Owned and Exposed 2 - An unwanted Christmas gift for exploit-db, ettercap and others

Filed Under: Data loss, Law & order, Vulnerability

Screenshot from Owned and Exposed ezineMany people around the world awoke on Christmas morning with anticipation of gifts under the tree. But that's not the only thing that was waiting for some of them. A group of hackers known only as the creators of a newsletter called "Owned and Exposed" announced early on Christmas morning that they had compromised six sites and published the details of their deeds in the second edition of their "ezine".

The attacks largely targetted those they characterized as either "script kiddies" or security experts they wanted to show up for making mistakes in hosting their own websites.

The first to come forward was the administrator of exploit-db.com, a website devoted to cataloging known software exploits and vulnerabilities. Their admin posted a response to the hack on their blog that began: "There’s nothing like having your butt kicked Christmas morning, which is exactly what happened to us today." At least they are treating it for what it was, a somewhat cruel prank that had in fact exploited some flaws in their site.Another site that was hit was the SourceForge page of ettercapNG. Ettercap is often used for performing man-in-the-middle attacks and has been unmaintained for over five years. The hackers provided evidence that the site had previously been compromised by others and that it may not be prudent to trust anything you have downloaded from the ettercap site.

Most of the other sites that were hit were more controversial and some of them engaged in illegal activity like trading in stolen identities and credit cards. When the first edition of Owned and Exposed was published it documented their takedown of a haven of online criminal activity known as carders.cc. Carders.cc was taken down again in this attack along with free-hack.com and inj3ct0r.com.

Is there a lesson in this story for security professionals? If you read the ezine you will see that nearly all of the sites that were compromised had lapsed on some security fundamentals and were exposed through one little chink in the armor. A series of small mistakes can mean big problems when your adversaries put the pieces together.

For example, the admin at backtrack-linux.org (Same admin as exploit-db.com) used the root account and password for all of their web scripts, WordPress instances, etc. to access their MySQL database.

Next time you are struggling with database and filesystem permissions and are tempted to use the admin account "just for now," remember this story, and hopefully next Christmas morning you won't unwrap any unwanted surprises.

, , , , ,

You might like

2 Responses to Owned and Exposed 2 - An unwanted Christmas gift for exploit-db, ettercap and others

  1. Security Nobody · 1395 days ago

    what's the problem of using a mysql root account in
    a non shared host? whatever account you use will need the same
    access level, security advisor... yeah, right... they all have
    always something to say...

    • Matt · 1395 days ago

      Would you rather have a hacker just compromise your
      databases or get root access to the entire server? I know which one
      I'd go for...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.