At a time when concerns are escalating regarding foreign hackers backed by various countries delivering severely embarrassing blows to the United States by hacking sensitive political data, a report recently surfaced claims a teen hacker with the alias “Fear” has easily managed to get his hands on several hundred U.S. government-owned FTP servers. Can any reasonable authority guarantee to the U.S. general public the upcoming presidential elections will not be hacked in favor of a particular candidate? Can anyone guarantee U.S. elections have not suffered such attacks in the past, with the government keeping a lid on the matters to avoid a major internal embarrassment fiasco?
One server at a time
The hacker first obtained access to a single server, only to go on to discover that particular server withheld access credentials to .us and gov domains, making available the credentials of all FTP servers. Public and private information, program source codes and a long line of more sensitive data is included in these .us servers. However, the hacker hasn’t even made it clear what is loaded on .gov sites.
FTP, short for file transfer protocol, and the servers using this type of protocol, are launched to host files on local networks through the Internet. Users usually need a login name and password to obtain access to data stored on such servers. The dangerous part is that these servers enjoy the ability of being made public or set as private. Of course, the government always maintains its servers are private devices. This makes it even more concerning over how a simple teenager was able to gain access to one such server, and go on to obtain details over many others.
Making it so easy
This hacker even boasts how easy it was to obtain access to the 1st server that obtained a list of all the .us domains and their FTP servers. (Remember this is an American teen speaking, and not a Russian expert with major degrees in many different fields.) The hacker took his time to inspect each server with the utmost precision, concluding that any individual currently doing such security research is able to carry out such measures. Finding a way around may take 3 to 4 hours, yet it is definitely not impossible, the hacker added with much calm.
The anonymous hacker also goes on to reveal that FTP sites contain no encryption to protect their contents, despite the sensitivity of their matter. He was also able to get his hands on credit card and social security numbers, along with banking transactions using the Internet by the First Bank of Ohio. One file actually contained such sensitive information, including email and postal address, along with phone numbers, of candidates running for the Minnesota school board.
The bigger story
This whole scenario is painting an alarming picture of the vulnerability of the U.S. government computer system in the face of major international hackers that enjoy the support of Russia, China, Iran and … We are talking about a teenager who lacks a diploma, yet was able to bypass all the barriers placed by the U.S. government to gain access to credit card numbers in the First Bank of Ohio, considering the fact that the government has access to that particular bank. Likewise, the bank is home to sensitive numbers through the span of several SQL tables. This is in the form of Excel-like data storage spread sheets inside a database. To make things even more disturbing and troubling is the case of one particular FTP server in the state of Florida that even lacked a protected password. It is reported that three files in this server contain a whopping total of 743 million records, and there is talk of even more being available. That particular server has now been provided protection through a password (despite the fact that it may lead to a case of finally closing the “barn” after the “cow” with the information has already fled.) Rest assured more professional hackers that are persistent enough will be able to breach this password to obtain the data they seek.
What if …
In the end the teen hacker was able to collect thousands of credit card numbers, and millions of social security numbers. One can only imagine the extent of damage that can be inflicted with this data, and the level of data these hackers can obtain if they attempt to breach into much more sensitive military or infrastructural intelligence and cause havoc as a result. This hacker was able to grab sensitive details about state employees, their names, addresses, phone numbers and even their positions in the government. Research has shown the FTP sites controlled by the U.S. government only relying on merely 5-character passwords.
Reportedly, this teen hacker didn’t leave behind any backdoors to the FTP server, other than the case in Florida to be exact, as that backdoor was removed recently. However, the entire situation at hand is very mindboggling considering the fact that these are U.S. government-run servers, while expectations are high and the public demands these servers be the most protected devices on the plant. All in all, the harsh reality is that a teenage was able to get a hold of such sensitive data. What if in the not so distant future we have to deal with a professional hacker enjoying the support of government funding?
This leave us wondering about the possible scope of damage local hackers, and also international terrorists, could inflict to America’s interests by simply breaking into these servers (of course, if they haven’t already.) The federal government took measures after the report and shut down the .us FTP server. However, rest assured this will not be the last case where we here about hackers busting in and stealing even more sensitive data.