If you are a criminal looking for total control of the World Wide Web, used by the U.S. Army Communications-Electronics Command (CECOM), you can get it for just under $ 500 U.S.
Or so we offer underground hackers in the forums. security provider Imperva found on the black market sales pitch on Thursday and published details of the incident on Friday.
Hacker says that oversees several sites, including other military sites, government sites, and belong to universities, "said Noa Bar-Yosef, Imperva senior security strategist. Prices range from $ 33 and $ 499, depending on how important site or widely used. "You can actually acquire the ability to have a web site administrator," he said.
The hacker also sells its database of personal data was stolen, sites $ 20 per thousand records, "he said. This information could be used by spammers or scam artists to penetrate accounts online.
Bar-Yosef saw that the administrative privileges of the 16 sites were available for sale. In one case, a hacker sells about 300,000 people who were on the site.
The selling these things probably started to these sites using a common Web-based attack called SQL injection, Bar-Yosef said. For years, hackers have been exploring the Web for misspelled web pages, especially those with fields of data entry forms for research or contact the back-end database. So they try to sneak database commands through these pages.
With automated tools, it is easy for pirates, even non-technical - known as "script kiddies" - to remove this type of attack.
When SQL injection works, the results can be devastating. It's that famous hacker Albert Gonzalez used to enter business as Heartland Payment Systems and 7-Eleven.
Imperva names of victims written in his blog, but blogger Brian Krebs of Security has released details about the incident, including the names of most of the hacked sites. Includes U.S. states Utah and Michigan, the Italian Government and the Department of Defense Pharmacoeconomic Center, which analyzes the use of military medicine and assistance to the Department of Veterans Affairs contracts to purchase drugs.
"Amidst all the media and the public's fascination with threats Stuxnet and heavy concepts like" cyber war ", it is easy to forget the more mundane and persistent security threats such as Web site vulnerabilities," Krebs wrote on his blog Friday. "But none of these distractions should apologize to U.S. military leaders to ensure that their sites are not trivially hackable by script kiddies."
News Source : Computer world