|
The Web Hacking Incidents Database
Last update:17 February 2008
List of Incidents for a Classification
Please note that classifications are a new feature and not all entries in WHID are already classified, so when you get a certain number of entries for a classification, WHID might have more records matching that classification that we did not classify yet. We hope to complete the classification process soon.
Select classification:
Attack Method, Country, Location, Origin, Outcome, Software, Vertical Select criteria for classification "Attack Method":
Abuse of Functionality, Administration Error, Brute Force, Buffer Overflow, Content Spoofing, Credential/Session Prediction, Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS), Denial of Service, Directory Indexing, Drive by Pharming, Failure to Restrict URL Access, Format String Attack, HTTP Response Splitting, Improper Error Handling, Insecure Direct Object Reference, Insufficient Anti-automation, Insufficient Authentication, Insufficient Authorization, Insufficient Process Validation, Insufficient Session Expiration, Known Vulnerability, LDAP Injection, Misconfiguration, OS Commanding, Other, Path Traversal, Predictable Resource Location, Redirection, Session Fixation, Session Hijacking, SQL Injection, SSI Injection, Unintentional Information Disclosure, Unknown, Weak Password Recovery Validation, XPath Injection
List of incidents for which Attack Method is Unknown
51 incidents listed
Reported: 17 February 2008Occurred: 31 January 2008
Classifications:
- Attack Method: Unknown
- Country: Greece
- Outcome: Defacement
- Vertical: Government
This is yet another case of defacement of a governmental web site. It is amazing to note it is nearly never the large commercial and financial web sites that are defaced. It is either small mom and dad shops or government and political web sites. Don't you get the feeling the government IT is run like a mom and dad shop? Do you wonder if it is only the IT part that is run that way?
References:
Reported: 17 February 2008Occurred: 09 November 2007
Classifications:
- Attack Method: Unknown
- Country: India
- Outcome: Planting of Malware
- Vertical: Media
The web site of a leading Indian newspaper is swamped with malware. A recent survey by WebSense cites by the Register found that of the sites hosing malware, 51% where legitimate sites that have been broken into. This is a major shift in the threat landscape, since keeping to web sites that you know is no longer a good protection strategy. Anecdotally undermining WebSense own web site classification technology as a security solution.
References:
Reported: 12 February 2008Occurred: 11 February 2008
Classifications:
- Attack Method: Unknown
- Country: Ecuador
- Outcome: Defacement
- Vertical: Government
Was it defaced or not? In this extraordinary incident, a hacker broke to the web site of the Ecuadorian president and said nice things about him. So nice in fact that the presidential office had to apologize in front of the opposition leader. Was it a hack or an over enthusiastic marketing person?
References:
Reported: 10 February 2008Occurred: 09 February 2008
Classifications:
- Attack Method: Unknown
- Country: USA
- Outcome: Leakage of Information
- Vertical: Entertainment
Sensitive information about people who created an account on the site leaked and was published through IRC.
References:
Reported: 04 February 2008Occurred: 04 February 2008
Classifications:
- Attack Method: Unknown
- Country: USA
- Outcome: Leakage of Information
- Vertical: Finance
A computer hacker broke into the database of D.A. Davidson, a local Montana financial services firm and stole their entire customers' database: 226,000 records including names and social security numbers. Attack method is not known, but it seems very much like a web hack.
References:
Reported: 08 January 2008Occurred: 05 January 2008
Classifications:
- Attack Method: Unknown
- Country: USA
- Outcome: Leakage of Information
- Vertical: Retail
Very detailed records of geeks.com customers were stolen from the site. The records included name, address, telephone number, e-mail address, credit card number, expiration date, and most notoriously, card verification number (CVV). The interesting part is that the site had a Hacker Safe seal. The seal was revoked twice last year due to vulnerabilities, but restored after they where patched. It seems that this time the hack preceded the scan or the scan missed the vulnerability. So much for application scanning and vulnerability assessment.... And don't take it lightly as a geeks site. Geeks.com is a $150M/year business.
