By
updated 3/14/2011 2:14:10 PM ET 2011-03-14T18:14:10

A hacker has hijacked more than a dozen top military, government and education websites, including one used by an Army cyberwarfare unit, and is selling control of them on underground Internet forums.

The list of hacked sites includes websites belong to the states of Utah and Michigan, the Italian government, the Albanian military, Singhania University in India and the U.S. Army’s Communications-Electronic Command (CECOM), according to a Jan. 21 blog posting by the security company Imperva.

Also hacked was the U.S. Department of Defense’s Pharmacoeconomic Center, which helps the military obtain drug contracts for the Department of Veterans Affairs.

The CECOM website was down midday Monday, displaying only a brief message that the site was "temporarily unavailable -- we're working to resolve this issue."

The hacked .mil, .gov and .edu domains are being sold for $55 to $499 each, and most would give the buyer complete administrator-level control of the site.

The hacker is also selling online databases of personal information stolen from the hacked sites for $20 per 1,000 records.

Imperva believes the hacker took over the sites by using SQL Injection, a common Web attack that exploits a website’s poorly written code.

© 2012 SecurityNewsDaily. All rights reserved

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments