Where to in the #OpAssange Hacking Frenzy Targeting the UK?
Julian Assange’s now famous balcony speech seems to have struck a sensitive chord with the hacker world. A series of Pastebin dumps purporting to offer unauthorized access to various UK organizations’ servers and data bases as a sign of support for Assange seem to indicate that the UK’s share of the online universe has come under heavy hacking fire.
On August 30, an unknown Pastebin user denying any connection to Anonymous claimed responsibility for a hacking attack affecting online properties of three UK Police units. “The corruption in reporting starts very early. It’s like the police reporting on the police”, reads the Pastebin post’s motto attributed to Assange.
According to police statements in response to the possible breaches having resulted from such incidents, the allegedly sensitive info published on Pastebin was, in fact, publicly available.
One day later, the same hacker purported to offer free access to several large organizations’ FTP servers. The US Navy, D-Link.uk, NASA, and Washington University are all featured on the list of targeted organizations.
“I am not a member of Anonymous! Download any file from the server do whatever the f…you want with these FTP’s,” stated the author of the Pastebin post.
Free access to FTP servers could allow unknown users to copy, delete and replace all files stored on the servers. This kind of breach makes it possible to access databases which may contain confidential data. Theory beats practice in this case as well. A closer look at the FTP links provided in the Pastebin dump reveals a new episode of hackers’ own version of Much Ado About Nothing: the targeted servers are, in fact, publicly accessible.
The third hacking operation conducted under the #OpAssange patronage leads to the successful defacement of several organizations’ websites, including a human resources management company and an education consultant based in UK, as well as the Bhakkar police.
While the first two sites that suffered tampering display Warholesque banners depicting Assange, the police web property bears an anti-establishment banner.
Hacktivist group NullCrew, whose most recent spoils of war appear to be eight Sony servers, targeted the africacollege section of the Leeds University web site and apparently extracted a long list of employees’ e-mail addresses, together with passwords and user names.
This academic looting session is also dedicated to Assange. “Intelligence agencies keep things secret because they often violate the rule of law or of good behavior,” read the intro to the NullCrew Pastebin dump.
On the same day, a Peabody database leak was posted on Pastebin as another tribute to the Assange cause. The posted info, including a website admin password, apparently offers access to the energy company’s website, which could be altered, in this way, by any ill-willing entity. An Assange quote preceding the leaked info clarifies the motivation behind this action. “If journalism is good, it is controversial, by its nature”.
Though this may seem as a typical cry-wolf chain of events, one cannot help but wonder what may happen next. The #OpAssange alleged agenda made public on Pastebin on September 2 is astounding. It would appear that the Bank of England, Oxford University, Cambridge University, United Kingdom Airlines (britishairways.co, flybmi.com, cheapflights.co.uk) as well as the UK Department of Education might be set on a permanent hack watch from now on. A successful attack against British Airways alone is likely to cause extensive damage. Worst case scenario- one which, obviously, does not presuppose the “unauthorized” accessing of already public servers- the activity of the airline’s booking system is disrupted by fake mass booking attempts.
So, where to? Only time will tell.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.