References:
Reported: 01 January 2008Occurred: 07 November 2007
Classifications:
- Attack Method: Unknown
- Country: India
- Outcome: Defacement
- Vertical: Service Providers
Yet another defacement, but this time at a very major telecommunication provider in India. These are the guys in charge of our network after all!
References:
Reported: 19 December 2007Occurred: 14 December 2007
Classifications:
- Attack Method: Unknown
- Country: France
- Country: Libya
- Outcome: Planting of Malware
- Vertical: Government
To iframe or not to iframe, this is the question. As malware becomes more popular, the number of incidents, mostly insignificant, in which malware was planted on a hacked site is rising and WHID is not the right place to list all of them. We currently report such incidents if the hacked site is of interest or if the attack method is known.
References:
Reported: 19 December 2007Occurred: 01 December 2007
Classifications:
- Attack Method: Unknown
- Country: USA
- Outcome: Leakage of Information
- Vertical: Education
The personal data of nearly 1,400 prospective Duke Law School students may have been stolen by a hacker from two separate databases, one including the prospective students' data and another filled with requests for information about the school.
References:
Reported: 19 December 2007Occurred: 30 September 2007
Classifications:
- Attack Method: Unknown
- Country: Germany
- Outcome: Leakage of Information
- Vertical: Retail
An unidentified group had stolen credit card numbers and billing addresses of the Hamburg, Germany ticket sales office Kartenhaus, a subsidiary of Ticketmaster. Some 66,000 customers who purchased tickets with a credit card from the Kartenhaus.de web site between October 24, 2006 and September 30, 2007 were affected.
References:
Reported: 21 November 2007Occurred: 20 November 2007
Classifications:
- Attack Method: Unknown
- Country: USA
- Outcome: Planting of Malware
- Vertical: Internet
A Crimeware iframe tag on a site is not news anymore. On Monster.com it is.
References:
Reported: 07 November 2007Occurred: 18 September 2007
Classifications:
- Attack Method: Unknown
- Country: USA
- Outcome: Leakage of Information
- Vertical: Media
Vertical Web Media, publisher of Internet Retailer magazine, suffered a security http://www.theregister.co.uk/2007/08/17/gentoo_disconnects_vulnerable_server/breach and credit card information of readers had been stolen. The Irony is that Internet Retailed magazine is covering the risks of e-commerce. While the actual technique used is not known, signs are that it was a web hack as it was done by a distributed network of bots all over the world and since the information stolen belonged to customers who paid online. The information stolen includes names, addresses, e-mail addresses, phone numbers, credit card account numbers and card expiration dates. The number of records stolen is unknown.
References:
Reported: 07 November 2007Occurred: 03 October 2007
Classifications:
- Attack Method: unknown
- Country: China
- Outcome: Planting Of Malware
- Vertical: Media
Defacement are a dime a dozen this days, and are not normally reported by WHID. Even invisible defacements in which sites are changed in order to infect their clients with malicious code are becoming too common. But this time it is the site of a security organization, and not just any one, but China's internet security organization. So in the light of the hot debate about china as the source of all hacking, we think that this story has a value.
References:
Reported: 07 November 2007Occurred: 11 September 2007
Classifications:
- Attack Method: Unknown
- Country: New Zealand
- Outcome: Information Warfare
- Outcome: Leakage of Information
- Vertical: Government
An attack on New Zealand government web sites required New Zealand Prime Minister, Helen Clark to comment and ensure the public that no confidential information was stolen. However official sources in New Zealand confirm attacks were carried out by unnamed, but known, foreign governments on New Zealand government web site that resulted in stealing of information.
References:
Reported: 29 October 2007Occurred: 28 October 2007
Classifications:
- Attack Method: Unknown
- Country: Global
- Outcome: Leakage of Information
- Vertical: Retail
A hacker gained access to names and encrypted credit card numbers of Arts.com. While the reason is not known, since the information is known to belong to online shoppers who made transactions from July to September we assume it was a web site breach.
References:
Reported: 17 October 2007Occurred: 09 October 2007
Classifications:
- Attack Method: Unknown
- Country: USA
- Outcome: Leakage of Information
- Vertical: Education
Information including birth date and social security number of 1400 students who enrolled online to the Montana State University has been stolen by hackers. While no technical explanation is provided, the fact that only students who enrolled online where affected points to a web site breach.
References:
Reported: 03 September 2007Occurred: 29 August 2007
Classifications:
- Attack Method: Unknown
- Country: Spain
- Outcome: Defacement
- Vertical: Government
Yet another defacement, and as usual in the political arena.
However, this one is worth a note as the attack is very targeted, while
usually such political defacements are carried quote randomly against
sites loosely related to the opponent and usually has little to do with
the actual message the attackers want to convey. In this case the
defacement seems to be a direct response to the hot debate about
housing prices in Spain.
References:
Reported: 03 September 2007Occurred: 02 September 2007
Classifications:
- Attack Method: Unknown
- Country: India
- Outcome: Planting of Malware
- Vertical: Finance
This very serious hacking incident provides insight into a lot
of the failures information security in general and web application
security particularly beyond the simple fact that the web site of the
largest state owned bank in India was invisibly defaced with Trojan
inflicting code.
Firstly, the entire discussion in the references is about the
Trojan payload, with no word about the vulnerability that led to the
defacement. Actually a reviewer on the SiteAdvisor report gives the
green mark to the web site after the Trojan is removed, without
requiring any information about the actual problem.
Secondly, most trust systems, including SiteAdvisor,
completely fail to detect the breach. Which makes me think about those
trust models: they check that the site was not breached, while they
should check that the site is not vulnerable. I guess the reason is
that their primary goal is to detect intentionally malicious sites and
not breaches is normative sites, but others use them to assess the
level of security of the later.
References:
Reported: 30 August 2007Occurred: 24 July 2007
Classifications:
- Attack Method: Unknown
- Country: Peru
- Outcome: Defacement
- Vertical: Politics
Defacements seem to start dominating this list. Alas, they are the most obvious web site hacks out there. While not every defacement is reported in the Web Hacking Incidents Database, key ones are. I included this one since the attacked web site is significant, and since it emphasizes what is becoming a major goal of attacking: politics and international affairs.
As a side note, this incident is also interesting because it was repeated after discovered and presumably fixed, which goes a long way to show how much effort there is in protecting web sites and how difficult it cab be.
References:
Reported: 22 July 2007Occurred: 20 July 2007
Classifications:
- Attack Method: Unknown
- Country: Thailand
- Outcome: Defacement
- Vertical: Government
While defacements are usually not the bread and butter of this database, when it hits an important government site, especially of a ministry in charge of information technology, it is worth mentioning it.
References:
Reported: 01 July 2007Occurred: 15 June 2007
Classifications:
- Attack Method: Unknown
- Outcome: Leakage of Information
Somebody snitched names, social security number and birth dates of approximately 1500 students at the vet school of UC Davis. Indication is that the web application used by the students was as fault. The school's web site described the incident as a result of "the computer attacker being able to manipulate a university computing application to accept unauthorized commands". A disgruntled cow?
References:
Reported: 26 June 2007Occurred: 22 June 2007
Classifications:
- Attack Method: Unknown
- Country: Belgium
- Outcome: Defacement
- Vertical: Security & Law Enforcement
As you may know, defacement usually do not find their way to WHID, especially if the method used is not known. However, since in this case the victim was the Belgian police, I though it is worth including.
References:
Reported: 12 June 2007Occurred: 10 June 2007
Classifications:
- Attack Method: Unknown
- Country: India
- Outcome: Defacement
- Vertical: Government
The web site of the chief minister of Kerala (an Indian State) was hacked and defaced. The local police has contacted the Interpol to help in finding who is behind the web site hacking.
