|
The Web Hacking Incidents Database
Last update:17 February 2008
List of Incidents for a Classification
Please note that classifications are a new feature and not all entries in WHID are already classified, so when you get a certain number of entries for a classification, WHID might have more records matching that classification that we did not classify yet. We hope to complete the classification process soon.
Select classification:
Attack Method, Country, Location, Origin, Outcome, Software, Vertical Select criteria for classification "Vertical":
Education, Entertainment, Finance, Government, Health, Information Services, Internet, Marketing, Media, Politics, Retail, Security & Law Enforcement, Service Providers, Sports, Technology
List of incidents for which Vertical is Government
15 incidents listed
Reported: 17 February 2008Occurred: 31 January 2008
Classifications:
- Attack Method: Unknown
- Country: Greece
- Outcome: Defacement
- Vertical: Government
This is yet another case of defacement of a governmental web site. It is amazing to note it is nearly never the large commercial and financial web sites that are defaced. It is either small mom and dad shops or government and political web sites. Don't you get the feeling the government IT is run like a mom and dad shop? Do you wonder if it is only the IT part that is run that way?
References:
Reported: 12 February 2008Occurred: 11 February 2008
Classifications:
- Attack Method: Unknown
- Country: Ecuador
- Outcome: Defacement
- Vertical: Government
Was it defaced or not? In this extraordinary incident, a hacker broke to the web site of the Ecuadorian president and said nice things about him. So nice in fact that the presidential office had to apologize in front of the opposition leader. Was it a hack or an over enthusiastic marketing person?
References:
Reported: 28 January 2008Occurred: 06 January 2008
Classifications:
- Attack Method: SQL Injection
- Country: USA
- Outcome: Planting of Malware
- Outcome: Defacement
- Vertical: Government
You dfon
References:
Reported: 01 January 2008Occurred: 09 November 2007
Classifications:
- Attack Method: SQL Injection
- Country: Brazil
- Country: USA
- Origin: Russia
- Outcome: Planting of Malware
- Vertical: Government
RBN was a big story. It was a hackers group that could work relatively freely in Russia due to rumors connections in high windows. This way it could allow safe hosting for malware. For getting people to the malware they penetrated web sites around the world, and the references article mentioned SQL injection as the method they infiltrated more high profile sites such as US government sites.
References:
Reported: 19 December 2007Occurred: 14 December 2007
Classifications:
- Attack Method: Unknown
- Country: France
- Country: Libya
- Outcome: Planting of Malware
- Vertical: Government
To iframe or not to iframe, this is the question. As malware becomes more popular, the number of incidents, mostly insignificant, in which malware was planted on a hacked site is rising and WHID is not the right place to list all of them. We currently report such incidents if the hacked site is of interest or if the attack method is known.
References:
Reported: 19 December 2007Occurred: 01 December 2007
Classifications:
- Attack Method: Credential/Session Prediction
- Country: Canada
- Outcome: Disclosure Only
- Vertical: Government
The Web site of the Canadian passports authority enables users to access others' record by modifying a value of a parameter in the URI.
References:
Reported: 07 November 2007Occurred: 11 September 2007
Classifications:
- Attack Method: Unknown
- Country: New Zealand
- Outcome: Information Warfare
- Outcome: Leakage of Information
- Vertical: Government
An attack on New Zealand government web sites required New Zealand Prime Minister, Helen Clark to comment and ensure the public that no confidential information was stolen. However official sources in New Zealand confirm attacks were carried out by unnamed, but known, foreign governments on New Zealand government web site that resulted in stealing of information.
References:
Reported: 03 September 2007Occurred: 29 August 2007
Classifications:
- Attack Method: Unknown
- Country: Spain
- Outcome: Defacement
- Vertical: Government
Yet another defacement, and as usual in the political arena.
However, this one is worth a note as the attack is very targeted, while
usually such political defacements are carried quote randomly against
sites loosely related to the opponent and usually has little to do with
the actual message the attackers want to convey. In this case the
defacement seems to be a direct response to the hot debate about
housing prices in Spain.
References:
Reported: 02 September 2007Occurred: 20 August 2007
Classifications:
- Attack Method: Known Vulnerability
- Country: USA
- Outcome: Defacement
- Vertical: Government
Defacements seem to dominate the list recently, probably because they reach everywhere. Two important conclusions from this particular one are that patch management is a key problem and that it is a problem mainly at government sites across the world.
References:
Reported: 13 August 2007Occurred: 12 August 2007
Classifications:
- Attack Method: SQL Injection
- Country: United Nations
- Outcome: Defacement
- Vertical: Government
Defacements are usually beyond the scope of the Web Hacking Incidents Database. We only publish those that stand out, and this one certainly stands out.
The site of the United Nations was broken into and defaced using a pretty basic SQL injection technique, and the referenced article has all the details
References:
Reported: 22 July 2007Occurred: 20 July 2007
Classifications:
- Attack Method: Unknown
- Country: Thailand
- Outcome: Defacement
- Vertical: Government
While defacements are usually not the bread and butter of this database, when it hits an important government site, especially of a ministry in charge of information technology, it is worth mentioning it.
References:
Reported: 17 June 2007Occurred: 13 June 2007
Classifications:
- Attack Method: Insufficient Authentication
- Country: Jamaica
- Country: USA
- Outcome: Deceit
- Vertical: Government
If you live in a country from which you need a Visa to get to the states, you knew this would happen. The US online Visa appointment system is very open. Indeed too open. Someone in Jamaica took advantage of this to pre-allocate appointments.
While this might be classified as a business process design flaw, isn't security also about this?
References:
Reported: 12 June 2007Occurred: 10 June 2007
Classifications:
- Attack Method: Unknown
- Country: India
- Outcome: Defacement
- Vertical: Government
The web site of the chief minister of Kerala (an Indian State) was hacked and defaced. The local police has contacted the Interpol to help in finding who is behind the web site hacking.
References:
Reported: 23 April 2007Occurred: 23 April 2007
Classifications:
- Attack Method: Unintentional Information Disclosure
- Country: USA
- Outcome: Leakage of Information
- Vertical: Government
Details about 63,000 loans granted to farmers by USDA (The US department of agriculture) where posted online by mistake.
References:
Reported: 26 March 2007Occurred: 03 January 2007
Classifications:
- Attack Method: Unknown
- Country: USA
- Outcome: Leakage of Information
- Vertical: Government
On January 3, a hacker broke into Indiana's government web site and made off with personal information for 71,000 health care aides who obtained certifications from the state, as well as 5,600 credit card numbers from people who had paid the state through the IN.gov web site. While officials in Indiana tried to write it off as a harmless prank played by a teenager, the U.S. Department of Justice has also been investigating the case, and they believe the same hacker is responsible for attempts on other state government web sites.
References:
This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
|
