Federal Contractor IRC Federal Hit by AntiSec Hackers

Monday, July 11, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

Federal contractor IRC Federal was forced to take its website offline Friday after hacktivists illegally accessed the company's networks and and posted emails and other sensitive documents.

The hack was claimed by members of the AntiSec movement, largely comprised of followers of the rogue hacktivist group Anonymous which includes the now-defunct LulzSec hackers who had previously breached multiple companies and organizations in a fifty day hacking spree.

IRC Federal is a private company that holds contracts with the Department of Defense, the Department of Justice, the U.S. military and NASA, among others.

The AntiSec group posted the emails and documents on Pastebin, claiming the breach was orchestrated using a SQL injection attack against the company's website, one of the most common exploits in the hacktivist's toolbox.

The Pastebin data dump included the following explanation of the unauthorized system access and theft of data:

Today we release the ownage of another government-contracted IT company, IRC Federal. They brag about their multi-million dollar partnership with the FBI, Army, Navy, NASA, and the Department of Justice, selling out their "skills" to the US empire. So we laid nuclear waste to their systems, owning their pathetic windows box, dropping their databases and private emails, and defaced their professional looking website.
 
In their emails we found various contracts, development schematics, and internal documents for various government institutions including a proposal for the FBI to develop a "Special Identities Modernization (SIM) Project" to "reduce terrorist and criminal activity by protecting all records associated with trusted individuals and revealing the identities of those individuals who may pose serious risk to the United States and its allies". We also found fingerprinting contracts for the DOJ, biometrics development for the military, and strategy contracts for the "National Nuclear Security Administration Nuclear Weapons Complex".
 
Additionally we found login info to various VPNs and several Department of Energy login access panels that we are dumping *live* complete with some URLs to live ASP file browser and upload backdoors - let's see how long it takes for them to remove it (don't worry we'll keep putting it back up until they pull the box ;D)
 
Before we begin the drop, a personal message to the employees of IRC Federal:
 
If you place any value on freedom, then stop working for the oligarchy and start working against it. Stop aiding the corporations and a government which uses unethical means to corner vast amounts of wealth and proceed to flagrantly abuse their power. Together, we have the power to change this world for the better.

Followers of the AntiSec movement believe that by exploiting otherwise easily mitigated vulnerabilities such as SQL injections and publicly embarrassing companies, organizations and government agencies by exposing sensitive and potentially embarrassing materials will inspire better overall security practices.

Critics counter that notifying those same organizations of security lapses and providing enough lead-time for rectification of the vulnerabilities would be enough to accomplish the same goal, and that the antics of Anonymous and the AntiSec movement are more of an exercise in self-gratification and ego enhancement than an effort to improve overall security in information systems.

Possibly Related Articles:
16107
Network->General
SQl Injection Headlines Anonymous Hacktivist hackers breach Lulzsec AntiSec IRC Federal
Post Rating I Like this!
Default-avatar
audrey bryant This is a very bad news to the said company. That's why information confidentiality should always be protected and kept. The growth of jobs during the financial recovery has been, at the best, anemic. Many businesses are choosing to hire independent contractors to fill gaps in their jobs. Before you sign on as an independent contractor, it is important to understand the differentiation. Article resource: Making the distinction; employee versus independent contractorIRS. I can say that this is the effect of financial crisis we are all experiencing at present.


1314426567
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.