Hackers get into AMD and steal over 30,000 - wait for it - BYTES!

Filed Under: Data loss, Featured, Vulnerability

A hacker calling himself r00tbeer, supposedly representing a four-strong hacker group calling itself r00tbeersec, has announced on Twitter a hack of chip vendor and Intel rival AMD.

After bragging just over a day ago that "our next target will be a large company, stay tuned for the upcoming database dump," the mighty hackers lived up to their promise. Earlier today they leaked a complete SQL database dump totalling nearly thirty-two KB.

(Yes. You read that correctly. It's just under 32 kilobytes in the new measuring system, and just over 30 kibibytes, as today's youth - who wouldn't know a power of two if it chopped them in half - like to call the old units.)

It's a SQL database of 189 usernames and and what look like PHPass-hashed passwords, apparently retrieved by foul means from AMD's WordPress-driven blog site.

185 of the usernames are accompanied by email addresses, of which 174 are from AMD and most of the rest from two PR companies, edelman.com and bitecommunications.com. A reminder to the PR guys: if you work on the AMD account and you've been using the same password on other sites, stop doing that!

A few of the records also include an intriguing - but unexplained - field called user_activation_key. Whatever those are, it would be a good idea for AMD to deactivate them and issue new ones.

All in all, a small deal in the history of security breaches. More of a hackette than a hack, and no AMD customers need to panic, which is good news.

But every hack is, at its heart, bad news.

If only we were collectively more conscientious about patching against criminals, and if only those criminals were more likely to be caught!

Of course - since, where hacking is concerned, an injury to one is an injury to all - the vast majority of Internet Good Guys amongst us can help make both those things come true.

Patch early. Patch often. Keep logs. Report breaches.

Here's some frank talk to tell you why:

(Duration 15'25", size 11MBytes)

Update. R00tbeer returned more quickly than you might have liked, hacking and exposing yet more data, this time from Dutch technology giant Philips.

, , , , , , ,

You might like

6 Responses to Hackers get into AMD and steal over 30,000 - wait for it - BYTES!

  1. Xyon · 1142 days ago

    It's not the size of the data dump, it's the content. A gigabyte (gibibyte, whatever) of worthless data-soup is less useful than one root account's details, which you could fit in less than a kilobyte (kibibyte... Yeah, it still sounds silly). And the damage you could do with that sub-KB(KiB) theft could easily be irrepairable.

    AMD should probably still consider seriously its database security and no doubt they're deep in IDS logs working out where the breach was and closing up the hole. Is it a consideration of elderly wordpress versions leaving the doors to their databases wide open? Is there any excuse for anyone not to keep their web-applications (especially the free ones) up-to-date as promptly as is possible?

    Don't think so. But it could've been worse - I'm sure chip manufacturers like AMD have some more sensitive material than usernames and passwords lurking around in their data stores. Do hope they've the sense not to leave those systems connected to the outside internet though...

    • Joshua · 1141 days ago

      Agreed Xyon.

      Just imagine if every phone manufacturer had a single blueprint for the new iPhone 5, or someone nabbed a single e-mail from US or Israeli leadership detailing a preemptive strike against Iran...

      Sure, it's not worthwhile promoting FUD in the form of every single hack. but in cases where such pinpoint strikes can lead to potentially more breaches, 32KB can be all the difference.

      This is not a "small deal" in the eyes of people who stake their future on crucial pieces of information; please grow up and work in security before doling out this type of advice; it's hard to take a vendor seriously when they marginalize an incident with larger ramifications...

  2. nickynicknick · 1142 days ago

    Isnt it time we started called the hackers trolls, criminals and parasites instead. While 'public interest' hacks could sometimes be understood, cyber vandalism seems to account for the vast majority of hacks.
    I get the impression there is a false romantic view of hackers as the new hippies and working class heroes.

    • Internaut · 1142 days ago

      Trolls? When have hackers started trolling? Well, a lot of people use words they don't understand the meaning of - so it's OK.

      Hackers as hippies? Why even think of grouping the two. They are light years removed from each other. Hippies, of any sort, were all for peace, love, rock & roll, and sex. Yes, no matter what label you attached to a group, there are always some radicals, but isn't that what hackers are? Radicals? Certainly nothing like "hippies" new or old.

      Yes, they appear to be the romanticized underground, anti-establishment clique'. The image painted depends on two things, one, how the news medium portrays them, and two, what they accomplish. They certainly get a lot of attention on every news channel, in print, and on the Internet. I'm sure, some hackers just do it for the recognition. There are all types. One label doesn't work.

      None are "hippies", neither old nor new breed. The urchins stealing and robbing should be called exactly what they are - thieves, bandits, robbers, crooks. Re-classifying and labeling them with new words and descriptions only reduces the severity of their crime.

      I'm not defending hippies, I would like to see actions be called what they are, not what makes them sound better.

      One more label the 'hackers' have received, that of "terrorists". Hype - just hype.

  3. Jack · 1142 days ago

    Lets hope they only use "Terrorists" when they actually are. Many countries have laws that specifically specify this type of activity and most of the time it lets the authorities attack by-passing the protection of many of our laws that prevent abuse.

    If access was possible I wonder what else they pilfered? Such as an ability to enable some kind of internal debug operation? Or processes that are in development for the next generation of chips? Or....

    Makes one wonder....

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog