Hack hall of shame: April 2015

April has seen a number of sustained attacks and some big company names are featuring on the list in our first instalment of the Hack Hall of Shame. This month also saw a surge in hacktivism with TV5Monde, France’s national broadcaster, being targeted by pro-ISIS hackers. The Pope too fell victim to hacktivism from Turkey after referring to the mass killings of Armenians by Turks as ‘genocide.’

Countdown with us the top 10 hacks, attacks and vulnerabilities exploits for the month of April.

Russians hacking the White House

Russian hackers received quite a bit of airtime in April. On April 8, CNN revealed that the White House computer system was breached. Even though the system was named to be an unclassified one the hackers still had access to sensitive information such as the president’s schedule. Then, on April 26, the New York Times revealed that Russian hackers might have even had access to the president’s email and that in fact the attack was more serious than previously thought.

TV5Monde hacked by pro-IS hackers

France’s national broadcaster came under attack by pro-IS hackers. All TV5Monde broadcasts were targeted, 11 in all, and these were blacked out between 10pm on April 8 and 1am on April 9. After the attack, Arstechnica revealed how simple basic password theft can be. During an interview about the attack a talking head is sitting in front of a desk smothered in sticky notes with one of the notes being the username and password of their YouTube presence.

Belgian media company experiences DDoS attack

Yet another attack on the media, this time via DDoS on Belgian media group Rossel. The attack lasted several hours on April 12 and newspapers such as La Soir had to be shut down during the attack. To date, no group or individual has claimed responsibility for the attack.

More than 100,000 contacts held on French state TV computers have been stolen

Going back to France, and only a week after the TV5Monde hack, French State TV computers were attacked due to insufficient safeguards. However, this attack was not due to hacktivism. Instead, it is believed to have been done for financial gain as 100,000 French State TV contacts were lifted from the system. The black hat group responsible for the attack has been identified as the Linker Squad.

Infinite loop attack with No iOS Zone

iPhone and iPad users had a very cold shower when, during an RSA security conference in San Francisco, the ‘No iOS Zone’ vulnerability was revealed by Skycure. By manipulating SSL certificates sent to an iOS over a network it is possible to put the device in an infinite loop. Many thought the solution might be easy – not connect to random Wi-Fi spots, however, it was revealed that some iOS devices will automatically connect to certain networks.

Lufthansa says some frequent flyer accounts hacked

One of the big names on this month’s list is Lufthansa who on April 10 announced that some of its frequent flyers accounts had been broken into. Lufthansa’s databases were not compromised during the attack.

WordPress plugins at risk of XSS attack

A horde of WordPress plugins have been updated in order to patch a series of cross-site scripting (XSS) vulnerabilities. Attackers would have been able to inject dangerous commands into visitor’s browsers visiting the websites. Some of the plugins affected include the very popular Jetpack plugin, WordPress SEO and Google Analytics by Yoast.

UK government website hijacked by Islamist hackers

The UK government website uk-air.defra.gov.uk within DEFRA (Department of Environment, Food & Rural Affairs) was hacked on April 6. Instead of patterns of UK pollution for the day, visitors could see a message about Britain’s involvement in the Iraq invasion of 2003.

US lottery security boss charged with fixing draw

Mid-April the BBC revealed that a former US lottery security boss was charged with fraud. Eddie Raymond Tipton allegedly hacked the computer which picks the winning numbers. Even though he was caught on CCTV buying the winning ticket the prize money of $14.3 million hasn’t been claimed.

Irish airline Ryanair loses €4.6 million via Chinese bank

The Irish Times reported that Ryaniar had around $5 million taken from its bank accounts through a criminal scan which electronically transferred the monies to a Chinese bank. The tapped funds are those used to buy fuel for its aircraft yet to this day, there has been no indication of how the scam operated or who is responsible.