HP FTP server broken into by Pakistani hacker HexCoder
Hacker claims to have access to 9GB of corporate data
By Jaikumar Vijayan | Computerworld US | Published: 12:46, 20 June 2011
HP has become the latest to add its name to the rapidly growing list of high profile corporate hacking victims.
The Hacker News, an online news site, this morning reported that Pakistani hacker HexCoder claims to have penetrated an HP FTP server and accessed about 9 GB of data.
A HP spokesman this afternoon said that the trying to verify the hacker's claims. He added that the data alleged to have been compromised is in the Japanese language. The company is working with its Japan operation to find out what might have happened.
Related Articles on Techworld
"There's a high likelihood that this is stuff that is publicly available," the spokesman added.
THN posted several screenshots of the data HexCoder claims to have accessed from the HP system. It's unclear from the screenshots whether any personal or financial data was compromised in the alleged attack.
Some of the filenames that are visible in the screenshots suggest that data on the Japanese versions of HP's Linux, ProLiant storage systems may have been compromised.
The news site quotes the hacker as saying: "I have done this by getting access to FTP successfully. All this by just mere stupidity! Oh and I will not share their database because its too big (9 GB)."
THN editor Mohit Kumar said the screenshots made available to THN show that the hacker has permissions to 777 files on the compromised system. "That means he [may have] root access, almost in FTP," Kumar said.
The screenshots made available by HexCoder suggests that information on various HP software products, tools and drivers has been copied, Kumar said. One of the exposed folders appears to contain delivery reports on various HP products. Another contains various news media files and newsletter items, he said.
The alleged attack on HP lengthens the growing list of organisations that have been recently hacked in similar fashion. Other recent victims include RSA, Sony, Oakridge National Laboratories, Lockheed Martin, the International Monetary Fund and the CIA.
What has been especially discomfiting for many of the victims is the fact that the break-ins often have resulted from embarrassingly low tech methods that showed fundamental security lapses.
