[BreachExchange] Hackers Claim Theft of Data from Gorilla Glue

[Audrey McNeil]

http://motherboard.vice.com/en_au/read/hackers-claim-
theft-of-data-from-gorilla-glue

Hackers say they have stolen a wealth of company and personal information
from US adhesive, glue, and tape company Gorilla Glue. The hackers have
previously tried to extort medical organizations by demanding a sizable
ransom payment in exchange for not releasing hacked data publicly.

“We have everything they ever created,” someone from the hacking group The
Dark Overlord told Motherboard in an online chat.

The hackers claim to have over 500 GB of research and development
materials, including intellectual property and product designs, and access
to Dropbox and personal email accounts related to the family-run Gorilla
Glue.

The Dark Overlord sent Motherboard a 200MB cache of files that they had
also allegedly provided to Gorilla Glue as proof of the hack. It contains
apparent Gorilla Glue financial spreadsheets, invoices, strategy documents,
presentations, contracts with banks, and other internal material. These
detailed documents don’t appear to be available on the public internet. The
case highlights the sort of sensitive commercial material hackers can
obtain from many normal businesses.

Several Gorilla Glue executives and staff members did not respond to
Motherboard’s calls for comment, and did not respond to emails either. The
company did not respond to a request for comment left with Gorilla Glue’s
main office number.

The FBI declined to say whether it is investigating the incident.

Motherboard contacted several other companies implicated in the documents,
such as the recipients of invoices or other parties in contracts, but has
not received a response.

But the hackers also obtained personal photos apparently of Gorilla Glue's
executives and family. Motherboard cross-referenced some of the photos with
different ones found online, and the hacked files do indeed picture Gorilla
Glue employees. The hacked photos did not return any results when processed
through reverse image search engines.

The Dark Overlord did not explain how they allegedly hacked Gorilla Glue.

In previous cases, The Dark Overlord has listed hacked data on the dark web
in an attempt to intimidate victims further. Approaching the media with
information about hacks is also a clear tactic of the group.

The Dark Overlord would not say whether they were attempting to extort
Gorilla Glue, but told Motherboard, “We approached them with a handsome
business proposition. However, there has been a moderate dispute.” The
group described this act as “industrial espionage.”

But, judging by previous incidents when compared to this one, it is likely
that the hackers are trying to squeeze a ransom payment out of Gorilla Glue.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161117/0f7c047e/attachment.html>