ImageShack hit by hacking group

By on

The image-hosting site ImageShack was compromised over the weekend.

Rik Ferguson, senior security advisor at Trend Micro, wrote on the Countermeasures blog that a group calling itself Anti-Sec exploited the site with a declaration posted to the full-disclosure mailing list.

Ferguson said: “The effect of the attack was to replace many of the hosted images with a single (amusingly titled) image containing the Anti-Sec manifesto. ImageShack was a particularly effective site to target as so many third-party sites use images that are actually hosted on ImageShack.”

The declaration claimed that Anti-Sec is a ‘movement dedicated to the eradication of full-disclosure' and it wanted to give everyone an image of what it was about.

The statement read: “Full-disclosure is the disclosure of exploits publicly - anywhere. The security industry uses full-disclosure to profit and develop scare-tactics to convince people into buying their firewalls, anti-virus software and auditing services.

“It is our goal that, through mayhem and the destruction of all exploitive and detrimental communities, companies and individuals, full-disclosure will be abandoned and the security industry will be forced to reform.”

ImageShack responded by acknowledging that it was compromised by a hacking group. A statement on the site said: “On July 10th, at approximately 8 pm PST, ImageShack's services were compromised by a hacking group. Within a minute, our security systems had identified suspicious activity. We learned that the group had gained control of how images were being displayed. Before 9 pm PST, normal functionality had been restored to user images. No user data or content was damaged or lost.”

It claimed that only a fraction of the servers were affected, so it was able to isolate and remove the issue very quickly. It also claimed to be actively conducting a full audit of its security measures and was hardening its systems.

“It is Anti-Sec's belief, it seems, that the security industry supports full-disclosure (of things like vulnerabilities that lead to zero-day exploits, for example) because it allows the industry in general to develop scare tactics aimed at generating profits," said Ferguson.

“No mention then of the security industry designing proactive protection mechanisms to help people and businesses avoid serious financial and personal damage? No mention of full-disclosure allowing security organisations to mitigate against attacks before they are exploited in the wild? No mention of organised crime profiting from undisclosed vulnerabilities?

"Even though I'm usually a sucker for a manifesto, this just made me think of the wacky end of the survivalist spectrum, heading for the hills with their tins of beans and their AK-47s (and now SQLi).”

See original article on scmagazineuk.com

Copyright © SC Magazine, US edition
Tags:
antisec disclosure full hack hacked hosting image imageshack security website

Most Read Articles

Devastating flaw puts almost every wi-fi network at risk

Devastating flaw puts almost every wi-fi network at risk
NBN Co works to recover cost of network damage

NBN Co works to recover cost of network damage
Subaru key fob vulnerability lets hackers unlock cars

Subaru key fob vulnerability lets hackers unlock cars
Telstra builds 900 machine learning models for marketing overhaul

Telstra builds 900 machine learning models for marketing overhaul
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators
The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators
Solving IT complexity
Solving IT complexity
Optimising Enterprise Data Centres for the Cloud
Optimising Enterprise Data Centres for the Cloud
Growing companies have a growing interest in technology
Growing companies have a growing interest in technology
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
RSA NetWitness® Endpoint. Respond 3X Faster to Threats

Events

Log In

Username:
Password:
|  Forgot your password?