This is another report about one of the attacks of the Anonymous guys (I can’t help talking about it since we’re in the middle of a World War Web now). Learn about cracking passwords.
Apart from hacking paid online catalogs and making it available for free download via torrent, the #OpMegaupload is also targeting strategic corporate and government websites in different countries of the world. Most of the time, they target the Department of Justice. But one attack that is worth mentioning is the recent one geared toward the FTC-related corporate website called OnGuarOnline.gov. According to its definition,
"OnGuardOnline.gov, a partnership of fourteen federal agencies managed by the Federal Trade Commission (FTC)"
As of today, if we browse that website, it shows a clear sign that it has been tampered by the Anonymous.
Having your own website tampered and showing something else is one big issue (especially when your core job is related to the internet). But more importantly, when those hackers publish the list of users/e-mail address as well as the hashed password on the same page – that’s horrifying.
In fact, anyone with some knowledge of Unix and that has some interest in cracking password would surely be playing with those passwords as of now trying to figure out the actual password, just for the sake of being able to say “I did it”.
A lot of tools for cracking passwords
When you see the list some nickname like “FTC admin”, I can guess that the hunt for cracking passwords would become even more interesting. And since there’s a lot of tools available online for cracking passwords (even if most of them are doing some “brute-force” cracking), it’s more than sure that those passwords are going to be cracked in the next few hours. I guess those guys would have changed their passwords as well as put in place some more security measures.
Interestingly, the attacks are getting more and more subtle: first, it was about attacking via DDoS (Distributed Denial of Service) where the goal was to flood one server so that it can’t handle requests anymore. Then, they cracked the online catalog and put all the content available for free – will, it’s similar to being the modern Robin Hood. Now, not only do the attackers replace the website’s content, but they also publish private information of the users on this server.
What do prevent hackers from cracking private data?
So far, it has been reported that websites have been attacked. But if we want to be paranoid, what do actually prevent hackers from cracking bank information as well as other private data? As it is with most movements, it is expected that some guys would want to branch out from the original goals and try to turn it to their own profit. And bank accounts are very promising targets. Let’s hope I’m wrong.
Now the question is, as a regular user of technology: how safe do you feel as of now? Do you think your private data is at risk? While most of the attacks have targeted public websites, do you think that this would get trickier and attack some more corporate applications?