References:
Reported: 12 June 2007Occurred: 19 April 2007
Classifications:
- Attack Method: Unknown
- Country: USA
- Outcome: Leakage of Information
- Vertical: Education
An undisclosed vulnerability in a web application at the University of Virginia allowed hackers to access names, social security numbers and birth dates of faculty members from May 2005 until April of 2007. Approximately 5700 records where stolen in 54 distinct break-ins.
References:
Reported: 12 June 2007Occurred: 19 May 2007
Classifications:
- Attack Method: Unknown
- Country: USA
- Outcome: Leakage of Information
- Vertical: Education
Approximately 1100 students and faculty members' personal information records which includes social security numbers were exposed by a vulnerable web application at the Molecular and Cellular Biology program at the University of Iowa. The report suggests that the application was actually compromised.
References:
Reported: 02 April 2007Occurred: 21 February 2007
Classifications:
- Attack Method: Unknown
- Country: USA
- Outcome: Leakage of Information
- Vertical: Education
The personal information of about 3,000 current and former Georgia Tech employees may have been compromised. The informatoin included names, addresses, Social Security numbers and other sensitive information, including about 400 state purchasing card numbers.
References:
Reported: 30 March 2007Occurred: 27 November 2006
Classifications:
A small credit union web site was hacked and the traffic redirected to a pharming site. About 180 users where redirected, out of which 12 where tricked into providing their personal information to the attackers. $500 are known to have been stolen from one of the victims.
References:
Reported: 30 March 2007Occurred: 02 February 2007
Classifications:
- Attack Method: Unknown
- Country: USA
- Outcome: Planting of Malware
- Vertical: Sports
Hackers penetrated the Dolphins stadium web site just days before the Super Bowl was held there and modified the home page to include a Trojan inflecting script.
References:
Reported: 29 March 2007Occurred: 23 February 2007
Classifications:
- Attack Method: Unknown
- Country: USA
- Outcome: Leakage of Information
- Vertical: Retail
Names and social security numbers of former employees of Fruit of the Loom where available for download from the company's web site.
References:
Reported: 29 March 2007Occurred: 18 February 2007
Classifications:
- Attack Method: Unknown
- Country: USA
- Outcome: Identity Theft
- Outcome: Monetary Loss
- Outcome: Leakage of Information
- Vertical: Retail
11,500 credit card numbers have been stolen from the web site of Johnny's Selected Seeds a small ($13M in revenue per annum) on line vendor of seeds in Main. 20 of these are known to have been abused. As usual, the hack was discovered because of fraudulent use of stolen credit cards rather than security measures used protect the web site.
The direct cost of the breach, informing customers, researching the incident and upgrading the protection of the web site cost the company tens of thousands of dollars.
References:
Reported: 26 March 2007Occurred: 03 January 2007
Classifications:
- Attack Method: Unknown
- Country: USA
- Outcome: Leakage of Information
- Vertical: Government
On January 3, a hacker broke into Indiana's government web site and made off with personal information for 71,000 health care aides who obtained certifications from the state, as well as 5,600 credit card numbers from people who had paid the state through the IN.gov web site. While officials in Indiana tried to write it off as a harmless prank played by a teenager, the U.S. Department of Justice has also been investigating the case, and they believe the same hacker is responsible for attempts on other state government web sites.
References:
Reported: 22 March 2006Occurred: 16 March 2006
Classifications:
A musical instrument and sound gear Web site that advertises its relationship with artists such as Dave Matthews, Carlos Santana and Mary J. Blige was breached and notified some customers that their credit card information may have been stolen.
References:
Reported: 22 March 2006Occurred: 13 February 2006
Classifications:
A site of a minor league baseball team was hacked and personal details of fans was stolen.
References:
Reported: 26 February 2006Occurred: 01 October 2003
Classifications:
A person convicted of blackmailing Best Buy. He threatened to expose a breach in the company's web site if not paid $2.5 million.
