An admirer of Anonymous acted independently to breach an outsourced provider and steal a customer list with log-in credentials. Many on the list were U.S. government employees.
A solo attacker has hacked
into an events management company and obtained sensitive information
belonging to 20,000 individuals, many of whom were United States government
employees or contractors.
The cyber-attacker posted an Excel spreadsheet containing
log-in credentials and personal information for 20,000 people obtained from allianceforbiz.com,
according to a blog post signed by "Thehacker12" on Aug. 22. Allianceforbiz.com
is a professional trade show management company that manages conferences,
meetings and trade shows for customers, according to the company Website.
The list has been made public on Pastebin and Mediafire and
a message posted on Twitter: "20,000 email-passwords had been leaked
consisting mostly of US Mill Army, Govern. & corporate giants."
The spreadsheet contains usernames, passwords, email
addresses. company name, and also whether the individual works for a government
Cosoi, head of Bitdefender Online Threats Lab, told eWEEK. Identity
, a data loss prevention software vendor, ran the file through its
software and found 13,322 passwords and 17,590 email addresses in the file.
Only 11,358 of the passwords had a username associated with them, Todd Feinman,
CEO of Identity Finder, told eWEEK.
The file also contained 17,668 company names, of which
14,739 were unique, and most had only one email address associated with
name, according to the analysis. This means more than 14,000
organizations may be affected by Thehacker12's breach of
Since allianceforbiz.com managed events for customers, it is
likely that the list contained the person in each organization who was working
directly with the provider. However, there were some organizations with 10 or
more email addresses associated with the name, Identity Finder found in its
"Interesting to note most of these are government
entities," Feinman said.
The U.S. Small Business Administration had 70 entries,
followed by 42 from the U.S. General Services Administration, 37 from the U.S.
Department of Commerce, 34 from the U.S. General Services Administration and 33
from the U.S. Department of State. Other affected organizations include the
Federal Aviation Administration, U.S. Army Corps of Engineers, national
nonprofit agency NISH, U.S. Department of Housing & Urban Development, U.S.
Environmental Protection Agency and the VA Medical Center. Defense and
government contractors Honeywell, BAE Systems, WP Hickman Systems and CH2m Hill
were also on the list.
the high incidence of password reuse
by Internet users, it is possible that the
information could lead to identity fraud, said Identity Finder's Feinman.
"Passwords are a digital identity," and the victims will not know if
an identity thief is testing out username or email address and password
combinations to try to login to the online bank, online retailers or other
services, Feinman said.
noted that most of the email addresses on the list are work accounts,
which means a malicious third party now has login credentials
that may work
when trying to breach one of the affected organizations' network and systems or
the corporate email server. This level of access can "lead to blackmail,
extortion or selling private data to third parties" or targeted emails
sent to other employees within the organization from the victims' accounts, he
the "significant number of government agencies" in the leaked file,
"we can conclude that this data leak will have serious unpleasant
consequences," Cosoi said.
Identity Finder's software allows organizations to prevent
identity theft and data leakage by searching and securing sensitive data that
could be used to commit identity fraud. The software can look at both
structured and unstructured data and find instances where sensitive information
such as Social Security numbers or credit card information are stored. With the
software, organizations can identify all the places where the information is
located and protect them accordingly.
The perpetrator claims to be "an AntiSec
supporter" but not a member of the hackers collective Anonymous. AntiSec
is a movement initially launched by the cyber-group LulzSec earlier this summer
to hack into government systems and expose secrets and documents. Anonymous has
recently breached a number of defense contractor
and law enforcement
Websites under the AntiSec banner.
"His or her deeds
actually support the same side of the story, which is hacking for the sake of
publicly making an anti-establishment point," said Cosoi. Both the media and law
enforcement authorities are focused on Anonymous and LulzSec, leaving the
"door open to other small groups to make a stand and show their
skills" and continue the AntiSec activities without drawing too much
attention, Cosoi said.
Thehacker12 has been busy over the past week, mining and
dumping three other files containing a total of 16,500 other email and password
combinations stolen from unknown targets. His method of attack remains unclear.