Incident & Breach Response , Managed Detection & Response (MDR) , Security Operations

Planned Parenthood Reports Hack Attack

Organization Alerts FBI to Potential Privacy, Safety Risks
Planned Parenthood Reports Hack Attack

Planned Parenthood Federation of America, a U.S. reproductive healthcare not-for-profit organization, has reportedly notified the FBI and Department of Justice of an apparent hack attack against the organization, saying that the attack, if verified, could threaten the "privacy and safety of our staff members."

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

An anti-abortion group that calls itself "3301" on July 26 claimed to have breached the organization's servers and dumped internal data. "Planned Parenthood ... employee email addresses, names leaked after main site hacked," the group said July 27 via Twitter. Despite seeming to share part of its name - and logo - with a mysterious puzzle-setting group called Cicada 3301, the 3301 group appears to be unrelated.

The 3301 hackers are now threatening to release a number of purloined Planned Parenthood internal emails, according to news site The Daily Dot, which first reported about the possible hack and data breach.

On a data-dump site created by 3301, the group says it also attempted to deface the Planned Parenthood website. The group blamed its inability to deface the site on the organization's "outdated and broken" version of the open source Concrete5 content management system. But the group said it successfully employed a SQL-injection attack to "dump" multiple Planned Parenthood databases. It also posted a zip file for download that contains three SQL dumps, including one that appears to be a 100 MB production database for the website.

Attack Follows Video Release

The 3301 group says the hack was in protest of the recent release of a video that showed a Planned Parenthood employee discussing the costs involved with providing fetal tissue for research purposes. The video was recorded in secret by an anti-abortion group that calls itself the Center for Medical Progress.

Federal law prohibits the sale of fetal tissue, but allows it to be donated for research or transplantation purposes.

Planned Parenthood did not immediately respond to a related request for comment about the purported hack attack or data dump. The FBI and the Department of Justice did not immediately reply to a request for comment.

Someone claiming to be one of the attackers involved, using the moniker "E," told the InfoWars blog that the compromise involved a database. "There's the typical things you'd find in any database: usernames, emails, passwords ..." E said. "Then there's, of course, data pertaining to PP's line of work."

On the data-dump site, the attackers have published usernames, email addresses, as well as hashed and salted passwords, which they say all belong to Planned Parenthood employees. "The hash is md5, however [it] is heavily salted," the group says. "We do not have access to the file system and therefore cannot retrieve the salt. If anyone wants to reach out and drop the salt after extensive cracking, we'll be glad to add it."

Hashing, Salting

Hashing refers to the one-way process of converting data into a "fingerprint," which for security purposes then gets stored, and the password itself discarded. Every time a user enters a password, however, it too gets hashed, and the fingerprints compared to see if they match. Salting, meanwhile, involves adding or appending a random string to a password before it gets hashed, to make it much more difficult for attackers to crack the hash.

According to the 3301 group, however, the Planned Parenthood passwords were hashed using the MD5 hashing algorithm. While creating hashes using MD5 is better than storing passwords as plain text, in recent years cryptography experts have warned that MD5 is not well-suited to hashing passwords. They recommend, instead, the use of SHA256, SHA512, or another modern cryptographic hash algorithm. With enough time, effort and processing power, most passwords that have been hashed and salted with MD5 can be cracked.

Who Is 3301?

The identity of the individual or individuals behind 3301 is not known. The group's Twitter account, which contains the Machiavellian-sounding tagline "the end justifies the means," appears to encompass not just the hack attack, but also shows the group "borrowing" its name and iconography from "Cicada 3301," which is a mysterious organization that in 2011 began releasing or posting complex puzzles for the stated purpose of recruiting "highly intelligent individuals."

In the wake of the Planned Parenthood hack, Cicada 3301 has publicly condemned the attack. "Some news organizations have recently claimed that '3301' is tied to the illegal activities of a group that has claimed responsibility for attacks against Planned Parenthood," reads a message - signed using the legitimate Cicada 3301 PGP key, multiple researchers say - that was posted July 28 to the text-sharing site Pastebin. "We do not engage in illegal activities. We are not associated with this group in any way, nor do condone their use of our name, number, or symbolism."

Video Triggers Political Debates

In the wake of the controversial video's release, senior Republican lawmakers - including presidential candidate Rand Paul - called for Planned Parenthood's federal funding to be eliminated, pending an investigation.

But Democratic presidential candidate Hillary Clinton last week, in a speech in South Carolina, strongly defended the organization. "It is unfortunate that Planned Parenthood has been the object of such a concerted attack for so many years. And it's really an attack against a woman's right to choose."

Cecile Richards, president of the Planned Parenthood Federation of America, said July 26 on ABC News that the released video was part of an unsuccessful but well-orchestrated smear campaign.

"Planned Parenthood has broken no laws. We have the highest standards. The care - and healthcare and safety of our patients is our most important priority," Richards said. "This was... a three-year effort to entrap doctors. They were completely unsuccessful ... and now they're using these very highly edited videos, sensationalized videos, to try to impugn and smear the name of Planned Parenthood."

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.