Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

A hacker claims to have stolen credentials to a bunch of US government sites ― ...

$
0
0

A hacker claims to have stolen credentials to a bunch of US government sites ―  ...
US Navy

A hacker is selling stolen credentials that purportedly give access to servers of the US Navy, Centers for Disease Control, US Postal Service, and other US government sites.

Listings for the accounts were found recently by Tech Insider on a dark web marketplace called The Real Deal, a popular site many cyber criminals use for buying and selling everything from illegal drugs to zero-day software exploits. It's unclear when the postings were made, since the site offers no dates for when sellers create their listings.

In all, the seller "popopret" wasoffering file transfer protocol (FTP) access to servers of noaa.gov (National Oceanic and Atmospheric Administration), usps.gov (The US Postal Service), cdc.gov (Centers for Disease Control), jpl.nasa.gov (NASA Jet Propulsion Laboratory), and navy.mil (US Navy).

Prices range from .5 Bitcoin ($329) for the CDC to 3.5 Bitcoin for the Navy, or about $2,300 at current market rates.

Popopret told Tech Insiderthe credentials were acquired by "sniffing a botnet," which suggests the hacker had hijackeda large number of computers (a botnet) and was actively keeping an eye onthem ( sniffing ) for interesting traffic being passed through, such as usernames, passwords, anddocuments.

Neither this claim norwhether the seller's credentials are legitimate could be independently verified by TI. However, it's worth noting that The Real Deal is often the source of major data breaches and hacker exploits. And thesite allows payments to be placed into escrow, so a buyer can confirm what they are buying is as described before their money is transferred to the seller.


A hacker claims to have stolen credentials to a bunch of US government sites ―  ...
The Real Deal

What the purportedcredentials can actually be used for also remainsunclear.

Since the seller is offering accounts for either FTP (file transfer protocol) or SFTP (secure file transfer protocol), it's likely these give access to the backend of public-facing websites. Web developers typically upload changes to websites via FTP, so a hacker with that same level of access could deface a website by replacing afile with one of their own.

For instance, a hacker could potentially connect to the CDC server and upload a new homepage with a hoax warning of a dangerous Ebola outbreak in the US, or to the Jet Propulsion Laboratory with a fakedmessageclaiming that a devastating asteroid was headedtoward Earth. While such defacements would likely be corrected quickly, they havethe potential to bemarket-moving events.

Still, a hacker could move on to other things if the user accounts being sold are at a higher level.

"If you had root access, you should be able to ... do whatever you wanted," a hacker told Tech Insideron condition of anonymity, since he is a " grey hat " who wants to maintain personalsecurity. "I would personally save the server to attack another site from a .mil," he added, meaning that he could potentially hack into some other network that would likely trace the intrusion back to the US government.

Tech Insider reached out to all of the government agencies with purported credentials being sold. The Centers for Disease Control, Jet Propulsion Laboratory, and US Navy declined to comment.

The US Postal Service told Tech Insider its corporate information security office would conduct "criminal investigations into these activities."

TheNational Oceanic and Atmospheric Administration provided the following statement:

"NOAA takes all cyber threats seriously," Ciaran Clayton, a spokesperson for NOAA, told Tech Insider. "Our Cyber Security Division reviewed the purported NOAA File Transfer Protocol sites found for sale online in the Dark Web. NOAA has concluded that these are not valid sites, and the agency is under no risk for any cyber vulnerability."


Viewing all articles
Browse latest Browse all 12749

Trending Articles