AntiSec Hackers Release Sensitive VDI Documents

AntiSec hackers have made good on their threat to release sensitive emails and company documents stolen in a breach operation against defense contractor Vanguard Defense Industries (VDI).

The Tech Herald previously reported that the AntiSec hacker collective had breached the email account of Richard Garcia, the Senior Vice President of defense contractor VDI.

The firm was apparently targeted due to their business relationships with multiple federal and local law enforcement agencies, and Garcia was specifically targeted because he formerly was the Los Angeles Assistant Director for the FBI, and the agency and their affiliates have been singled out by the AntiSec hackers as being favored targets for malicious assaults.

The Pastebin announcement from AntiSec states:

We are releasing 1GB of private emails and documents belonging to Vanguard Defense Industries(VDI), a defense contractor that sells arms to law enforcement, military, and private corporations. The emails belong to Senior Vice President of VDI Richard T. Garcia, who has previously worked as Assistant Director to the Los Angeles FBI office as well as the Global Security Manager for Shell Oil Corporation. This leak contains internal meeting notes and contracts, schematics, non-disclosure agreements, personal information about other VDI employees, and several dozen “counter-terrorism” documents classified as “law enforcement sensitive” and “for official use only”.

The announcement also indicates that the breach may have uncovered evidence that financial giant Merrill Lynch may have tipped off VDI about Standard and Poors (S&P) plans to downgrade the U.S. government’s credit rating:

Additionally we found evidence of a Merrill Lynch wealth management advisor giving private advance notice to Garcia about upcoming S&P US credit rating downgrades.

The hacking operation may have exploited two outdated plugins employed on the firm’s website which uses WordPress, a platform known to have vulnerabilities if not properly maintained.

The success of the operation may have also been due to Garcia’s use of a weak password – reportedly “Gloria88” – which is short, uncomplicated, and lacks non-alphanumeric characters.

Advertisements

About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: