2011년 해외 굵직한 해킹 사고만을 정리한 뉴스가 있어 올려봅니다.
RSA Hack (3/17/2011) :
Motive - Unknown attacker, although China believed to be suspect. Motive is probably espionage
Method - Advanced Persistent Threat (APT) targeted at individuals within an organization using social engineering. Malware hidden in an Excel spreadsheet exploited a zero-day (unpatched) Flash hole.
Harm - SecurID token deployments at financial, government and other sites were at risk.
Comodo Hack and several of its digital certificate resellers (3/23/2011) :
Motive - 21-year-old Iranian patriot took credit saying he was protesting US policy and retaliating against the US for its alleged involvement with last year’s Stuxnet, which experts say was designed to target Iran’s nuclear program.
Method - Compromise of digital certificate registry authorities led to the theft of digital certificates that are used by sites to prove they are who they are legitimate.
Harm - If they had not been revoked the faked certificates could have been used to spoof sites like Google, Yahoo,Microsoft and Skype.
Sony (Indonesia, Japan , Thailand, Greece , Canada, Netherlands, Europe, Russia, Portugal) & Sony PlayStation Network Hacked (4/6/2011-6/8/2011) :
Motive - Lulzsec ,Anonymous, Lebanese hacker Idahc and various other hackers organized the attack in retaliation for Sony attempting to identify visitors to PlayStation 3 hacker
George Hotz' blog site, as well as seeking data from his Twitter and YouTube accounts as part of a lawsuit. The case was later settled out of court.
Method - Distributed Denial-of-Service (DDoS), Sql injection
Harm - Defacement of various domains of Sony and Personal information of 77 million people, including customer names, addresses, e-mail addresses, birthdays, PlayStation Network and Qriocity passwords, user names, online handles and possibly credit cards were exposed.
Fox Network's X Factor (5/7/2011) :
Attacker - Lulzsec
Harm - X factor contestants personal information exposed and internal Fox data exposed.
PBS.org - Public Broadcasting Service Hacked (5/30/2011) :
Attacker - LulzSec in retaliation over Frontline Wikileaks program they considered biased
Method - zero-day exploit in Movable Type 4
Harm - Passwords were leaked and a fake news article was published on the page.
100's of Gmail users (6/1/2011) :
Motive - Google says attack originated in China and appeared designed to monitor communications of journalists, political activists and military personnel.
Method - After stealing passwords with a phishing attack, perpetrators apparently used the passwords to change Gmail users' forwarding and delegation settings.
Harm - Attack was "disrupted" but it's unknown if any snooping was accomplished.
Acer Europe Hacked (6/3/2011) :
Attacker - Pakistan Cyber Army
Method - Stupidity of Server admin
Harm - Source code and user data of 40,000 people reportedly compromised.
FBI partner Infragard Atlanta Hacked (6/3/2011) :
Motive - LulzSec, in an attempt to embarrass the FBI and security firm government contractors
Harm - Site was hacked, defaced and 180 Infragard usernames and passwords were leaked.
Citigroup Hacked (6/8/2011) :
Motive and Attacker - unknown
Harm - Names, account numbers, and contact information, including e-mail addresses, were accessed during the breach, which affected about 360,000 customers.
Turkish government (6/9/2011) :
Motive - Anonymous, in opposition to Internet filtering plan
Harm - site inaccessible temporarily
U.S. Senate hacked (6/13/2011) :
Motive - LulzSec, saying it doesn't like the U.S. government
Harm - published on the Web server's directory and file structure of the Senate site
Spanish National Police (6/13/2011) :
Motive - Anonymous, in retaliation for the arrest of three people in Spain
Harm - site was inaccessible temporarily
CIA Hacked (6/15/2011) :
Attacker - Lulzsec
Harm - site temporarily down
Electronic Arts hack (6/16/2011) :
Harm - System hosting BioWare Neverwinter Nights forum is breached and user names, encrypted passwords, e-mail addresses, mailing addresses, names, phone numbers, CD keys and birth dates may have been compromised. Some unencrypted passwords believed stolen.
Sega Hack (6/18/2011) :
some Sega Pass member e-mail addresses, dates of birth, and encrypted passwords compromised.
NATO Hack (6/23/2011) :
Motive - After NATO released a report singling out Anonymous' hacktivism as a cyber threat, the group warned NATO not to challenge it.
Harm - subscribers to NATO's e-Bookshop service were urged to change their passwords after a possible compromise of usernames, passwords, addresses and e-mail addresses.
