AMD Blogs Hacked By R00tbeer Group

Little-known hacker team “r00tbeer” has claimed a hack of the official AMD blogs, defacing the homepage and stealing the user database with information on around 190 AMD staff.

The chip manufacturer has taken the page offline, citing “website maintenance” as the main reason.

Routine maintenance?

R00tbeer seems to be a new player on the scene. The group opened a Twitter account on 18 August, and had assembled 233 followers at the time of this story being published.

R00tbeers’ first exploit was to access the user database of thebotnet.com forums, a community with over 96,000 members, posting the database online on Sunday. After this, r00tbeer promised that their next target “will be a large company.”

https://twitter.com/r00tbeer_/status/237006323122839553″ data-datetime=”2012-08-19T02:01:25+00:00
The victim they chose was AMD, and its news website blogs.amd.com, which is based on the WordPress platform. According to ZDnet, the hackers stole and dumped the database containing the details of 190 internal accounts, including information on usernames, email addresses, hashed passwords and, in some cases, full names of AMD staff. No customer details appeared to be compromised.

R00tbeer had also replaced the homepage with their own design, signing off as “Eriksson”, “Akira”, “Taz” and “Hades_”. The page contained a link to the aforementioned Twitter account, betraying the group’s desire for publicity.

Security expert Paul Ducklin from Sophos has noted that the full size of the stolen database is just 32 KB, calling it “a small deal in the history of security breaches” and “more of a hackette than a hack”.

Following the attack, AMD was quick to take the blog offline. “Due to routine maintenance, AMD’s web site is temporarily unavailable. We apologize for the inconvenience. This area will be back online as soon as possible,” says a statement on the homepage.

Several hours later, AMD followed with an official statement: “AMD’s blog site was the target of an attack on August 19th. We believe that the attackers posted less than 200 registered usernames and salted password hashes to a hacker web site. AMD uses salted password hashes, which is an industry best practice for encryption and extremely difficult to crack.”

“We immediately took the blog site offline and changed all passwords. AMD remains committed to data security and user privacy and has launched an investigation into this matter. We expect to bring our blog site back online within the next 24 hours.”

How much do you know about microprocessors? Take our quiz!

/p