W0rmer
Higinio Ochoa, aka w0rmer former member of CabinCr3w, hacked Texas Department of Public Safety, Alabama Department of Public Safety, West Virginia Chiefs of Police Association and Houston County, Alabama 1 largely exploiting SQL injection (SQLi) 2. w0rmer shared confidential and personal information from the hack. He would erase data, deface websites and eventually get caught via metadata from images he would upload of his now wife to taunt the feds 3 4.
He would build a long list of these websites and then he would use his computer to programmatically scan each website to see if any of them were vulnerable. The first one that he found that was vulnerable was the police department’s website in West Virginia. He found the website was vulnerable to SQL injections, a common vulnerability on many websites. So, he hacked into the West Virginia Police Department’s website using an SQL injection and this allowed him to peek behind the website and see the database underneath. That database had a list of all the police officers in that department. You got the database which had 150 law enforcement officer usernames, passwords, home address, home phone number, cell phone number.
References
- https://en.wikipedia.org/wiki/Higinio_Ochoa
- https://darknetdiaries.com/transcript/63
- https://www.dailydot.com/unclick/anonymous-hacker-arrested-cleavage-photo
- https://arstechnica.com/tech-policy/2012/04/feds-charge-self-confessed-anonymous-member-after-tracking-his-digital-footprints
- https://pastebin.com/jjMRFDH6