Arizona Department of Public Safety (6/23/2011) :
Motive - LulzSec said it is leaking the data to protest "racial profiling anti-immigrant" policies of Arizona law enforcement, specifically SB1070, which makes it a crime to be in Arizona without documentation proving United States residency. Releases another batch of data on June 29.
Harm - publicly released hundreds of private intelligence bulletins, training manuals, personal e-mail correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement.
Former British Prime Minister Tony Blair Hack (6/24/2011) :
Motive - TeaMp0isoN says it targeted Blair over his support for the Iraq War
Harm - contents of his electronic address book, including contact data for members of Parliament
Arizona Department of Public Safety Hack (6/29/2011) :
Attacker - Antisec
Harm - hackers release second dump of data, including more personal data on specific officers
Al-Qaeda Hack (6/29/2011) :
Harm - hackers shut down al-Qaeda's Internet communications, halting the flow of videos and statements online
Arizona Fraternal Order of Police, Fraternal Order of Police in Mesa, Tucson Hack (6/30/2011):
Attacker - Antisec
Harm - 8 Web sites defaced, documents released including passwords and e-mail addresses of 1,200 officers, some financial data of specific officers and personal e-mails
Apple Hack (7/4/2011) :
Attacker - AntisecMethod - exploited security flaw in the software Apple used
Harm - 26 admin usernames and passwords for an Apple server exposed
Fox News Twitter account Hack (7/4/2011) :
Harm - The Fox News Twitter feed was used to publish false reports that President Obama had been killed.
German Federal Police Hack (German Federal Police) :
Attacker - n0-N4m3 Cr3w
Harm - The hackers compromised a server used by the country's customs service and posted location coordinates, license plate and telephone numbers, police usernames and passwords, and a GPS application in response to government communications interception.
News Corp. sites, The Sun and News International Hack (7/18/2011) :
Attacker - Lulzsec
Harm - Hackers redirected The Sun home page to fake story about death of News Corp. owner Rupert Murdoch, and then later to LulzSec's Twitter feed, as well as redirected a News International's page with a statement on the hack to the LulzSec Twitter feed. They also released phone numbers of News Corp. employees and an e-mail address and password for former Sun editor Rebekah Brooks, who is embroiled in the mobile phone voice mail hacking scandal at
News of the World.
Italian Police's National Center for Computer Crime and the Protection of Critical Infrastructure (7/22/2011) :
Attacker - Antisec
Harm - Hackers claim to have stolen more than 8 GB of internal data that was allegedly seized during police investigations, including information on the Ministry of Transport in Egypt, Ministry of Defense in Australia, Russian companies and U.S. Justice Department. They threatened to publish it online.
72 public and private organizations in 14 countries Hack (8/2/2011) :
Motive - McAfee report does not speculate, but there's a pattern in the targets which do not include China but do include political non-profits, a pro-democracy organization, the World Anti-doping Agency, and the International Olympic Committee and Olympic committees in three countries, which were targeted right before and after the 2008 Olympic Games in Beijing.
Method - targeted phishing attacks with e-mail exploit that installed a back door
Harm - National secrets, classified government data, source code, bug databases, email archives, details for new oil and gas field auctions, legal contracts, SCADA configurations and more.
Citigroup Japan hack (8/5/2011) :
Method - A source said the scheme was perpetrated by a third-party vendor that had been given access to Citi's internal systems.
Harm - Personal information of 92,408 Citigroup credit card customers in Japan was stolen and sold to third parties, the bank said.
70 U.S. law enforcement agencies and police association in Italy Hacked (8/6/2011):
Attacker - Antisec
Harm - 10GB of personal information, private e-mails, passwords, training files, data from informants, Social Security numbers and stolen credit card information
Government of Syria (8/8/2011) :
Attacker - Anonymous
Harm - Home page of the Syrian Ministry of Defense site defaced with Anonymous logo and a call for the downfall of President Bashar al-Assad.
BlackBerry maker Research In Motion (RIM) Defacement (8/9/2011) :
Attacker - Team Poison
Harm - RIM's BlackBerry blog was hacked in retaliation for RIM offering to assist London police in combating rioters, many of whom are using BlackBerrys to organize.
Hong Kong stock exchange Hack (8/10/2011) :
Harm - Hackers broke into news site of Hong Kong stock exchange, where corporate filings are published, forcing the suspension of trading for seven companies.
[출처]http://thehackernews.com/2011/09/its-fail-2011-year-of-hacks.html
