EXCLUSIVE: Hacked ABC website likely breached by crooks in 2011

Leaked data points to previous compromise...
February 27, 2013 -- 

The ABC Website compromised by anonymous attackers overnight was likely already breached by cyber-criminals active on Russian forums as far back as 2011.

The user database of the Making Australia Happy television program was published overnight with the emails and hashed passwords of its 50,000 users dumped on paste websites.

The pastes were released under the tag "#OpWilders"; the breach ostensibly a revenge attack over the ABC's decision to air an interview with controversial anti-Muslim Dutch politician Geert Wilders, who visited Australia last week.

But strong circumstantial evidence has emerged that suggests the site had already been compromised by criminals. The first two password hashes in the compromised database appeared on a Russian cybercrime website, in sequence, in 2011.

Forum user "prevedma1" posted a thread in October 2011 titled "Need crack hashes" before pasting in two SHA1 hashes. The hashes are identical to the first two contained in the leaked user database. One of them corresponds to an ABC user account with moderator privileges.

You can see a screen capture here.

If this database was indeed obtained by cybercrooks back then it's likely it was used in phishing and malware campaigns. It is unclear why the supposed attacker was seeking to crack those hashes, but the ABC moderator account would have presumably afforded simple and privileged access to the site's content management system.

It's also possible the attacker was hoping the ABC admin account password was re-used elsewhere. Cracking it would be an excellent way to further propagate an attack deeper into the ABC network.

Opinion seems divided as to whether the latest hack, or "operation" in Anonspeak, was met with approval from the Anonymous community. An attack against a media organisation by a protest "brand" that supports free speech seems to run contrary to the anti-censorship ideals of the Anonymous movement.

Follow Patrick Gray on Twitter here.

Check out the Risky Business podcast here.

Comments

droplar's picture

The website will now be very careful. They will have to improve their internet security right there. - Flemings Ultimate Garage