A hacker has breached several government, military and educational websites from across the globe, and put on sale the admin access to high-profile sites such as the official Italian government website (http://itcgcesaro.gov.it), the Department of Defense Pharmacoeconomic centre (http://pec.ha.osd.mil/) and even the United States Army, Communications-Electronics Command (CECOM) (http://cecom.army.mil ).
Imperva, a data security firm, first reported on the hacker and his offerings on January 21. In a blog post, the firm said that the hacker has put on sale dot-gov, dot-mil and dot-edu websites from across the globe at a price range of $55 to $499. It also discovered that the hacker was also offering personal information from the hacked websites at $20 for 1000 records.
The hacker is also selling info personally identifiable information (PII) from hacked sites, for $20 per 1K records, the blog informed with the example of a list of UConn staff.
Imperva's post is complete with screenshots, which the hacker claims as a proof of access.
The victims' vulnerabilities were probably obtained by SQL injection vulnerability automatic scanner and exploited in automatic manner, as the hacker published his methods in a post in some hacker forum, Rob Rachwald wrote in the post.
It was, however, security blogger Brian Krebs who revealed the juicy details with the actual names of the Web site domains that this hacker is selling, which Imperva chose to block out.
After examining some of the back-end evidence of his hacks, Krebs confirmed that hacker doesn't seem like he's making this up.
In his blog post, Krebs also raised concern on the nature of the websites that the hacker has managed to take down.
I find it ironic that one of these sites allegedly for sale is the Department of Defense Pharmacoeconomic Center, which is a DoD site tasked with improving the clinical, economic, and humanistic outcomes of drug therapy in support of the...military health system. In all likelihood, if access to this site is purchased, it will be by someone looking to plant links to rogue online pharmacies of the sort frequently advertised in junk e-mail, he wrote.
Elaborating more on why these websites are favorite target of the rogues, the blogger explained, People who get paid to promote these rogue pharmacies typically do so by hacking legitimate Web sites and including links back to fly-by-night pharma sites, and they particularly like dot-mil, dot-gov and dot-edu sites because search engines tend to treat links coming from those domains with more authority than random .com sites.