Hackers Shower Pro-ISIS Twitter Accounts With Rainbows, Steal US Jet Fighter Designs; Courthouse Mistakenly Leaks Defendants’ Data

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

Hackers Shower ISIS Twitter Accounts with Rainbows after Orlando Massacre

Dozens of accounts that once promoted hatred now are showcasing gay-pride flags and even links to softcore gay pornography following the June 12 attack on a gay nightclub in Orlando, Florida.

“I’m gay and I’m proud,” boasted one pro-ISIS account in its rainbow-colored profile picture.

“I did it for the lives lost in Orlando,” said hacker WauchulaGhost, who is affiliated with the hacktivist collective Anonymous. “Daesh have been spreading and praising the attack, so I thought I would defend those that were lost. The taking of innocent lives will not be tolerated.” (Daesh is another name for the self-described Islamic State.)

Just hours after Sunday’s attack, WauchulaGhost tweeted out a request for the names of any such accounts praising the shooting, which killed 49 innocent people and wounded 53 more.

Many of the pro-ISIS accounts hacked were renamed "Jacked by a Ghost" and most linked to CIA.gov. While some of the hacked accounts have been suspended, some still exist.

As of July 15, the one Anonymous hacktivist’s Twitter account appeared to still be at it, tweeting its successful takeover of the Twitter account @islamsunna111, with an IP address in Oman, and peppering that account with slogans such as "Make love, not war" and "#MoreSex #LessDeath #ISIS #ISIL #IslamicState."

N.K. Hackers Filch U.S. Jet Fighter Designs from South Korean Firm

Among the documents stolen from Korean Air Lines Co. were wing designs for an F-15 jet fighter and photos of parts of unmanned spy planes. 

A South Korean military official said the leak wasn’t of sensitive information, such as F-15 engines or electronic systems.

“The leak will likely have a negligible impact on national security,” the official said.

The attack originated from an internet address based in Pyongyang and used in a 2013 cyberattack that disabled the computer systems of South Korean banks and TV stations.

“North Korea turns out to have been preparing for a long time to try to launch a countrywide cyberattack,” the Korean National Police Agency said.

The latest incident also included the theft of around 2,000 files related to communications equipment in South Korea. 

County Courthouse Breaches Residents' SSNs, Other Personal Data

For about six hours, anyone who searched for a Sutter County Superior Courthouse criminal or traffic case on public access computers could view the defendant's Social Security number, date of birth, driver's license number and home address.

California court rules clearly state such data should be redacted by court clerks for the protection of privacy.

The accidental data breach occurred when a new case management system went live on the morning of June 13, 2016.

The privacy settings hadn't been set up properly for public users.

The system was taken down the same afternoon after a reporter alerted Court Executive Officer Stephanie Hansel that private information was visible to the public.

The system will remain down until successful security settings are tested.

"We're concerned about privacy," Hansel said.

The courthouse is transitioning to a new case system, called "Odyssey," which is managed by private company Tyler Technologies.

"The transition has been very challenging. We are trying really hard to meet everyone's needs," Hansel said. "This is a huge project."

Someone Got Into 45 Million Accounts from Hundreds of Car, Tech, Sports Forums

A hacker has stolen accounts from more than a thousand popular forums, which host popular car, tech and sports communities.

The stolen database contains records from websites hosted by VerticalScope, a Toronto-based media company with dozens of major properties, including forums run by AutoGuide.com, PetGuide.com, Motorcycle.com and TopHosts.com.

Breach notification site LeakedSource.com said in a blog post it’s "likely that VerticalScope stored all of their data on interconnected or even the same servers as there is no other way to explain a theft on such a large scale.”

Many of the forums ran outdated, vulnerable versions of vBulletin software dating back to 2007.

It is not clear who carried out the hack. A LeakedSource group member said it was "not related" to the recent breaches at MySpace, LinkedIn,and Tumblr.

The company didn't outright confirm the breach, but said it was investigating.

"We are aware of the possible issue and our internal security team has been investigating and will be collecting information to provide to the appropriate law enforcement agencies," Jerry Orban, vice president of corporate development, said in an email.