IT security, vunerabilities, bugs, fixes, flaws, RSA conference and Infosec.

« Data kidnapping is the latest thing | Main | McKinnon madness »

Sex hungry cop opened the door for Lexis Nexis hack

A police officer looking to view see nude pictures of a 14-year old girl is the key behind a  security breach of a Lexis Nexis online database, according to a story in Wired News. But the 14-year old turned out to be a member of a hacking group and the file he sent contained a virus that opened a back door to the officer's computer. Lexisnexis

While browsing the officer's computer, he ran into a file containing the username and password for Accurint, a Lexis Nexis service for law enforcement agencies that contains all kinds of personal data. The hacker used the information to look up personal data for celebrities.

One thing lead to the other. A fellow hacker who identified himself to Wired as "Null" and posing as and admin for Lexis Nexis, called an Accuring employee and convinced him to reset the password for another account – allowing him to create new user names and passwords.

"A whole bunch of user names were made and people were trading them and passing them around like candy," Null told Wired. "It was getting real bad."

The 16, 19 and 20 year old hackers claim they didn't use the data they found in the database. But with user accounts being traded and exchanged online, nobody knows for sure who saw what.

And so what started out as a normal hack of an officer's computer turned into on of the greatest security breaches to date. The whole affair becomes even scarier once you realise that the entire security chain sprang leaks, including Lexis Nexis.

Santa Clara County Deputy District Attorney Jim Sibley had this to say about the security at the database firm: "Their security is really bad. This isn't a situation where you're talking about needing an überhacker to compromise (the system). Their passwords weren't as secure as your average porn site. I think it didn't take a genius to break them. Although I think the way the hackers did it was creative. We'll give them style points."

May 26, 2005 | Permalink


TrackBack URL for this entry:

Listed below are links to weblogs that reference Sex hungry cop opened the door for Lexis Nexis hack:


Post a comment