Pakistani hacker claims HP systems attack

HexCoder claims to have broken into HP FTP server and accessed 9GB of data; HP says its probing the claim

Hewlett-Packard Co. has become the latest to add its name to the rapidly growing list of high-profile corporate hacking victims.

The Hacker News, an online news site, this morning reported that Pakistani hacker HexCoder claims to have penetrated an HP FTP server and accessed about 9 GB of data.

A HP spokesman this afternoon said that the trying to verify the hacker's claims. He added that the data alleged to have been compromised is in the Japanese language. The company is working with its Japan operation to find out what might have happened.

"There's a high likelihood that this is stuff that is publicly available," the spokesman added.

THN posted several screen shots of the data HexCoder claims to have accessed from the HP system.

It's unclear from the screen shots whether any personal or financial data was compromised in the alleged attack.

Some of the filenames that are visible in the screenshots suggest that data on the Japanese versions of HP's Linux, ProLiant storage systems may have been compromised.

The news site quotes the hacker as saying: "I have done this by getting access to FTP successfully. All this by just mere stupidity! Oh and I will not share their database because its too big (9 GB)."

In an email to Computeworld, THN editor Mohit Kumar said the screenshots made available to THN show that the hacker has permissions to 777 files on the compromised system. "That means he [may have] root access, almost in FTP," Kumar said.

The screenshots made available by HexCoder suggests that information on various HP software products, tools and drivers has been copied, Kumar said. One of the exposed folders appears to contain delivery reports on various HP products. Another contains various news media files and newsletter items, he said.

The alleged attack on HP lengthens the growing list of organizations that have been recently hacked in similar fashion. Other recent victims include:

Bulleted list code:

In some cases, such as the attacks on RSA, Lockheed and Oakridge, the motive appears to be espionage and IP theft. But most of the other recent attacks appear aimed at embarrassing organizations.

In some cases, the attacks have followed recent news events.

The attacks on the IMF for instance, came just weeks after ex-IMF chief Dominique Strauss-Kahn was arrested on sexual abuse charges. The HP attacks come just days after the company announced an executive realignment .

What has been especially discomfiting for many of the victims is the fact that the breaks-in often have resulted from embarrassingly low-tech methods that showed fundamental security lapses.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan , or subscribe to Jaikumar's RSS feed . His e-mail address is .

Read more about security in Computerworld's Security Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityMalware and VulnerabilitiesHewlett-Packard

More about etworkHewlett-Packard AustraliaHPIMFInternational Monetary FundLinuxLockheed MartinRSASonyTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts