[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Suspect arrested who used Heartbleed to infiltrate the Canada Revenue Agency (Our IRS)

To: Andrew Klaus <andrewklaus@xxxxxxxxx>, Justin Bull <me@xxxxxxxxxxxxx>
Subject: Re: [FD] Suspect arrested who used Heartbleed to infiltrate the Canada Revenue Agency (Our IRS)
From: Joe Pierini <jpierini@xxxxxxxxx>
Date: Wed, 16 Apr 2014 16:59:27 -0700

"The CRA also declined to explain how it determined which SINs were
hacked, since Heartbleed intrusions are hard to detect.²

My guess is he was probably quite proud of himself and went and told the
agency. ³Hey you¹ve got Heartbleed, look at all the SIN¹s somebody can
get.² and then they promptly turned around and arrested him. He¹ll be
touted as the latest evil hacker and the CRA will bang on about how they
³detected and captured² him.

Remember kids, if you don¹t have a signed authorization form, stay out or
at the very least, keep your mouth shut.

Joseph Pierini | CISSP, PCI: QSA, PA-QSA, QAE
Director of Technical Services
Security Assessor - Penetration Tester
PSC - Business & Technology Experts in Payments, Security & Compliance




On 4/16/14, 4:28 PM, "Andrew Klaus" <andrewklaus@xxxxxxxxx> wrote:

>I'm guessing he scripted to pull as many login/passes (or cookies) as
>possible, then simply looped through them and grabbed the SIN data from
>the
>web interface. Needing to "login" to each.
>
>Indeed, what an idiot.
>
>
>On Wed, Apr 16, 2014 at 12:27 PM, Justin Bull <me@xxxxxxxxxxxxx> wrote:
>
>> Some 19 year old kid used heartbleed to gain access to the CRA systems
>>and
>> purge 900 SINs (akin to SSN) from the agency.
>>
>> What a fool.
>>
>>
>> 
>>http://www.theglobeandmail.com/news/national/rcmp-charge-teen-in-relation
>>-to-alleged-heartbleed-bug-theft/article18041007/#dashboard/follows/
>>
>> --
>> Best Regards,
>> Justin Bull
>> E09D 38DE 8FB7 5745 2044 A0F4 1A2B DEAA 68FD B34C
>>
>> _______________________________________________
>> Sent through the Full Disclosure mailing list
>> http://nmap.org/mailman/listinfo/fulldisclosure
>> Web Archives & RSS: http://seclists.org/fulldisclosure/
>>
>
>_______________________________________________
>Sent through the Full Disclosure mailing list
>http://nmap.org/mailman/listinfo/fulldisclosure
>Web Archives & RSS: http://seclists.org/fulldisclosure/



_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

References:
- [FD] Suspect arrested who used Heartbleed to infiltrate the Canada Revenue Agency (Our IRS)
  - From: Justin Bull
- Re: [FD] Suspect arrested who used Heartbleed to infiltrate the Canada Revenue Agency (Our IRS)
  - From: Andrew Klaus

Prev by Date: Re: [FD] Suspect arrested who used Heartbleed to infiltrate the Canada Revenue Agency (Our IRS)
Next by Date: [FD] ldd for OS X WAS:Auditing systems for vulnerable 3rd-party OpenSSL (Gabriel Brezi)
Previous by thread: Re: [FD] Suspect arrested who used Heartbleed to infiltrate the Canada Revenue Agency (Our IRS)
Next by thread: [FD] ASUS RT-XXXX SOHO routers expose admin password, fixed in 3.0.0.4.374.5517
Index(es):
- Date
- Thread