Last week Friday the website of a popular charity in the US was hacked. You might say "whoa Jacques that’s amazing, and your point is ?". Well, let me explain why I think this is more relevant than many other simple intrusions. I'll try and set it out using examples of data that I have obtained, and make some assumptions. If you agree with them, that’s great, if not let's discuss!

The website in question is Tricolumbia.org.

A quick briefing about what tricolumbia is all about:

"The Columbia Triathlon Association (CTA) is a 501c-3 non-profit organization based in Columbia, Maryland and incorporated in 1988. The organization plays an active role in Columbia and its environs and actively supports several local charities."

All in all it seems like a good cause worth supporting. Of course criminals have realized that there might be juicy rewards hidden on the servers of tricolumbia. On Friday of last week a hacker called cyb3r d3m0n managed to compromise their security and gather some useful information.

This information was made available to the underground and circulated via some of the forums to anyone who had good enough contacts to gather it.

I managed to get a copy of this database, and did some analysis on it. It only occurred to me yesterday that there might be more interesting information in this database then what I first thought.

My train of thought was as follows :

Maryland.. When I think of Maryland, and that part of the US, I think Government.

So I imported a couple of thousand records from the database and looked at them.

I managed to find fully qualified address details, and all relevant contact information for 54 government employees, ranging from the SEC, Pentagon , DHS, USDOJ and a few others that would make people think "Hmm that’s interesting".

Now, This is interesting, on its own, however, there is more. In this database there is a field which is encrypted called "site Password". We all know that it’s very easy to crack these methods of encryptions, so my thoughts were the following.

A database with nearly 9000 records.. How many of these 9000 people use the same password for everything they do online? 1 - 50 .. 100 ... 1000 ? I don't know but i think there would be more than just one.

So after looking at all this data my conclusions are the following.

a) Targeting Non profits FOR profit will become a new trend. Potentially useful information can be obtained from hacking these websites to aid further crime such as Spearfishing (Targetted Phishing email where they have your name address telephone # etc.) , PayPal account compromises and ID Fraud (Yes there is enough information in this database to be able to hijack an identity).

Reasons: Non profits do not have large IT Security budgets, making them soft targets.

b) People use the same password for many things online, thus making it a viable target for getting access to people's passwords, say PayPal!

c) In this specific case, there were more than 50 government employees data at risk. In theory a determined attacker could use this information to gain further access into these employee's employers systems using the data at their disposal.

Below is a dump with some obfuscated data from the various .gov email addresses to give you an idea of what was at risk.

• annapolis.gov
• ars.usda.gov
• bop.gov
• cap-police.senate.gov
• cbo.gov
• central.unicor.gov
• dc.gov
• do.treas.gov
• epa.gov
• fcc.gov
• fda.hhs.gov
• fdic.gov
• fhwa.dot.gov
• fws.gov
• gpo.gov
• howardcountymd.gov
• mail.house.gov
• mail.nih.gov
• nasa.gov
• ncua.gov
• niaid.nih.gov
• nidcd.nih.gov
• nih.gov
• nist.gov
• nnsa.doe.gov
• nps.gov
• psc.gov
• sec.gov
• ssci.senate.gov
• usdoj.gov
• usg.gov
• usss.dhs.gov

Which one do you think is the most viable and high value target? Hard to decide.

If you are reading this and are a member of tricolumbia.org my best recommendation is to get in contact with your relevant credit reporting agency to take the necessary steps to prevent Identity fraud. Also I'd suggest changing all your passwords.