{"id":6646,"date":"2017-02-15T12:30:25","date_gmt":"2017-02-15T20:30:25","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/02\/15\/news-465\/"},"modified":"2017-02-15T12:30:25","modified_gmt":"2017-02-15T20:30:25","slug":"news-465","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/02\/15\/news-465\/","title":{"rendered":"Hacker breached 63 universities and government agencies"},"content":{"rendered":"

<\/p>\n

Credit to Author: Darlene Storm| Date: Wed, 15 Feb 2017 09:33:00 -0800<\/strong><\/p>\n

A \u201cRussian-speaking and notorious financially-motivated\u201d hacker known as Rasputin has been at it again, hacking into universities and government agencies this time, before attempting to sell the stolen data on the dark web.<\/p>\n

According to the security company Recorded Future<\/a>, which has been tracking the cybercriminal\u2019s breaches, Rasputin\u2019s most recent victims include 63 \u201cprominent universities and federal, state, and local U.S. government agencies.\u201d The security firm has been following Rasputin\u2019s activity since late 2016 when the hacker reportedly breached<\/a> the U.S. Electoral Assistance Commission<\/a> and then sold EAC access credentials.<\/p>\n

Recorded Future claims that Rasputin\u2019s victims are \u201cintentional targets of choice based on the organization\u2019s perceived investment in security controls and the respective compromised data value. Additionally, these databases are likely to contain significant quantities of users and potentially associated personally identifiable information (PII).\u201d<\/p>\n

All of the hacked agencies and universities have been notified about the breaches by Recorded Future. There were 16 U.S. state government victims, 6 U.S. cities and four federal agencies. Additionally, there were two \u201cother\u201d .gov sites which included Fermi National Accelerator Laboratory<\/a>, \u201cAmerica\u2019s premier particle physics lab,\u201d and the Child Welfare Information Gateway<\/a>, which is \u201ca service of the Children’s Bureau, Administration for Children and Families, U.S. Department of Health and Human Services.\u201d<\/p>\n

Rasputin also hit 35 universities, 24 in the U.S., 10 in the U.K. and one in India. Recorded Future actually lists 25 U.S. universities, but a search shows that the University of Delhi is located in New Delhi, India.<\/p>\n

The University of Delhi is also listed, but as mentioned previously, Recorded Future noted that it is in the US.<\/p>\n

All of the attacks were carried out by SQL injection. Instead of using any of the many available SQLi scanners, Recorded Future reported that Rasputin uses an SQLi tool that he developed himself to locate and exploit vulnerable web apps. The attacks are easy to carry out, \u201cbut expensive to defend.\u201d<\/p>\n

As it is \u201ceasy to remediate\u201d the problem, Recorded Future recommended a different carrot and stick incentive. \u201cDespite the government\u2019s penchant for employing sticks to modify behavior, perhaps it\u2019s time to offer financial carrots to address and fully eradicate this issue.\u201d<\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Darlene Storm| Date: Wed, 15 Feb 2017 09:33:00 -0800<\/strong><\/p>\n

\n
\n

A \u201cRussian-speaking and notorious financially-motivated\u201d hacker known as Rasputin has been at it again, hacking into universities and government agencies this time, before attempting to sell the stolen data on the dark web.<\/p>\n

According to the security company Recorded Future<\/a>, which has been tracking the cybercriminal\u2019s breaches, Rasputin\u2019s most recent victims include 63 \u201cprominent universities and federal, state, and local U.S. government agencies.\u201d The security firm has been following Rasputin\u2019s activity since late 2016 when the hacker reportedly breached<\/a> the U.S. Electoral Assistance Commission<\/a> and then sold EAC access credentials.<\/p>\n

To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[11072,11073,714],"class_list":["post-6646","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-cybercrime-hacking","tag-malware-vulnerabilities","tag-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6646","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6646"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6646\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6646"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6646"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6646"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}