TrustWave WebDefend Static Database Password
http://packetstormsecurity.org/files/view/101744/twwebdefend-passwd.txt
Hackers broke into Lockheed Martin networks & U.S. defense contractors ! : The Hacker News ~ http://www.thehackernews.com/2011/05/hackers-broke-into-lockheed-martin.html
The Oak Ridge National Laboratory Hacked ! : The Hacker News ~ http://www.thehackernews.com/2011/04/oak-ridge-national-laboratory-hacked.html
Pakistan Air Force Server Hacked by Code Breaker/Lucky (Indishell) : The Hacker News ~ http://www.thehackernews.com/2011/04/pakistan-air-force-server-hacked-by.html
Cambridge Networks hacked by Shak [PCA] : The Hacker News ~ http://www.thehackernews.com/2011/04/cambridge-networks-hacked-by-shak-pca.html
Cyber Detective & Cyber Force Hacked By Shadow008 (PakCyberArmy) : The Hacker News ~ http://www.thehackernews.com/2011/05/cyber-detective-cyber-force-hacked-by.html
The above were hacked/defaced over the last two months. What is the first thought that goes through your head when you read headlines like this?
The first thought/question from most people would probably be something along the lines of, what are they doing? If they can’t protect themselves how are they going to help us?
Good questions. But that’s not what I want to point out. What I want to point out is that even the most “secure” of us are vulnerable to attacks.
When we think security we probably think NSA, FBI, blah blah blah… right? What about the attackers? Aren’t they secure?
The really good attackers/hackers will not engage others before they themselves have established a good defense. However, even with all of the time and preparation taken to set up a good defense there almost always is a whole, a crack or a weak spot that another attacker/hacker will find and exploit.
Following are a few examples:
http://www.thehackernews.com/2011/05/pakistan-cyber-army-got-hacked-by.html
http://www.thehackernews.com/2011/04/innobuzz-ethical-hacking-training.html
http://www.thehackernews.com/2011/05/anonymous-irc-networks-ircanonopsnet.html
http://www.thehackernews.com/2011/05/ethical-hacking-services-appin-security.html
http://www.thehackernews.com/2011/05/skidhackercom-underground-hackingnet.html
http://www.thehackernews.com/2011/05/hackers-got-hacked-hackingtipsin-hacked.html
http://packetstormsecurity.org/news/view/19168/Net-Pirate-Monitoring-Firm-Hacked.html
http://www.thehackernews.com/2011/05/hackmeoutnet-hacked-by-shadow008.html
http://www.thehackernews.com/2011/05/underground-security-forums.html
I understand that some of the links above are not “hacking groups” but they teach “hacking” and therefore fall under the same category for this example.
My point to all of this is that it’s not just small businesses or even large businesses being targeted, everyone is a target.
Hacker groups have always had turf wars but we are only now seeing how wide spread it is because the hacks are being reported in the media.
Nobody is safe from hackers, not even the hackers themselves. The sooner we learn this lesson the sooner we can pull our heads out of our butts and implement security measures that actually work. However, we can not simply implement something and think it's going to be ok on its own. Once we implement something we need to make sure we are being diligent in tweaking and verifying that the implemented security measure is actually working.
