Hacking group announces presence with AMD, Philips attacks
Even large, tech-savvy companies are struggling to keep employee and customer passwords protected.
Ever since Anonymous and LulzSec proved that cybercriminals could achieve celebrity status on the web, there has been a consistent stream of hackers trying to make a name for themselves by disrupting the operations of high-profile companies. The latest addition to this list is "r00tbeer," a four-man team which arrived on the scene after successful intrusions of computer chip maker Advanced Micro Devices (AMD) and Dutch electronics giant Philips.
A basic breach
The group signaled its intentions last week on its newly created Twitter feed, suggesting that its next target would be a "large company." The hackers made good on their promise by taking AMD's company blog offline and stealing a database full of staff information. According to eWeek, r00tbeer stamped its success by leaving an original logo on the compromised AMD webpage as well as a link to a tweet that provided further news on where the stolen data would be dumped.
In the immediate aftermath, the company posted a message suggesting that the blog site was being taken offline for routine maintenance before ultimately shutting down the site.
"We believe that the attackers posted less that 200 registered usernames and salted password hashes to a hacker website," AMD officials explained in a statement emailed to eWeek. "AMD uses salted password hashes, which is an industry best practices for encryption and extremely difficult to crack."
Company spokesmen also insisted that no customer data, personal information or employment records where stored anywhere on the compromised website and that AMD would fulfill its commitment to data security and privacy by launching a full investigation into the matter.
According to ZDNet, the WordPress platform powering AMD's company blog may have been its saving grace in this instance. In 2007, WordPress made the switch from storing passwords as unsalted MD5 hashes to a more robust hashing framework called phpass. As a result, decrypting and retrieving plain text passwords from a database dump would be a much more labor-intensive task for hackers.
A more elaborate attack
Although the AMD attack may have been a rather trivial incident, r00tbeer found a more vulnerable target with its strike on Philips. According to TechWeek Europe, the hackers cracked the code to company databases and eventually posted nearly 200,000 email addresses. They also made off with seven SQL tables containing customer names, home addresses, birthdays and account passwords.
Perhaps most troubling, much of this information had been stored in plain text. For instance, the email addresses of approximately 350 Italian customers who recently purchased TVs from Philips had their email addresses and passwords posted in clear view in the database dump.
As one independent security analyst found out, even some of the data sets that contained hashed passwords were not impenetrable. According to TechWeek, the white hat hacker successfully decoded nearly 150 passwords within two minutes by using basic software and guessing popular combinations including "1234," "qwerty," and "philips."
The electronics manufacturer was able to mitigate short-term concerns by revealing that much of the information posted via r00tbeer was likely the same data from an earlier breach of Philips' systems in February. But according to TechWeek, data protection experts are still wondering why customer records were being stored on certain company micro-sites and how they were left without the benefit of the industry best practice encryption model of salted hashes.
Although r00tbeer's motives are still unclear and its initial foray into high-profile hacking yielded relatively tame results, the group's success is yet another reminder that even some of the world's largest and most technically proficient companies still have room for improvement when it comes to locking down employee and customer data.
Data Security News from SimplySecurity.com by Trend Micro
Spotlight
Cloud Computing
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- Businesses demand stronger app security
- Twitter now offers two-factor authentication
- DHS needs better sharing plan, experts say
- Cloud security group develops third-party certification program
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
[...] on http://www.simplysecurity.com Bookmark the [...]
Pingback by Digital Forensics, Inc. Hacking group announces presence with AMD, Philips attacks … | Digital Forensics, Inc. on August 29, 2012 at 10:13 am