Wednesday, November 10, 2010

TOP 5 HACKING ATTACKS OF 2010 (so far) - A hackingalert exclusive survey

It has been a busy year for both hackers and security administrators as lot of new hacks and flaws came into lime light in 2010. There have been as big attacks as stealing gmail id's to small attacks like defacing 19th commonwealth website. Many countries have been the source to such attacks but China was the leader . They carried out massive war drive hacking attacks on various American government agencies and companies as well as Indian government bodies as well.
Here we have compiled the top attacks of 2010 . This list is not only based on the number of users affected but also the level of difficulty and technique used in the performing the attack.

Number 1

Operation Aurora

Operation Aurora is a cyber attack which began in mid-2009 and continued through December 2009.The attack was first publicly disclosed by Google on January 12, 2010, in a blog post.In the blog post, Google said the attack originated in China.
The attack has been aimed at dozens of other organizations, of which Adobe Systems,Juniper Networks and Rackspace have publicly confirmed that they were targeted. According to media reports, Yahoo, Symantec, Northrop Grumman and Dow Chemical were also among the targets.
As a result of the attack, Google stated in its blog that it plans to operate a completely uncensored version of its search engine in China "within the law, if at all", and acknowledged that if this is not possible it may leave China and close its Chinese offices. Official Chinese media responded stating that the incident is part of a U.S. government conspiracy.
The attack was named "Operation Aurora" by Dmitri Alperovitch, Vice President of Threat Research at cyber security company McAfee. Research by McAfee Labs discovered that “Aurora” was part of the file path on the attacker’s machine that was included in two of the malware binaries McAfee said were associated with the attack. "We believe the name was the internal name the attacker(s) gave to this operation," McAfee Chief Technology Officer George Kurtz said in a blog post.
According to McAfee, the primary goal of the attack was to gain access to and potentially modify source code repositories at these high tech, security and defense contractor companies. “[The SCMs] were wide open,” says Alperovitch. “No one ever thought about securing them, yet these were the crown jewels of most of these companies in many ways — much more valuable than any financial or personally identifiable data that they may have and spend so much time and effort protecting."


AT&T website hack

Black hat hackers have exploited a security flaw on AT&T's web servers which enabled them to obtain email addresses from the SIM card addresses of iPad 3G users. (Updated with statement from AT&T) 

The breach, profiled in a report by Gawker, described the event as "another embarrassment" for Apple and outlined a variety of high profile individuals whose email addresses were obtained by automated script attacks on AT&T's web server based on their iPad 3G SIM addresses (ICC ID).

The publication claimed that the identifying information meant that thousands of iPad 3G users "could be vulnerable to spam marketing and malicious hacking," while also pointing out that many users have actually already published their iPad ICC ID numbers in Flickr photos. Presumably, many of them also have public email addresses and therefore already receive spam like the rest of us. 

The attack on AT&T's web servers resulted in at least 114,000 iPad 3G users' emails being leaked to the hackers, who were coy about wether or not they were planning to enable others to access the data. The security leak, which returned a user's email address when their ICC-ID was entered via a specially formatted HTTP request, has since been patched.

The group automated requests of the email address information for a wide swath of ICC-ID serial numbers using a script. No other information was discovered.


XSS Attack on social network - ORKUT and Twitter

This year has been a tough one for various social network giants ; not in terms of attracting visitors but in terms of securing themselves. This year there was a series of attack, first it was on the microblogging website Twitter  and few days later on Google's social network Orkut.
Hacknigalert provided fast solution for preventing against the threat.
Both these sites were made target through cross site scripting(XSS) attack called "BOM SABADO"  in which orkut was most sevierly  hit by a virus that spreaded from one friendlist to another through the message passing system of orkut called the "scrapbook".
The attack was officially announced the next day by google on its security blog and was soon removed from all the scrapbook and the flaw was fixed.
There was no such information of weather user accounts were stolen or some other theft but it left a bad impression on the orkut fans that too at a time when they are facing a tough competition with facebook. This was evident from the facebook's recent report which said that it has surpassed orkut in terms of users in india which is the second biggest user market for orkut.


Hacking of E-commerce company - DIGITAL RIVER

E-commerce company Digital River exposed data belonging to almost 200,000 individuals after hackers executed a “highly unusual search command” against its secured servers, according to a news report.
The breach came to light only after a 19-year-old New York man allegedly tried to sell the purloined data for as much as $500,000, The Minneapolis Star-Tribune reported Friday. After Eric Porat made repeated attempts to persuade a company called Media Breakaway to buy the information, company officials alerted their counterparts at Digital River, the paper reported, citing court documents. A federal grand jury is investigating the matter with help from the FBI.

The data contained names, email addresses, websites, and unique user-identification numbers for 198,398 individuals. It was originally gathered by affiliated marketing companies using software offered by Digital Rivers subsidiary Direct Response Technologies and stored on password-protected servers.
It was stolen in late January using a “highly unusual” search command. The report didn't elaborate.
Porat, who lives at home with his parents, allegedly claimed to offer the data to the highest bidder. He told the CEO of Media Breakaway he obtained it from a former Digital River consultant, who managed to siphon it off the servers when security systems were taken down temporarily.
Orders filed under seal last month block Porat from selling, destroying, altering, or distributing the data. Documents in the case were unsealed on Wednesday, but court documents weren't available online at time of writing.


Data theft of 3.3M users from a student loan firm ECMC

The information of 3.3 million people has been stolen from a student loan company that guarantees loans nationally.

A press release from Educational Credit Management Company(ECMC) says that while no bank account or other financial account information was included in the data, details stolen include names, addresses, dates of birth and social security numbers.
Funnily enough it would seem that the data was stolen the old-fashioned way; ECMC said the theft involved portable media and occurred at its headquarters the weekend of March 20-21.
The Washington post cites Paul Kelash, a spokesman for ECMC, who says the number of borrowers affected in Virginia is 628,038; in Maryland, 76,939; and in the District, 17,553. Though ECMC is designated as the guaranty agency for Virginia, another spokesman for the company, Dave Hawn, told WP that "the designation is nominal" and the number of Virginia loans is more a reflection on the long history there.
ECMC has teamed up with Experian to offer those affected a suite of free credit protection services. These include 12 months of comprehensive credit protection services, access to certified ID theft specialists and insurance against ID theft.


  1. Hello friend!
    My lecturer told me that, once we logged into facebook, we were actually letting vulnerable viruses attacking our computer, and the viruses are undetectable by any of the antivirus. Is it true? I read your profile, and you're a information technology student, i bet you know something about this :)

  2. This is not at all true..every website has certain standards that they follow and in no way they can run malicious codes on your computer. Its entirely safe to login to facebook or any such high profile site..They are very secure and they will not do any such activity that can hamper their creditability. The only thing that they is store cookies which they use to store your prefrences and settings.

  3. fuhh~ good to know bout that~ thanks abhinav!

  4. but the tird party applications cannot be trusted ,the apps ,can get ur session cookies and can do a exreeme damaged ,these apps can even redirect to other websites ,were malacious scripts may be running ....

  5. I’m wondering why the other specialists of this sector don’t realize this. You must proceed your writing. I’m confident, you’ve a great readers’ base already!
    Survey Software