Anonymous AntiSec Breaches Defense Contractor Vanguard Network

Another defense contractor’s network and data has apparently fallen to the combined skills of hackers attacking Websites under the "AntiSec" banner.

Members of hacktivist collective Anonymous have reportedly breached servers belonging to defense contractor Vanguard Defense Industries as part of the movement to steal and publicize documents from government agencies, according to a report in the TechHerald. Anonymous may have extracted nearly 4,713 emails and thousands of documents in this attack.

Anonymous has gone after a number of defense contractors and government agencies recently as part of AntiSec, including Booz Allen Hamilton and InfraGard, a public-private partnership organization working with the Federal Bureau of Investigation.

"Any private corporation[s] supporting U.S. military or law enforcement operations are legitimate targets in our eyes," a member told the TechHerald, justifying the attack on VDI.

The attack seems to have exploited vulnerabilities in the popular WordPress blogging platform. VDI apparently had not upgraded two out-dated plug-ins, leaving security holes wide open for the cyber-attackers to waltz through.

"Recent large hacks making headlines are thought to have been performed by compromising just one plug-in in an enterprise," Michael Sutton, vice-president of security research at Zscaler ThreatLabZ, told eWEEK. According to Zscaler's latest "State of the Web" report, even if the software has been updated to the most up-to-date version, many organizations tend to fall behind in updating plug-ins, making it a lucrative attack vector.

"The government requires stringent security methods in place for its contractors and VDI appears to have failed to implement even the most basic security, patching its Website," Josh Shaul, CTO of Application Security, told eWEEK. 

Attackers also compromised the password used by Richard Garcia, VDI's senior vice president and the former assistant director in charge of the FBI's field office in Los Angeles, and gained access to his emails. The attack on Garcia's account is slightly reminiscent of how Anonymous compromised emails at HBGary Federal because CEO Aaron Barr and chief operating officer Ted Vera had reused weak passwords across several systems.

Attacks like these prove that even with all the cyber-attacks and data breaches in 2011 so far, some organizations still don't take information security "seriously," Shaul said. Simply monitoring database access and regularly patching software could have thwarted many of the basic attacks this year, according to Shaul. 

Vanguard was targeted because of its work with several local law enforcement agencies and ties with the FBI, Department of Homeland Security and the United States Marshals. The Texas-based company makes unmanned ShadowHawk helicopters used for aerial surveillance or equipped with guns and grenades for combat usage.

The emails from Garcia's account are expected to be released over the weekend with a searchable index. There are emails to several government agencies and local law enforcement agencies as well as memos marked "Confidential" or "for official use only." There are email addresses, passwords, resumes, non-disclosure agreements and contracts, and financial details in the messages.

Anonymous began the week by attacking the Bay Area Rapid Transit's customer portal myBART.org to protest the San Francisco regional transit authority's decision to shut down cellular service on several of its stations. Demonstrators were using mobile devices to plan demonstrations protesting two fatal shootings by transit police.

Transit officials suspended service to prevent the demonstrations from disrupting normal train service. Approximately 2,000 had their personal information stolen in what was supposedly a SQL injection attack. To keep the pressure on BART, Anonymous also helped organize a street protest on Aug. 15 that resulted in BART authorities and the San Francisco police department shutting four downtown San Francisco BART and Muni stations for a few hours.

An Anonymous group member also breached the BART Police Officer Association Website on Aug. 17 and publicized personal information, such as names, home addresses, email addresses and passwords belonging to 102 transit police officers.

A leaked Internet Relay Chat log seems to indicate that the attacker was a first-time hacker from Canada acting alone and using a SQL injection tool. She claimed it took her four hours to break into the site. However, a member behind the Twitter account AnonyOps posted a disclaimer. "FYI, no one claimed responsibility for the hack. Some random Joe joined a channel and released the data to the press," according to the AnonyOps post.