Attackers Breach Servers of Security Firm

Feb. 8, 2011 - PRLog -- Recently, attackers intruded into the networks of a security firm and extracted loads of confidential information. The attack was launched on security firm HBGary Federal. The Anonymous group, which has been in the news off late for initiating distributed denial-of-service (DDoS) attacks on websites of Amazon, MasterCard, Visa, PayPal has claimed responsibility for the intrusion. The attack was carried out after reports that HBGary Federal has uncovered the hierarchy of the group and is planning to share the details later in a conference.

The members of the infamous group exploited the vulnerabilities on a weak web server and extracted over 60,000 business e-mail accounts. The details were posted on file sharing networks. The attackers also took control of the twitter account of security firm’s CEO, Aaron Barr and compromised LinKedin accounts of senior executives of the company. Attackers also posted several offensive messages on the compromised twitter account and revealed confidential information such as social security number, home address and contact number. The attackers have also allegedly deleted the backups of the company. The attackers also took control of a security research site rootkit.com by using social engineering techniques to extract information from a security administrator. The site is operated by the CEO of HBGary, Greg Hoglund. HBGary co-owns the security firm.

The group also exposed a 23-page document, which allegedly contained details regarding the Anonymous group. The attackers asserted that most of the information contained in the document is available on the IRC networks and pose no harm to the group. The website of the company has been defaced. The Anonymous group has been repeatedly making headlines ever since they launched DDoS attacks on several websites for withdrawing their support for WikiLeaks. In the recent days, the Anonymous group attacked the government websites of Egypt, Tunisia and Italy.

Information security is critical for continuous business operations. The members of the infamous group have not only exposed the vulnerabilities of the security firm’s IT infrastructure, but have also showcased their attacking skills.Organizations must regularly test the strength of the information infrastructure through ethical hacking techniques and eradicate the weaknesses before their exploitation by attackers.

The vibrant threats in the IT environment require proactive action. Information security professionals must enlighten and train the employees on latest security threats to prevent inadvertent disclosures to cybercriminals.

Contact Press

EC-Council
Website:  http://www.eccouncil.org
Email:  iclass@eccouncil.org
Tel:  505-341-3228

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences.

# # #

iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI).