Ever since Anonymous and LulzSec proved that cybercriminals could achieve celebrity status on the web, there has been a consistent stream of hackers trying to make a name for themselves by disrupting the operations of high-profile companies. The latest addition to this list is "r00tbeer," a four-man team which arrived on the scene after successful intrusions of computer chip maker Advanced Micro Devices (AMD) and Dutch electronics giant Philips.
A basic breach
The group signaled its intentions last week on its newly created Twitter feed, suggesting that its next target would be a "large company." The hackers made good on their promise by taking AMD's company blog offline and stealing a database full of staff information. According to eWeek, r00tbeer stamped its success by leaving an original logo on the compromised AMD webpage as well as a link to a tweet that provided further news on where the stolen data would be dumped.
In the immediate aftermath, the company posted a message suggesting that the blog site was being taken offline for routine maintenance before ultimately shutting down the site.
"We believe that the attackers posted less that 200 registered usernames and salted password hashes to a hacker website," AMD officials explained in a statement emailed to eWeek. "AMD uses salted password hashes, which is an industry best practices for encryption and extremely difficult to crack."
Company spokesmen also insisted that no customer data, personal information or employment records where stored anywhere on the compromised website and that AMD would fulfill its commitment to data security and privacy by launching a full investigation into the matter.
According to ZDNet, the WordPress platform powering AMD's company blog may have been its saving grace in this instance. In 2007, WordPress made the switch from storing passwords as unsalted MD5 hashes to a more robust hashing framework called phpass. As a result, decrypting and retrieving plain text passwords from a database dump would be a much more labor-intensive task for hackers.
A more elaborate attack
Although the AMD attack may have been a rather trivial incident, r00tbeer found a more vulnerable target with its strike on Philips. According to TechWeek Europe, the hackers cracked the code to company databases and eventually posted nearly 200,000 email addresses. They also made off with seven SQL tables containing customer names, home addresses, birthdays and account passwords.
Perhaps most troubling, much of this information had been stored in plain text. For instance, the email addresses of approximately 350 Italian customers who recently purchased TVs from Philips had their email addresses and passwords posted in clear view in the database dump.
As one independent security analyst found out, even some of the data sets that contained hashed passwords were not impenetrable. According to TechWeek, the white hat hacker successfully decoded nearly 150 passwords within two minutes by using basic software and guessing popular combinations including "1234," "qwerty," and "philips."
The electronics manufacturer was able to mitigate short-term concerns by revealing that much of the information posted via r00tbeer was likely the same data from an earlier breach of Philips' systems in February. But according to TechWeek, data protection experts are still wondering why customer records were being stored on certain company micro-sites and how they were left without the benefit of the industry best practice encryption model of salted hashes.
Although r00tbeer's motives are still unclear and its initial foray into high-profile hacking yielded relatively tame results, the group's success is yet another reminder that even some of the world's largest and most technically proficient companies still have room for improvement when it comes to locking down employee and customer data.
Data Security News from SimplySecurity.com by Trend Micro