The group known as SwaggSec, who targeted Foxconn earlier this year, released a collection of files over the weekend, allegedly taken after they compromised China Telecom and Warner Bros.
Neither firm has issued a statement on the incident, but according to statements made by SwaggSec, China Telecom attempted to address the breach by relocating their SQL database. The effort was wasted however, as they only changed the IP location.
“No changing of admin passwords, or alerting the media. At any moment, we could have and still could destroy their communication infrastructure leaving millions without communication,” a statement on the breach from SwaggSec notes.
The China Telecom data dump is said to contain 900 records, each one an administrative user, but subsequent investigation into the data, during the short time that the entire document dump was made available publicly on the Web, showed only 30 accounts within the CSV file.
The attack on Warner Bros. is far more interesting.
Based on the comments provided with the breach notification, SwaggSec hacked WB’s Intranet, and discovered a presentation from the IS department about the status of internal security audits.
“When we hacked their intranet, we were surprised to see their IT department's well documented "confidential" data about the "critical vulnerabilities" on their servers and sites. However, their IT department's ignorance to fix any of the vulnerabilities they were aware about, granted us complete access to their servers.”
The presentation, prepared by the Technical Operations department within Warner Bros., only accounts for the status of their audits as of the week of April 27, 2012.
Among the top concerns for their environment listed within the leaked document, are Cross-Site Scripting, a lack of SSL where needed, Web Server Vendor Disclosure, URL Redirection, PHP remote vulnerabilities, and Account Enumeration. Along with the list of outstanding issues was a list of vulnerable domains, something that would only help would be attackers if discovered.
However, based on the metrics, the Technical Operations group is making solid headway considering the size of their organization, showing strong growth in the number of completed audits over a rolling 12 month cycle. However, they seemed to stall on remediating a number of outstanding “medium risk” and “high risk” vulnerabilities during the same period, as the reporting shows little change over final nine weeks.
Other items accessed and released by SwaggSec that could later be used against Warner Bros. includes the number of outstanding Apache and PHP upgrades across the network, and a detailed how-to from the IT department on accessing the VPN, including server names and authentication requirements.
Such details would only serve to further a Phishing attack against the organization.
“Although we were going to include a much larger leak from Warner Bros, we decided to stick within our time frame in hand. Besides, there are plenty of other ignorant companies to own,” the SwaggSec release noted.
As mentioned, neither Warner Bros., nor China Telecom has made a statement on the alleged breach. We’ll update this story if that changes.