Blog
Contact Us

BREAKING NEWS

CLICK HERE FOR BREAKING NEWS & ANALYSES

The Team at Firestorm

Firestorm has a globally recognized group of contributors to this blog - Expert Speakers, Authors and Presenters, all highly credentialed and experienced in the field of crisis preparedness and crisis management.

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that has been used in the blog.
  • Login

Data Security: ClearUSA Hacked

Posted by on in Data Security
  • Font size: Larger Smaller
  • Hits: 5042
  • 0 Comments
  • Subscribe to this entry
  • Print

Data Security

 

ClearUSA Hacked


HEADLINE:  Major US law enforcement Website shut down after data breach

SUMMARY:  A hacker penetrated the web site of CLEARUSA.ORG  and downloaded a listing of members that contained names, addresses, organizations, titles, email addresses, phone numbers, and site password information. The hacker then posted this information on a blog and invited other people to attempt to try to break into various personal web sites (Facebook, email, Linkedin, etc.) to harass the organizations’ members. This tactic is in “retaliation” for the actions of law enforcement against “occupiers”. As a result of the security breach, the Clearusa web site has been temporarily shut down while its administrators are working to address security issues and repair the application.

STORY LINK:  http://news.softpedia.com/news/Major-US-Law-Enforcement-Website-Shut-Down-After-Data-Breach-239859.shtml

Bill Baker, VP FirestormAnalysis by Bill Baker, VP Firestorm

There are no web sites that are totally invulnerable to hackers.  The task of your site administrator is to make your site relatively difficult to attack so that potential hackers will go after an easier target.  It’s rather like putting a “beware of dog” sign in your yard so that potential intruders will go next door.   It would seem that the CLEARUSA.ORG (Coalition of Law Enforcement and Retail (C.L.E.A.R.)) site was the one without a growling dog.

In their mind, hackers perform a public service by exposing weaknesses in web applications or operating systems.  They like to justify their actions as encouragement for vendors to plug leaks and fix security holes.  While I disagree with this logic, there are a lot of hackers out there who will challenge any web site’s security.  The current hacker has taken a step beyond into the realm of internet disruption.



“Exphin1ty”, the hacker involved in this latest foray, wanted to retaliate against “Law Enforcement’s inhumane treatment of occupiers”.   He/she selected a somewhat obscure quasi-governmental organization site as the target.  Fortunately, the database information that was stolen and then posted as a blog contains very little sensitive information.

Clearusa.org is a cooperative organization between local police and retailers designed to reduce organized shoplifting.   Nearly all of the database information exposed may be publicly available elsewhere.  Even so, we can learn valuable lessons from this event.

Am I a Target?


First, any web site may be attacked.  Soft targets may be exploited by “kiddie hackers” as a game or training adventure.

Second, if your web site includes any type of database (membership roster, contact list, etc), hackers may want to test your security (and steal your data).

Third, should you have sensitive personal or corporate data on your site, you MUST be sure that you have appropriate heavy-duty security.

Protect your Site and Data


It’s not that difficult to enhance the security level of your web site.  These basic steps can make your site less attractive to hackers.

Remember: Predict. Plan. Perform.


  • Make sure that your administrator ID and Passwords are complex.  If you are able to change the administrator ID from a pre-programmed ID (such as “admin” or “administrator”) do so.  Increase the length and complexity of your passwords to at least 11 characters.

 


  • Plug the “back door” leak.  Some sites utilize back door access or super-administrator functions.  Be sure that these IDs and passwords are also hardened.  Joomla applications typically have a common super-administrator ID such as “62” or “42”.  Change it to discourage hackers.

 


  • BACK UP YOUR WEB SITE.  It would appear that Clearusa needed to shut down because it did not have a usable backup version.  There are hackers that will attack your web site with the intention of corrupting your information – not to steal database information.  A backup copy is useful not only for restoration of a corrupted application but as a comparison tool so that you may find malicious code or other unauthorized changes to your source code.

 


  • Test resistance to attack by hackers.  There are hackers that have not gone over to the “dark side” that can be useful to audit your code, passwords, and attempt to penetrate your best defenses.
Rate this blog entry:
0

Comments

  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest Saturday, 26 July 2014

Newsletter Sign Up

newsletter signup
Firestorm believes that crisis preparedness is predicated on recognition of imminent threats. Our weekly newsletter is an invaluable tool that reports on current conditions and issues, and includes original commentary and analysis from our Expert Council, Senior Leadership, and Guest Contributors. Valuable, insightful commentary analysis each week - and it's FREE! Sign up to receive these critical alerts

Download our Toolbar! Get our toolbar!

Register for an Event

Crisis CalendarFirestorm Events

Firestorm presents a variety of topical webinars each month for the business community presented by leading experts in their fields.  Our Leadership Team and Expert Council present as Keynote Speakers, Program Presenters, and Panel Members at events across the country. Keep up to date and Join us!
View our Upcoming Events...

 

Read Our Latest Analysis

NewBookCoverFirestorm founders Harry Rhulen and Jim Satterfield wrote Disaster Ready People for a Disaster Ready America specifically to address the need for crisis and disaster preparedness at home, and the book has become a cornerstone of many personal and corporate preparedness programs.

Download the eBook..

Who We Are

What We Do

How We Do It

Contact Firestorm

Newsroom

Biography

Every Crisis is a Human CrisisFirestorm has a globally recognized group of...

Calendar

Loading ...
Our Address:
1000 Holcomb Woods Parkway Suite 130
Roswell, GA USA 30076

Information

FIRESTORM® transforms crisis into value.  The FIRESTORM PREDICT.PLAN.PERFORM.® methodology combines C-Suite level consulting, dynamic software solutions, and proven crisis management expertise to empower clients to create resilient organizations. FIRESTORM is a nationally recognized leader in Crisis Management, Continuity Planning, Critical Decision Support, Crisis Response, Crisis Communications, Crisis Public Relations, and Consequence Management.

We are the Crisis Coach® (800) 321-2219


Meet Our Management Team
Facebook
Google
Twitter