A hacker says he is accessing web sites like: military web sites, government web sites and those belonging to universities per Noa Bar-Yosef, Imperva senior security strategist.
The price range from $33 to $499, depending on how important or widely used the web site is.
“You can actually buy the capability of being the administrator of the web site,” Bar-Yosef explained.
The hacker is also selling databases of personal information he’s stolen from the web sites for $20 per thousand records. This information could be used by spammers, or by fraudsters to break into online accounts.
Bar-Yosef saw evidences that administrative privileges for 16 web sites were for sale.
Imperva assembled the names of the victims from its blog post, but security blogger Brian Krebs posted more details of the incident, including the names of the hacked web sites.
Some of the hacked web sites are the United States, states of Utah and Michigan, the government of Italy and the Department of Defense Pharmacoeconomic Center, which analyzes the military’s use of drugs and helps the Department of Veterans Affairs procure drug contracts.
Whoever is selling the data probably broke into these web sites using a common Web attack called SQL injection, Bar-Yosef.
