Anonymous Attacks US State Department Careers Website: Analysis

Attack appears to be a SQL Injection

February 23, 2013

2 Min Read

PRESS RELEASE

WASHINGTON, Feb. 22, 2013 /PRNewswire/ -- Identity Finder has analyzed a hack by the Anonymous hacker "Par:Anoia," claiming to have attacked a website belonging to the U.S. Department of State. Our preliminary analysis indicates that the hack appears to be legitimate, affecting roughly 200 people, and relatively low-risk.

Identity Finder's analysis indicates that the hack contains the following information:

-- 199 Email Addresses, most of which belonged to state.gov, and a few universities

-- About 207 Possible Hashed Passwords. The seemingly hashed strings were unidentified

-- Zero Home Addresses

-- 194 names

The breached database is named "test_hrwg_careers_usa_ctc_com," which seems to be related to http://careers.hrwg-careers.usa-ctc.com/, which has been taken offline. A cached version indicates that it is a State Department career website, and not likely tied into sensitive State Department systems. The attack appears to be a SQL Injection attack, where a hacker tricks a website into exposing the entire contents of a database.

"This appears to be a legitimate breach," said Aaron Titus, Chief Privacy Officer at Identity Finder. "Although the total risks associated with this breach appear low, if the hashes in the breach are actually passwords, and they are cracked, and the state department employees re-use those passwords on sensitive State Department systems, those systems could be compromised."

"We recommend that the State Department reset the passwords for all affected employees as a precaution," said Titus.

About

Identity Finder's data discovery and protection software provides companies the ability to prevent data leakage and find sensitive information. They have quickly grown to become a leader in identity protection and Data Loss Prevention

(DLP) by helping millions of consumers, small businesses, and enterprises across the world. You may download the free version of Identity Finder DLP Software

here: http://identityfinder.com/free

Read more about:

2013
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Black background and white text saying Dark Reading Confidential
Vulnerabilities & Threats
Dark Reading Confidential: Pen Test Arrests, Five Years LaterDark Reading Confidential: Pen Test Arrests, Five Years Later
byDark Reading Staff
Sep 10, 2024
42 Min Listen
Digital flowchart abstract blue background. Computer software algorithm conceptual illustration.
Application Security
CISA Urges Software Makers to Eliminate XSS FlawsCISA Urges Software Makers to Eliminate XSS
byEdge Editors
Sep 17, 2024
2 Min Read
A canary in a coal mine
Cybersecurity Analytics
Infostealers: An Early Warning for Ransomware AttacksInfostealers: An Early Warning for Ransomware Attacks
byNate Nelson, Contributing Writer
Sep 18, 2024
4 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events