Got $500? You can buy a hacked U.S. military website

[security curmudgeon <jericho () attrition org>]

[Note the paragraph starting "The hacker is also selling.." - jericho]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.computerworld.com/s/article/9205905/Got_500_You_can_buy_a_hacked_U.S._military_website

By Robert McMillan
IDG News Service
January 21, 2011

If you're a criminal looking for full control of the Web used by the U.S. 
Army's Communications-Electronics Command (CECOM), you can get it for just 
under US$500.

At least that's what one hacker is offering in underground forums. 
Security vendor Imperva found the black market sales pitch Thursday and 
posted details of the incident on Friday.

The hacker says he has control over a number of websites, including other 
military sites, government sites, and those belonging to universities, 
said Noa Bar-Yosef, Imperva senior security strategist. Prices range from 
$33 to $499, depending on how important or widely used the website is. 
"You can actually buy the capability of being the administrator of the 
website," she said.

The hacker is also selling databases of personal information he's stolen 
from the websites for $20 per thousand records, she said. That data could 
be used by spammers, or by fraudsters to break into online accounts.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/