Friday, March 23, 2012

User IDs and Clear-Text Passwords Leaked from US Army’s CECOM

          Black Jester, the hacker who yesterday demonstrated that he managed to gain unauthorized access to a NASA site, leaked sensitive contract information from a site connected to the US Army Communications and Electronics Command (CECOM).

           A number of 30 record sets that include names, user IDs, physical addresses, email addresses, telephone numbers, and clear-text passwords were published in a Pastebin document. “Old crappy server, but has good info inside it. The list is not complete due the lazy condition and msaccess db , enjoy!” the hacker wrote next to the data dump.

           The Pastebin post doesn’t contain the name of the site from where the data was leaked, but the hacker provided us with the IP address associated with it. That IP address led us to a Software Engineering Services site on which only “eligible users” may register.

           We couldn’t reach the hacker for further comment, but he told us on a different occasion that the names of such sites would not be disclosed to the public to prevent “script kiddiez” from breaching them.
We have sent an email to the webmaster of the site in question and notified him on the incident, but so far we haven’t received any response.

           Black Jester is known in the hacker community as the one who wanted to help the United Nations patch up a couple of its public websites. Instead of doing what most security researchers do in this situation and send an email, he went down to their offices in person.

           His other hacks, which he claims are unrelated to the UN incident, targeted NASA and a Qwest datacenter, whose servers he held hostage with the purpose of forcing the company to patch up the vulnerabilities.

0 comments:

Post a Comment