Stock Exchanges

The Websites of the NASDAQ and BATS stock exchanges as well as the Chicago Board Options Exchange were knocked offline for parts of Feb. 13 and Feb. 14. The DDoS attacks did not affect trading systems, just the public-facing nasdaq.com, nasdaqtrader.com, batstrading.com and cboe.com. “LONGwave99” claimed credit for “Operation Digital Tornado” although some believe the group is involved with Anonymous.

Who knows who was behind the CIA Website being inaccessible Feb. 11? A Twitter account associated with Anonymous first reported the site was offline, but later someone followed up with a coy post hinting the group wasn’t responsible. “If we report a hack of ddos attack, it doesn’t necessarily mean we did it,” @YourAnonNews posted.

Anonymous also took down a number of Greece’s government and police Websites Feb. 13 to coincide with the protests within the country. Websites for television stations, political parties, the prime minister, National Police and the Ministry of Finance were hit by DDoS attacks. A week earlier, the group defaced the Greek Ministry of Justice Website to protest the Anti-Counterfeiting Trade Agreement (ACTA), the multinational anti-online-piracy treaty.

Anonymous broke into Syrian President Bashar al-Assad’s email server and managed to access more than 78 staffers’ inboxes. It turns out that the most commonly used password was “12345.” One of the emails obtained was a document the Syrian president used for his December 2011 interview with Barbara Walters.

Anonymous appeared to have broken into an email account belonging to either a member of the FBI or Britain’s Scotland Yard and obtained messages arranging for a conference call where law-enforcement officials were set to discuss hacking and related investigations. The recording of the call was posted on YouTube.

In February, CabinCr3w broke into several police-related Websites around the United States. From the Website for the West Virginia Chiefs of Police Association, the group stole log-in credentials and dumped sensitive information about police officers, including user names, passwords, email addresses, home addresses and phone numbers online. In addition, log-in information for the Wisconsin Chiefs of Police Association Website was posted online. Finally, phone numbers, addresses and email addresses of police officers and information on drug operations were dumped after an attack on a Salt Lake City Police Website.

In Mexico, 111 Websites were either hit by DDoS or SQL injection attacks. Some of the domains hit were attacked to protest Mexico’s anti-online-piracy law, which would impose a fine of $100,000 for copyright infringement. More than 700MB of emails were dumped from the Mexican National Chamber of Mines. In addition, the Mexican Mining Ministry was knocked offline to protest dangerous working conditions for miners.

Casi from Team Poison breached Web servers belonging to the United Nations. The site wasn’t offline, and no sensitive data was dumped. However, the breach appears to be real, since the attacker was able to identify SQL injection vulnerabilities and dump the names of the databases on the server.

A group known as SwaggSec breached Foxconn’s network by exploiting a vulnerability in Internet Explorer and posted user names and passwords for company employees. Foxconn has a number of big-name technology clients, including Dell, Apple and IBM. The Chinese company is best known as the manufacturer of Apple’s iPhone.

A group calling itself Anonymous Brazil targeted the country’s top financial institutions, including Banco Bradesco and Banco do Brasil.