Hewlett-Packard Co. has become the latest to add its name to the rapidly growing list of high-profile corporate hacking victims.
The Hacker News (THN), an online news site, reported that Pakistani hacker HexCoder claims to have penetrated an HP FTP server and accessed about 9 GB of data.
A HP spokesman said that they are trying to verify the hacker’s claims, adding that the data alleged to have been compromised is in the Japanese language. The company is working with its Japan operation to find out what might have happened.”There’s a high likelihood that this is stuff that is publicly available,” the spokesman added.
THN posted several screen shots of the data HexCoder claims to have accessed from the HP system and it’s unclear from the screen shots whether any personal or financial data was compromised in the alleged attack. Some of the filenames that are visible in the screenshots suggest that data on the Japanese versions of HP’s Linux, ProLiant storage systems may have been compromised.
The news site quotes the hacker as saying: “I have done this by getting access to FTP successfully. All this by just mere stupidity! Oh and I will not share their database because its too big (9 GB).”
THN editor Mohit Kumar said the screenshots made available to THN show that the hacker has permissions to 777 files on the compromised system. “That means he [may have] root access, almost in FTP,” Kumar said.
“The screenshots made available by HexCoder suggests that information on various HP software products, tools and drivers has been copied,” Kumar said. One of the exposed folders appears to contain delivery reports on various HP products. Another contains various news media files and newsletter items, he said.
The alleged attack on HP lengthens the growing list of organisations that have been recently hacked in similar fashion.
In some cases, such as the attacks on RSA, Lockheed and Oakridge, the motive appears to be espionage and IP theft. But most of the other recent attacks appear aimed at embarrassing organisations.
In some cases, the attacks have followed recent news events. The attacks on the IMF for instance, came just weeks after ex-IMF chief Dominique Strauss-Kahn was arrested on sexual abuse charges. The HP attacks come just days after the company announced an executive realignment .
What has been especially discomfiting for many of the victims is the fact that the breaks-in often have resulted from embarrassingly low-tech methods that showed fundamental security lapses.