The Wall Street Journal has been attacked by a prolific cybercriminal and has shut down some of its systems in response. According to an announcement from the news outlet on Tuesday, the attack targeted the company’s news graphics systems. It appears, however, that the perpetration is selling user information, and for the low low price of a single Bitcoin.
1 bitcoin buys control at Wall Street Journal
The attacker, known as w0rm, has claimed responsibility for several attacks in the past, including a high-profile recent attack on Cnet which compromised the information of 1 million of the site’s users. According to information that was reported on Monday, the hacker is attempting to sell reams of information including the passwords of some the Wall Street Journal’s administrators for a single Bitcoin.
It appears that the Wall Street Journal’s security experts aren’t certain if w0rm had access to that kind of information using the exploit that granted him access to the newspaper’s systems, but they are taking a number of systems offline in order to ensure that nothing untoward can be down with the details of the site’s users. The Wall Street Journal is a subscription based news source meaning that the compromised data could include credit cards.
The company says that it has not yet seen any signs that information was compromised during the attack, but promised that they were closing down in order to review for signs of a breach. The kind of information that w0rm is offering for sale would allow the purchaser to change almost anything about the Wall Street Journal website.
w0rm continues media rampage
w0rm is apparently able to hack most of the big news agencies out there, though his problems appears to arise when he gets his hands on the information. It was the attempt to sell the information from the Wall Street Journal database that alerted cybersecurity firm IntelCrawler to the leak. It was that company that first told the Wall Street Journal that there may have been a problem.
One Bitcoin is, on today’s market, worth approximately $620, an amount a computer programmer as talented as w0rm appears to be could surely earn in much less illicit ways, and probably with a much lower effort level. w0rm has previously been implicated in an attack on the BBC, as well as Vice and the aforementioned attack on CNET..
Access to the servers of the Wall Street Journal is surely worth much more than $600, particularly if the fact that the site has been accessed is kept a secret. Sadly the serial-criminal doesn’t appear to have the business acumen of those that operate the newspaper.
Perhaps there is some other method to the actions of w0rm. They might be collecting information for some more long-term purpose or the old adage of “for-the-lulz” might be resurrected to explain the attack. Whatever the motive, it appears as though the attack was at least somewhat effective, although it’s up to the security team at the Wall Street Journal to figure out exactly how much damage it caused.