AntiSec Hackers Release Sensitive VDI Documents

Friday, August 19, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

AntiSec hackers have made good on their threat to release sensitive emails and company documents stolen in a breach operation against defense contractor Vanguard Defense Industries (VDI).

The Tech Herald previously reported that the AntiSec hacker collective had breached the email account of Richard Garcia, the Senior Vice President of defense contractor VDI.

The firm was apparently targeted due to their business relationships with multiple federal and local law enforcement agencies, and Garcia was specifically targeted because he formerly was the Los Angeles Assistant Director for the FBI, and the agency and their affiliates have been singled out by the AntiSec hackers as being favored targets for malicious assaults.

The Pastebin announcement from AntiSec states:

We are releasing 1GB of private emails and documents belonging to Vanguard Defense Industries(VDI), a defense contractor that sells arms to law enforcement, military, and private corporations. The emails belong to Senior Vice President of VDI Richard T. Garcia, who has previously worked as Assistant Director to the Los Angeles FBI office as well as the Global Security Manager for Shell Oil Corporation. This leak contains internal meeting notes and contracts, schematics, non-disclosure agreements, personal information about other VDI employees, and several dozen "counter-terrorism" documents classified as "law enforcement sensitive" and "for official use only".

The announcement also indicates that the breach may have uncovered evidence that financial giant Merrill Lynch may have tipped off VDI about Standard and Poors (S&P) plans to downgrade the U.S. government's credit rating:

Additionally we found evidence of a Merrill Lynch wealth management advisor giving private advance notice to Garcia about upcoming S&P US credit rating downgrades.

The hacking operation may have exploited two outdated plugins employed on the firm's website which uses WordPress, a platform known to have vulnerabilities if not properly maintained.

The success of the operation may have also been due to Garcia's use of a weak password - reportedly "Gloria88" - which is short, uncomplicated, and lacks non-alphanumeric characters.

As for the AntiSec hacker's motivations, the release states:

We are doing this not only to cause embarrassment and disruption to Vanguard Defense Industries, but to send a strong message to the hacker community. White hat sellouts, law enforcement collaborators, and military contractors beware: we're coming for your mail spools, bash history files, and confidential documents.

Can't stop, won't stop.

Possibly Related Articles:
8453
Breaches
FBI Headlines hackers breach Law Enforcement AntiSec Pastebin Data Dump Vanguard Defense Industries Merrill Lynch
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.