Hewlett-Packard Co. has become the latest to add its name to the rapidly growing list of high-profile corporate hacking victims.
The Hacker News, an online news site, this morning reported that Pakistani hacker HexCoder claims to have penetrated an HP FTP server and accessed about 9 GB of data.
A HP spokesman this afternoon said that the trying to verify the hacker's claims. He added that the data alleged to have been compromised is in the Japanese language. The company is working with its Japan operation to find out what might have happened.
"There's a high likelihood that this is stuff that is publicly available," the spokesman added.
THN posted several screen shots of the data HexCoder claims to have accessed from the HP system.
It's unclear from the screen shots whether any personal or financial data was compromised in the alleged attack.
Some of the filenames that are visible in the screenshots suggest that data on the Japanese versions of HP's Linux, ProLiant storage systems may have been compromised.
The news site quotes the hacker as saying: "I have done this by getting access to FTP successfully. All this by just mere stupidity! Oh and I will not share their database because its too big (9 GB)."
In an email to Computeworld, THN editor Mohit Kumar said the screenshots made available to THN show that the hacker has permissions to 777 files on the compromised system. "That means he [may have] root access, almost in FTP," Kumar said.
The screenshots made available by HexCoder suggests that information on various HP software products, tools and drivers has been copied, Kumar said. One of the exposed folders appears to contain delivery reports on various HP products. Another contains various news media files and newsletter items, he said.
The alleged attack on HP lengthens the growing list of organizations that have been recently hacked in similar fashion. Other recent victims include:
Bulleted list code:
- RSA ;
- Sony ;
- Oakridge National Laboratories ;
- Lockheed Martin ;
- the International Monetary Fund ; and
- the CIA .
In some cases, such as the attacks on RSA, Lockheed and Oakridge, the motive appears to be espionage and IP theft. But most of the other recent attacks appear aimed at embarrassing organizations.
In some cases, the attacks have followed recent news events.
The attacks on the IMF for instance, came just weeks after ex-IMF chief Dominique Strauss-Kahn was arrested on sexual abuse charges. The HP attacks come just days after the company announced an executive realignment .
What has been especially discomfiting for many of the victims is the fact that the breaks-in often have resulted from embarrassingly low-tech methods that showed fundamental security lapses.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan , or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org .
Read more about security in Computerworld's Security Topic Center.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.