14 DAY TRIAL // , a hacker who has recently turned to the white side, claims to have found major security holes in airline companies, hospital management systems, banks, and more recently, a number of dealership units used by the US military for vehicles and military aircraft.
First, he has started with airlines, which are apparently affected by a “major exploit.” The vulnerability in the systems of American Airlines, United Airlines, Vietnam Airlines and Sabre Airlines allegedly gave him access to ticket information, flight bookings, card swaps, and employee and passenger details.
“I couldn't do much in the beginning as everything was local. I then got access to a configuration system which mildly accepted the file type, ‘.properties’ - I found around four files pertaining to it, these being: editor.properties, pm.properties, qik.properties, and taconfig.properties,” c0mrade explained.
“I had the ability to switch the key system from !local to !remote. Meaning, I could have logged card swaps, passenger info, and much, much more.”
Three days later, he alerted all the airline companies, but since they didn’t take him seriously, he decided to publish some information he extracted from their systems.
Then, he focused on hospital management systems which apparently contain a number of security issues. Two of the organizations he has mentioned as being impacted are Durdans Hospital and the Sunetra Family Eye Care Center.
The hacker published a couple of images to demonstrate that he managed to gain access to patient records, but he also made available a solution to the problem.
“The Data circuit can be defected even if you were to patch the Software Vulnerabilities. I'd recommend dismantling the Sub Connection it reads the data from and perhaps even making some mild changes to the hosting you've got,” he wrote.
“Application reads from Database => Pulls information that's requested => Attacker now has the ability to do whatever the [expletive] he wishes. Fix is mildly simple.”
As far as financial institutions are concerned, C0mrade claims to have access to “three or so” banks, including Citibank and CoBank.
“I've roughly had access to CoBank for over a year now. I was just waiting for the golden moment. I knew that over the years more systems would be copulated. I decided I'd just wait till more data got en route. If I were to post this last week, Bank Information would be spilled and spread all over the Internet internationally. I didn't though, I'm doing the right thing,” he said.
The latest Pastebin post, published on June 19, reveals that a large number of American citizens might be at risk because of the flaws he identified in vehicle dealerships.
“I have Internal Access to a couple dozen dealership units that the U.S runs for Vehicles, Military Aircraft, etc. I also have Internal Access to thousands of stores and and cashier systems,” C0mrade wrote.
“Amongst those affected include almost anyone who owns a vehicle of any sort in the United States and anybody that inconveniently runs down to a nearby store to buy some groceries for the family.”
In each of these cases the hacker has published data samples which he allegedly obtained by leveraging the vulnerabilities. However, all the sensitive information has been redacted.