Major Government and University websites are Hacked and are Up for Sale

Ever dreamt of controlling a dot-gov or dot-edu site? A hacker is selling access to dozens of military, government, and university Websites for $55-499 a site!

The hacker advertises varying fees, services, and proofs for cracking into .mil, .gov, and .edu sites around the world.

The priciest of all hacked sites is access to the homepage of the U.S. Army, National Guard, and Army Forces, priced at $499 each. Then are followed by access of other university and governmental Websites. You’ll also find passes to the Italian Official Government Website for $99 or a Taiwanese educational centre for $88.
According to Imperva, the hacker is also selling personal data of the employees and staff information found on these hacked sites for a price of $20 per 1,000 names, addresses, and telephone numbers. For example, they list a screenshot of University of Connecticut staff members’ information.
Its most likely that the hacker has performed the hack through an SQL injection vulnerability. The vulnerabilities were found in an automatic manner using SQL Injection vulnerability scanner tools as he has also  published his methods on some hacker forums.
Brian Krebs of Krebson Security said he saw the back-end evidence of the hacks and found them legit.
[via Imperva, PC mag]