Hackers affiliated with Anonymous’ AntiSec campaign have hacked into the network of IRC Federal, an engineering company that works with several federal agencies including the FBI.
The group of hackers claim to have obtained access to the contractor’s web server, email database, VPN logins and other information.//
“In their emails we found various contracts, development schematics, and internal documents for various government institutions including a proposal for the FBI to develop a ‘Special Identities Modernization (SIM) Project’ to ‘reduce terrorist and criminal activity by protecting all records associated with trusted individuals and revealing the identities of those individuals who may pose serious risk to the United States and its allies.’
“We also found fingerprinting contracts for the DOJ, biometrics development for the military, and strategy contracts for the ‘National Nuclear Security Administration Nuclear Weapons Complex’,” the hackers write.
After stealing the data, some of which was dumped online, the attackers deleted the company’s databases and defaced its website. The site has since been taken offline.
“We reported it to the authorities, and otherwise we have no comment,” an IRC Federal spokesperson told the New York Times. The FBI declined to comment.
The compromise extends beyond IRC Federal, as hackers claim to have found logins to third-party VPNs and a Department of Energy system.
In their announcement, they also explain how the hack went down. As usual, it started with an SQL injection vulnerability being exploited to extract administrative credentials.
The hackers then found a script to upload images on the site’s backend. The script has several extensions blacklisted in order to prevent the upload of executable code; however, it missed a few, including .cfm.
From there the hackers downloaded a phpbb internal forum’s database which contained hashed passwords. Some of them were cracked and turned out to have also worked for the emails of IRC Federal employees.
All of these attack vectors, SQL injection, crackable password hashes, password reuse, were also exploited in the attack against HBGary Federal earlier this year. One would think that IRC Federal and other contractors would have learned something from that incident.