References:
Reported: 26 February 2006Occurred: 27 December 2005
Classifications:
- Attack Method: Unknown
- Outcome: Disclosure Only
Web site used to file online for housing at KU was shutdown for lack of proper security measures to prevent visitors from viewing personal information about others
References:
Reported: 26 February 2006Occurred: 21 December 2005
Classifications:
User data stolen from an online game web site. The hacker tried to extort RPG by threatening to publish the users' data. The news item states that the hack was a result of a flaw in custom web site software.
References:
Reported: 26 February 2006Occurred: 09 December 2005
Classifications:
A UK Church charity web site was hacked and at least 3000 credit card numbers where stolen. Credit card information is known to have been used by the hackers. While no specific details are given, the article indicates that the way site was hacked.
References:
Reported: 12 September 2005Occurred: 08 September 2005
Classifications:
- Attack Method: Unknown
- Attack Method: Denial of Service
Teen convicted of threatening an ISP with DOS attack, among other computer hacking activities
References:
Reported: 12 September 2005Occurred: 07 September 2005
Classifications:
A 12 years old guess login information of a woman and abused her account, stealing game items from her.
References:
Reported: 08 August 2005Occurred: 29 July 2005
Classifications:
A bug in an eBay site allowed Phishers to redirect users to their own servers after feeling details at the genuine eBay site
References:
Reported: 04 August 2005Occurred: 01 August 2005
Classifications:
References:
Reported: 04 August 2005Occurred: 31 July 2005
Classifications:
Official answer from Blogger. "This was not the result of a hack attempt but of a subtle bug that occurred because our Developer's Network blog is a special case [it's got two names, 'code.blogger.com' and 'code.blogspot.com'].
References:
Reported: 31 July 2005Occurred: 26 July 2005
Classifications:
A man hacked into a competing web site
References:
Reported: 15 July 2005Occurred: 15 July 2005
Classifications:
References:
- Firefox marketing site hacked
News Story, Zdnet, 15 July 2005
- Firefox marketing site hacked
News Story, C-Net, 15 July 2005
- Promotional firefox community site hacked
News Story, ars technica, 15 July 2005
- SpreadFirefox Site Hacked, Data Leaked
News Story, eWeek, 15 July 2005
- Spread Firefox Downtime
Official Response, Spread Firefox, 15 July 2005
- Mozilla marketing site hacked
News Story, Network World, 15 July 2005
Reported: 11 July 2005Occurred: 06 July 2005
Classifications:
Microsoft UK site defaced due to server misconfiguration
References:
Reported: 11 July 2005Occurred: 12 January 2005
Classifications:
- Attack Method: Unknown
- Outcome: Disclosure Only
Parameter tampering enabled exposing sensitive information in G-Mail
References:
Reported: 08 April 2005Occurred: 08 March 2005
Classifications:
- Attack Method: Unknown
- Outcome: Disclosure Only
An undisclosed application security issue on Cisco web site required resetting passwords for all registered users.
References:
- Cisco.com passwords reset after Web site exposure
News Story, Computer World, 08 March 2005
- Cisco Web Site Breached by Hackers
News Story, Beta News, 08 March 2005
- Cisco warns customers of site breach
News Story, Cnet, 08 March 2005
- Cisco Connection Online Compromised?
Mirror of Victim's Response, TaoSecurity Blog, 08 March 2005
- Cisco Web Portal Password Security Compromised
News Story, eWeek, 08 March 2005
Reported: Occurred: 29 July 2005
Classifications:
References:
Reported: Occurred: 03 June 2005
Classifications:
The web site was modified to include password stealing code
References:
Reported: Occurred: 29 November 2002
Classifications:
A company put its earnings report on site before its official release, but did not linked to it. Reuters found the document and published it.
References:
Reported: Occurred: 05 June 2005
Classifications:
References:
This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
|
