Wall Street Journal & Vice Breached: Admin Credentials for Sale
Data has become commodity in the information age. Hackers are selling user information and the credentials to control a server belonging to the Wall Street Journal for one bitcoin ($621, £365). Those credentials would grant an administrator access to modify articles, add new content, insert malicious content, add new users, delete users, etc.
News of the breach broke by the publication’s publisher, Dow Jones & Co., as reported by the Wall Street Journal. They took down the breached systems, which housed the publication’s news graphic assets. It’s rumored the hacker got in by SQL injection - that is, rev0lver, who now goes by w0rm and is the founder of Worm.in, a market for trading cyber vulnerabilities.
Vice Media’s content management system was said to also be hit by the same guy, although there’s no official statement released. IntelCrawler, as reported by the WSJ claims that Vice has since patched some security vulnerabilities.
Screenshots of the data show that usernames, encrypted passwords, email addresses and details of user privileges, including login attempts and time of last visit were stolen, according to Softpedia.com.
The Facebook account of the WSJ was also hijacked, with several fake posts, including one that stated contact with the Air Force One was lost as it flew over Russian airspace, and another that said VP Joe Biden would address the nation shortly. After about 20 minutes, account control was regained and fake posts deleted.
According to Sophos, w0rm was also responsible for the CNET breach of a million email addresses, usernames and encrypted passwords, of which he claimed he’d sell for one bitcoin. Selling the databases at such a low price have some surmising that the hacker is trying to make a name for himself.
Attacks on the media have proven to have real consequences, as was shown in the AP breach of their Twitter account that resulted in a 100-point dip in Dow stocks before it rose again after news of the hack.
Most of these attacks include the exploitation of stolen credentials by way of phishing or social engineering. Although the WSJ was breached via SQL injection, w0rm is selling administrator user credentials that would be rendered useless if two-factor authentication was implemented. Without the administrator’s actual device, an unauthorized user can’t get access to the server with just a username and password, thereby devaluing a hacker’s sale.
Earlier this year, CNN’s social media accounts and blogs were hacked by the Syrian Electronic Army (SEA) after a wave of phishing emails targeted CNN employees. Six of them submitted their credentials, giving SEA the access they needed to post a number of political messages regarding Syria.
According to Mashable, one CNN employee in particular gave away the credentials to CNN’s HootSuite account, which granted them access to the different social media accounts. But recently, HootSuite started offering two-factor authentication for their users, which would have stopped a remote attack from SEA. Find out more in CNN & Microsoft Breached: No 2FA in Sight.
For more on security guidelines for the media and news industry, read:
Redefining Information Security for Journalists & the Media