Ever dreamt of controlling a dot-gov or dot-edu site? A hacker is selling access to dozens of military, government, and university Websites for $55-499 a site!
The priciest of all hacked sites is access to the homepage of the U.S. Army, National Guard, and Army Forces, priced at $499 each. Then are followed by access of other university and governmental Websites. You’ll also find passes to the Italian Official Government Website for $99 or a Taiwanese educational centre for $88.
According to Imperva, the hacker is also selling personal data of the employees and staff information found on these hacked sites for a price of $20 per 1,000 names, addresses, and telephone numbers. For example, they list a screenshot of University of Connecticut staff members’ information.
Its most likely that the hacker has performed the hack through an SQL injection vulnerability. The vulnerabilities were found in an automatic manner using SQL Injection vulnerability scanner tools as he has also published his methods on some hacker forums.
Brian Krebs of Krebson Security said he saw the back-end evidence of the hacks and found them legit.
[via Imperva, PC mag]