebec
Interpol Attack
Operation Japan
AIPAC Attack
Operation Anaheim
Vatican website DDoS Attacks
AAPT attack
Bureau of Justice leak
Operation Myanmar

18. Case 1 Tunisian Government
Date :
18 December 2010 – 14 January 2011
who:
Tunisian Revolution
• 8 websites affected (including, the president, prime minister, ministry of
industry, ministry of foreign affairs, and the stock exchange.)
• Ben Ali's administration has tightly restricted the flow of information out
of Tunisia
• Reports of civil disobedience and police action filtered out on Twitter.
• Anonymous claimed responsibility for the cyber attack (called it #OpTunisia)
• Part of #OpPayback, initially aligned with wikileaks (Zimbabwe) then the
people of Tunisia.
• felt government had unilaterally declared war on free speech, democracy,
and even [its] own people".
• "Cyber attacks will persist until the Tunisian government respects all
Tunisian citizens' right to free speech and information and ceases the
censoring of the internet".

19. Case 2 Government
Date :
09/12/11
who:
Congress Website hacked
(congress.org.in & aicc.org.in)
what
(Defacement)Sonia Gandhi profile changed with one
paragraph of obscene Language.(Photo of Sonia Gandhi)
why:
KapilSibal asked social media networks, including Facebook,
Twitter and Google, to remove offensive material from their websites.
Interesting Fact :

21. Case 3 Government
Date :
Dec 2010- Jun 2011
who:
117 Govt. of India Websites (NIC, Army, CBI)
Group responsible:
Indian offshoot of Anonymous, PCA(well….at least reportedly, also
hacked 270 other sites)
why:
Retaliation for ICA's Attack on 26/11/10
Interesting Fact :
Indian government departments and agencies do not follow the
procedures set for regular audits of the sites

23. Case 1 Corporate
Date :
15/01/12
who:
Zappos (Aquired by Amazon since 2008)
what:
24m Records Breached Information including names, email
addresses, billing and shipping addresses, phone numbers, the
last four digits of credit card numbers, and encrypted passwords
may have been exposed.
how:
zero day vulnerability
Interesting Fact :

25. Case 2 Corporate
Zuckerberg'sFacebook Account Hacked
Date :
Till Nov 27, 2011
who:
Bug in the application
how:
A subscriber uses the Report/Block link that appears in the bottom right
when you roll over a picture to report another subscriber's photo as
pornographic. The blocking tool then asks for your help in identifying
other photos that should be blocked as part of that account - which is
where the bug comes in. Not only were the public photos of that
account presented, but private photos as well.
Output:
Mark Zuckeberg's private photos started to show up
across the web

26. Case 3 Corporate
Date :
06/06/12
who:
Linkedin
how:
Vulnerable Front end
SQL Injection (could have been sqlmap or Havij)
Outcome:
According to Per Thorsheim, security analyst, A list of 6.5 million
passwords appeared on a russian forum.
• All hashed using the SHA-1 algorithm. No Salting
• Many Password "1234LinkedIn" with SHA-1 Hash is
―abf26a4849e5d97882fcdce5757ae6028281192a.‖
• No Username or Data, but Could be a plan to crowd source
hacking effort, because some unique passwords also found.

28. Case 4 Corporate
Date :
19/04/2012 (realised 7 days later.)
who:
Sony Playstation, Playstation portable, &Qriocity(Music
Streaming)
what:
•Supposed hacker chat-logs reveal PSN security lapses
• 77m stolen names, addresses, birthdates, PSN passwords and
credit card numbers.
•55m (PSN, PS3 + playstation Mobile ) and 22m (Qriocity)
•all details stolen indicate they were in unencrypted form
(against common Industry practice.)

29. Other Hacks
When:
May 22nd
Who:
Greece
What:
Hacked
Attack mode:
SQL injection, automated

30. Other Hacks
Article mentions that when this whole attack on Sony is over it might
come to be one of the most secure web presence on the www.
When:
May 24th 2012
Who:
Sony music Japan
What:
Hacked
By:
Lulzsec

31. Other Hacks
When:
June 5th 2011
Who:
Sony Music Brazil
By:
Lulzsec

32. Other Hacks
When:
June 6th 2012
Who:
Sony Europe
By:
Lebanese Hacker (Idahc)
What:
Stole 120
usernames, passwords, em
ail addresses through
Attack mode:
SQL injection

33. Other Hacks
When:
July 5 2011
Who:
Sony Music
Ireland website
By:
Hackers

34. Other Hacks
When:
January 6th 2012
Who:
Sony picture
website and FB
What:
page hacked
By:

35. Other Hacks
When:
August 2012
Who:
Sony
What:
hacked again
By:
SQL Injection Vaccination?

36. Types of Attacks in 2011
When Who By & How Outcome
March 17, 2011 Hacked by an Advanced Used SecurId codes
Persistent Threat (APT) they stole from the
RSA break-in to hack
Lockheed Martin
June 2, 2011 Through Spear phishing Gmail accounts of
used by Chinese Hackers select members of
the U.S. Government
had been
compromised
May, 2011 200,000 Customer A/c were Citi ordered new
compromised by a cyber- credit cards for
attack. Hackers accessed 100,000 customers
account holders' absorbing the $2
names, email million cost
addresses, and account
numbers
June 11, 2011 Hackers used a "spear Degree of the
phishing" technique compromise was not
specified

37. Types of Attacks in 2012
When Who By & How Outcome
August, 2012 Hactivist Group Site was unavailable
Anonymous Demanding freedom
for Wikileaks founder
JulianAssange
Interpol British Police SOCA
July 12, 2012 Group of Hackers used SQL injection retrieved
Union based SQL 453,000 user names
injection and passwords stored
in plaintext
September 25, Muslim hackers launched Bank was forced to
2012 a distributed a denial-of- shut down the website
service attack against it

38. • Incidents will continue to happen
• Regulatory Authority required to Penalize
for no compliance

39. Thank You