Defence Contractor Breached By Anonymous AntiSec

Anonymous continued its AntiSec rampage, targeting US defence contractor Vanguard’s documents

Another defence contractor’s network and data has apparently fallen to the combined skills of hackers attacking Websites under the AntiSec banner.

Members of hacktivist collective Anonymous have reportedly breached servers belonging to defence contractor Vanguard Defence Industries as part of the movement to steal and publicise documents from government agencies, according to a report in the TechHerald. Anonymous may have extracted nearly 4,713 emails and thousands of documents in this attack.

AntiSec Targeting Defence

Anonymous has gone after a number of defence contractors and government agencies recently as part of AntiSec, including Booz Allen Hamilton and InfraGard, a public-private partnership organisation working with the Federal Bureau of Investigation.

“Any private corporation[s] supporting US military or law enforcement operations are legitimate targets in our eyes,” a member told the TechHerald, justifying the attack on VDI.

The attack seems to have exploited vulnerabilities in the popular WordPress blogging platform. VDI apparently had not upgraded two out-dated plug-ins, leaving security holes wide open for the cyber-attackers to waltz through.

“Recent large hacks making headlines are thought to have been performed by compromising just one plug-in in an enterprise,” Michael Sutton, vice-president of security research at Zscaler ThreatLabZ, told eWEEK. According to Zscaler’s latest “State of the Web” report, even if the software has been updated to the most up-to-date version, many organisations tend to fall behind in updating plug-ins, making it a lucrative attack vector.

“The government requires stringent security methods in place for its contractors and VDI failed to implement even the most basic security, patching its Website,” Josh Shaul, CTO of Application Security, told eWEEK.

Attackers also compromised the password used by Richard Garcia, VDI’s senior vice president and the former assistant director in charge of the FBI’s field office in Los Angeles, and gained access to his emails. The attack on Garcia’s account is slightly reminiscent of how Anonymous compromised emails at HBGary Federal because CEO Aaron Barr and chief operating officer Ted Vera had reused weak passwords across several systems.

Patching And Database Monitoring

The attack “proves” that even with all the cyber-attacks and data breaches in 2011 so far, some organisations still do not take information security “seriously”, Shaul said. Simply monitoring database access and regularly patching software could have thwarted many of the basic attacks this year, according to Shaul.

Vanguard was targeted because of its work with several local law enforcement agencies and ties with the FBI, Department of Homeland Security and the United States Marshals. The Texas-based company makes unmanned ShadowHawk helicopters used for aerial surveillance or equipped with guns and grenades for combat usage.

The emails from Garcia’s account are expected to be released over the weekend with a searchable index. There are emails to several government agencies and local law enforcement agencies as well as memos marked “Confidential” or “for official use only”. There are email addresses, passwords, resumes, non-disclosure agreements and contracts, and financial details in the messages.

Anonymous began the week by attacking the San Francisco’s Bay Area Rapid Transit’s customer portal myBART.org to protest the San Francisco regional transit authority’s decision to shut down cellular service on several of its stations. Demonstrators were using mobile devices to plan demonstrations protesting two fatal shootings by transit police.

Transit officials suspended service to prevent the demonstrations from disrupting normal train service. Approximately 2,000 had their personal information stolen in what was supposedly a SQL injection attack. To keep the pressure on BART, Anonymous also helped organise a street protest on August 15 that resulted in BART authorities and the San Francisco police department shutting four downtown San Francisco BART and Muni stations for a few hours.

An Anonymous group member also breached the BART Police Officer Association Website on August 17 and publicised personal information, such as names, home addresses, email addresses and passwords belonging to 102 transit police officers.

A leaked Internet Relay Chat log seems to indicate that the attacker was a first-time hacker from Canada acting alone and using a SQL injection tool. She claimed it took her four hours to break into the site. However, a member behind the Twitter account AnonyOps posted a disclaimer. “FYI, no one claimed responsibility for the hack. Some random Joe joined a channel and released the data to the press,” according to the AnonyOps post.