Since Lulzsec downed their tools, those in the security community have been waiting for the AntiSec community and now we have the first warning shots across our bows. The LulzSec group were highly active for a period of 50 days claiming that this period of activism was planned to wake up the AntiSec community.
Monday 4th July – Apple servers hacked.
Hacker group Anonymous claims it has hacked one of Apple’s servers and posted usernames and passwords to prove it on their Twitter account, together with a warning that Apple could be a target of one of their attacks.
“Not being so serious, but well (…) #Apple could be target, too. But don’t worry, we are busy elsewhere”, tweeted @AnonymousIRC
Along with the tweet there was a link to a text file on Pastebin reported to be from one of Apple’s servers that contained a list of user names and passwords. As the passwords are encrypted so it will require some work to try to extract information from the tables (it would be possible for instance if someone has used a weak password for that to be recovered through a brute force hack… This may give hints to the encryption key). The server hacked was related to managing surveys and has been taken offline since the attack.
At the same time that the Anonymous tweet was posted there was another post from a lone hacker named Idahc claiming the he had found an SQL vulnerability in Apple’s servers but did not release any data from the hack.
It may well be that the upcoming cloud storage solutions of iTunes and iCloud may be looking like rich pickings from hacking groups.
Tuesday 6th July – Fox news political Twitter account hacked.
On Tuesday, the Fox News political Twitter account began posting suspicious messages including tweets that said that the US president had been fatally wounded in a shooting. A hacker group calling themselves Scriptkiddies claimed responsibility for gaining access to the account. The group gained control of @foxnewspolitics, bragging about it on several Twitter accounts (now suspended).
“BREAKING NEWS: President @BarackObama assassinated, 2 gunshot wounds have proved too much. It’s a sad 4th for #america. #obamadead RIP
Fox News said that they were working with Twitter to address the situation “We will be requesting a detailed investigation from Twitter about how this occurred, and measures to prevent future unauthorized access into FoxNews.com accounts”, said Jeff Misenti, vice president and general manager of Fox News Digital.
The US Secret Service are also looking into the attack.
Tuesday 5th July – PayPal UK Twitter Account Hacked
Also reported on Tuesday was news of another hack, the Twitter account of Paypal UK this time. The hacked account was then used to post links to a. Anti-Paypal site called paypalsucks.com which describes itself as “exposing the nightmare of doing business ‘the PayPal way.”
“This account was hacked earlier. We have it in our control now. Your personal data is still 100% safe, hack occurred on Twitter not PayPal,” tweeted PayPal UK after regaining control of the account late Tuesday.
The tweets were later removed by PayPal UK.