I was surprised to see Brazil in the list of systems compromised by “Anonymous” recently. To demonstrate the compromise, /etc/passwd from some systems was published. GNU/Linux has a simple and reliable system of authentication which should prevent access to that file except by root, the administrative user. The actual passwords are not revealed but the usernames and real names of accounts are in there as well as user and group id numbers and /home directories.
A clue to the nature of the compromise comes from others in the list, Zimbabwe, Anguilla, Mosmon Council in Australia,… The latter included MySQL database dumps from “teens.mosmanlibraryblogs.com” and other sites. Mosmon Council also ran Lose 2K until 2008 when they switched to GNU/Linux on web servers. They have announced the breach:
Mosman Council is aware that an organisation has hacked Council’s websites and is making that content available for download.
However, no ratepayer information from Council’s internal systems has been accessed.
The hack was made via an sql injection exploit on a subsidiary website deployed some years ago. The hack was able to initiate a ‘data dump’ of some of our public-facing websites. The information being made available is essentially what you are able to access when browsing our websites. The web editors’ passwords are encrypted, and are now being changed.
There has been no unauthorised access to Council’s internal systems.. In other words, Anonymous has likely picked some low-hanging fruit on the web. It happens. One weak password is all it takes. One web application allowing in SQL injections is all it takes. One discarded hard drive not properly wiped is all it takes.
That Anonymous had to reach so far to find low-hanging fruit gives us hope that more challenging targets are a lot more challenging. It’s passed the time where everyone has to work towards better security.