Tom Hanks, LeBron James, Donald Trump personal information taken as hackers break into limo service

Tom Hanks
Tom Hanks, LeBron James, Donald Trump personal information taken as hackers break into limo service, A hacker break-in at a US company that brokers national reservations for limousine and rental cars has exposed the personal and financial information of more than 850,000 well-heeled customers, including Fortune 500 CEOs, politicians and A-list celebrities.

With notes such as "very VIP", "no cell phone use", personal preferences in cars, calling names, drinks, pick up addresses and dinner reservations, the stolen files reveal as much about the company's clients as they do about its lax computer security. They also contain highly sought-after no-limit credit card details, together with their holders' names and addresses.

Actor Tom Hanks, billionaire Donald Trump, star basketballer LeBron James, top executives of global companies including Lego, Carbot and Boeing, and scores of technology company chiefs and US senators all have had details exposed – even including private plane calling numbers.

The high-value data cache which could be used for well crafted phishing attempts, was found on the same servers where hackers stashed information stolen from PR Newswire, as well as huge troves of source code data lifted from Adobe Systems – suggesting that the same attackers may have been involved in all three compromises.

Advertisement
In this case, the name on the file archive reads “CorporateCarOnline”. That name matches a company based in Kirkwood, Missouri, US, which bills itself as “the leading provider of on-demand software management solutions for the limousine and ground transportation industry.”

This writer reached out several times over almost two weeks seeking comment from CorporateCarOnline.com. Owner Dan Leonard declined to discuss the matter, saying only that “I’d prefer not to talk to anybody about that.”

Inside the plain text archive apparently stolen from the firm are more than 850,000 credit card numbers, expiry dates and associated names and addresses. More than one-quarter (241,000) of all compromised card numbers were high- or no-limit American Express accounts, card numbers that have very high resale value in the cyber crime underground.

Alex Holden, chief information security officer at Hold Security and a key collaborator on the research for this story, said CorporateCarOnline confirmed to him that the data was stolen from its systems.

“While the target is not a household name, it is, arguably, the highest socially impacting target yet,” Holden said. “By its nature, limo and corporate transportation caters to affluent individuals and VIPs.”

Further pointing to a compromise at the site is the presence of a vulnerability in its implementation of ColdFusion, a web application platform that has become a favourite target of the attackers thought to be responsible for this and other aforementioned breaches of late.

Ammo for targeted attacks?

This database would be a gold mine of information for would-be corporate spies or for those engaged in other types of espionage. Records in the limo reservation database telegraphed the future dates and locations of travel for many important people. A ridiculously large number of entries provide the tail number of a customer’s plane, indicating they were to be picked up immediately upon disembarking a private jet.

Such information would be extremely useful in the hands of nation-state level attackers. For a very relevant and timely example of this, consider the cyber spying story printed last month by Foreign Policy magazine. That piece featured an interview with Kevin Mandia, the chief executive of Mandiant, an Alexandria, Virginia, based firm that specialises in helping companies defend against cyber espionage attacks. In the FP story, Mandia said he recently was the target of a targeted cyber attack that tried to foist malicious spyware on him via an email with a booby-trapped PDF copy of a recent limo invoice.

“I’ve been receiving PDF invoices not from them, but from an [advanced hacking] group back in China; that’s awesome,” Foreign Policy quoted Mandia as saying. According to the story, Mandia only caught the attack when the hackers sent receipts on days when he hadn’t used the car service. “I forwarded them to our security service, and they said, ‘Yup, that’s got a [malicious] payload,” Mandia said.

Incredibly, this purloined limo database may have played a part in those attacks. Among the 850,000-plus records in the stolen CorporateCarOnline data are several travel records for Mandiant employees, including Kevin’s. Other Mandiant employees who used limo services via CorporateCarOnline include David Swanson, manager of strategic solutions at Mandiant, and Andrew Williams, a sales account executive. Data was shared with Mandiant however, the company declined to comment for this story.

Tabloid fodder

Any two-bit tabloid would have an absolute field day with this database. Simple text searches for certain words (“sex”, “puke”, “arrest”, “police", “smoking pot”) reveal dozens of records detailing misbehaviour and all kinds of naughtiness by executives, celebrities and people you might otherwise expect to behave civilly.

For example, the following is an explanation taken from a limo reservation made back in May 2006 by a woman working for an entertainment channel. The limo in question was a stretch Hummer with capacity to seat 14 passengers, and was rented for visiting a series of wineries in Long Island, New York. When the stretch Hummer returned to the shop after disgorging its passengers, the fleet’s owners discovered the vehicle had been plastered with cheese slices and crackers, and that someone had left behind a sex toy, contrary to no food or sex conditions on the rental contract.

Below are some of the rich and famous whose pick up and drop-off information – and in some cases credit card data – was in the stolen archive. Nearly all of these individual records were marked with “VIP” or “SuperVIP!” notations. Included in quotes are notes left for the chauffeur.

Celebrities

LeBron James, Tom Hanks, Aaron Rodgers

Legislators

- House Judiciary Committee Chairman Representative John Conyers, (D-Mich.)

- Senator Mark Udall (D-Colo.), chair of the Senate Armed Services Committee’s Subcommittee on Strategic Forces.

Other current members of Congress: Representative Joe Garcia (D-Fla.); Representative Gus Bilirakis (R-Fla.); Representative Jim Matheson (D-Utah); Representative Lynn Westmoreland, Representative Joe Baca (D-Calif.), Representative Mario Diaz-Balart (R-Fla.).

Former politicians: Senator Tom Daschle (D-SD), and passengers; Senator John Breaux (D-La.) and guest ambassador; Representative James Saxton (R-NJ), Representative William Delahunt (D-Mass.), Representative Billy Tauzin (R-La.),

Top Executives

- Donald Trump; Michael D. Grimes, co-head of global technology investment banking for Morgan Stanley, Bruce Chesley, director, advanced space and intelligence systems, Boeing; Josue Christiano Gomes da Silva, chairman and CEO of Companhia de Tecidos Norte de Minas, the largest textile group in Latin America,; Patrick M. Prevost, president and CEO, Cabot; Kjeld Kirk Kristiansen and Jorgen Vig Knudstorp, the former and current CEOs of Lego.