Government, military and education sites put up for sale by hacker

Tools

A hacker has put a number of websites belonging to the government, military and education institutions up for sale in Internet forums. The discovery was made by Noa Bar-Yosef, a senior security strategist from security vendor Imperva. Bar-Yosef wrote about it on the company's blog last Friday, noting that prices range from between $33 to $499. In addition, personally identifiable information obtained from the infiltrated sites was also put on sale for about $20 per thousand records.

While Imperva redacted the details from the screenshots that were posted as evidence, security blogger Brian Krebs posted additional information that shows the websites belonging to the states of Utah and Michigan as being available for sale, including the site belonging to the U.S. Army's Communications-Electronics Command (CECOM), which is the army's cyberwarfare unit.

The heart of the matter is how improperly maintained or patched web servers can be vulnerable to exploits, regardless of the size (or stature) of their owner organization. I did a quick check, and CECOM's website was down as now with a message that it is "Temporary Unavailable." I suppose the hacker won't be making any more money by selling the admin control for it now.

For more on this story:
- check out this article at Computerworld
- check out this article at ComputerWeekly
- check out this article at Security News Daily

Related Articles:
.mil websites down after listed for sale by hacker 
Gawker hack the result of poor security preparation 
User names and passwords of 1.3 million stolen in weekend Gawker Media hack 
McAfee: Malware at all-time high 
China shuts down major hacker ring