Hackers sell access to military and government websites

The firm's HII - hacker intelligence initiative - has unearthed evidence that dozens of sites are up for sale, including defence and state sites in the US and Europe.

According to a team led by Noa Bar Yosef, Imperva's senior security strategist, high-profile sites such as the official Italian government website (http://itcgcesaro.gov.it), the Department of Defense Pharmacoeconomic centre (http://pec.ha.osd.mil/) and even the US Army, Communications-Electronics Command (CECOM) (http://cecom.army.mil ) are available.

In a security blog posting, Rob Rachwald of Imperva says that the hacker has put up a range of sites for anything between $55 and $499.

Imperva's research team also claims to have discovered that the hacker was also offering personal information from the hacked websites at $20 per 1000 records.

"The hacker is also selling info personally identifiable information from hacked sites, for $20 per 1K records", says the blog, citing an example of "a list of UConn staff".

Imperva's post is complete with screenshots, which the hacker claims as a proof of access.

According to Rachwald, the victim sites' vulnerabilities were probably obtained by an SQL injection vulnerability automatic scanner and exploited in automated manner, as the hacker published his methods in a post in some hacker forum.

"In the screen shot [here] we can see IRC chat between the SQLi "master" = @evil which issues the scanning commands and the exploiting "x0owner" which performs the commands", says the Imperva blog.

"In this specific case @evil issues command for to x0wner to obtain DB tables names (!tbls) from vulnerable link (www.site.gr/athlete.php?id=...) x0wner reports its findings - the tables 'activities','admin'," the blog notes.

Security researcher Brian Krebs picked up Imperva's research over the weekend, detailing a lot of the site information that Rachwald chose to block out in his blog.

In his security blog, Krebs said that he finds it ironic that one of these sites allegedly for sale is the Department of Defense Pharmacoeconomic Center, which is a DoD site tasked with 'improving the clinical, economic, and humanistic outcomes of drug therapy in support of the military health system'.

"In all likelihood, if access to this site is purchased, it will be by someone looking to plant links to rogue online pharmacies of the sort frequently advertised in junk e-mail", said Krebs.

"People who get paid to promote these rogue pharmacies typically do so by hacking legitimate websites and including links back to fly-by-night pharma sites, and they particularly like dot-mil, dot-gov and dot-edu sites because search engines tend to treat links coming from those domains with more authority than random .com sites", he added.

Krebs also noted that the 'Undetected Private Java Driveby Exploit' that the hacker is selling is "none other than the social engineering trick I blogged about last week."

What’s hot on Infosecurity Magazine?