Tuesday, September 20, 2016

EXCLUSIVE: Hacker Breaches Hundreds Of U.S. Govt Websites

We Are Change

A hacker known as Fear claims to have breached hundreds of government servers after hacking into the FTP of Neustar, a company in charge of the .us domain name used to upload and download files from the internet according to Databreaches.net.

“Fear” claims to be a teenager, and said that he took advantage of lax security at Neustar to gain access to a large number of FTP (File Transport Protocol) servers. Neustar has denied the claim, saying the purported breach does not match files the hacker claims to have taken reports The Hill.

The alleged hacker contacted this writer under the condition of anonymity and said that there was way more to come from him and others in the months to come. When asked to expand upon their claims, the hacker did not respond before publishing of this story. He did however say a large data dump was coming and linked me to a twitter account named IRSPartyBus posting data, from Intel claiming the Silicon Valley computer chip company had been hacked as well. He did not note whether these were separate hacks or if this hack was accomplished by breaching Neustar’s domain FTP servers.

FTP servers are often used to upload documents/files to a website host.

Neustar is in charge of the “.us” top-level web domain name hosting, an alternative to “.com,” “.edu” and “.org.” used by several sites that are operated in the U.S. including at time’s government websites.

By hacking into the company Neustar, Fear claims he gained access to the FTP accounts for every website ending with the .us domain name.

“I hacked into the Neustar FTP, and I dumped their files, and in the files there were a list of each and every FTP server on a .us, and it had their passwords, users, ftp ip, hostname, and domain,” said Fear in an online chat.

Fear stated his attack was done through an SQL injection — a poorly coded web database that leaks out information.

Neustar again contradicted the claim made by the hacker saying “they do not have access to such a list of login credentials or a list of FTP sites on .us servers.”

“We can’t state unequivocally that he did not hack something, but only because it’s impossible to prove something didn’t happen. We have been looking for evidence since the story came out, and haven’t found anything. And we’re good at this, because we take security seriously.” – Neustar Senior Vice President Rodney Joffee.

Many of the servers that host .us domain websites also host “.gov” domain sites, leaving Fear with what he claimed was access to a wide variety of government information, including voter registration data for every county in all 50 states, prescription databases and the Department of Education to name a few examples according to the hacker himself.

“It only takes 13 hours and 23 minutes and 12 seconds for somebody to finish gathering data on every US citizen. Many states used poor security practices, he said, using passwords no more than five characters and failing to encrypt sensitive information.” – the hacker “Fear”

The files that Fear stole includes credit card information, bank transactions, prescription information, Social Security data and more. Fear said that he planned on selling the information he had downloaded for “thousands of dollars in cryptocurrency” on the darkweb.

The post EXCLUSIVE: Hacker Breaches Hundreds Of U.S. Govt Websites appeared first on We Are Change.



from We Are Change http://wearechange.org/exclusive-hacker-breaches-hundreds-of-u-s-govt-websites/

No comments:

Post a Comment