UK’s Premier Destination for Guns
Guntrader prides itself as the UK’s premier destination to buy or sell new and used shotguns, rifles and shooting equipment. Their online store, open 365 days a year, attracts over 650,000 visitors each month and the firearms dealer has approximately 31,000 guns for sale. Moreover, their software is being used by more than 380 UK shooting businesses. Looking at the messages on Guntrader’s Facebook page, the firearms dealer has had some IT issues in the last couple of months. After upgrading to new servers mid-February, their sites were briefly down. A limited number of visitors experienced problems, but these were soon solved. First reports of a hack started dripping in as early as 27 May, when someone replied to a Guntrader’s “We’re Hiring” post: “Given your huge data breach of SGC and FAC holder’s personal data today, I hope you’re also hiring IT security experts!”
Up to 112,000 Unique Customer Records Exposed
Guntrader was made aware of the breach on 20 July and immediately notified the Information Commissioner’s Office. A day later, Guntrader announced that they were investigating a security incident. They assured customers that “the only data taken was personal contact details” and that none of the names are linked to details of guns. According to Haveibeenpwnd.com, however, the information available on the dark web is extensive. It includes names, phone numbers, geolocation data, IP addresses and various physical address details. Passwords stored as bcrypt hashes were also exposed. In total, approximately 112,000 unique email addresses are available.
Valuable on the Black Market
In the UK, gun ownership is strictly controlled. With a few exceptions, all firearms must be licensed on either a 5-year firearm certificate (FAC) or a shotgun certificate (SGC). This certificate is issued by the local police. Gunowners must satisfy the police that they have a good reason and that they can be trusted with it. Handguns are largely banned since the Dunblane School massacre in 1996. Only four mass shootings carried out by a civilian have taken place in the UK, in 1987, 1989, 1996 and 2010. Furthermore, automatic weapons, semi-automatic rifles and pistols are generally prohibited. Because of these strict rules and the limited number of firearms available, guns are valuable items on the black market and the dark web. Those that end up there, often start off as legal guns, but were stolen and/or modified. Ceremonial guns or race-starting pistols, for example, can be modified to fire lethal bullets.
“Check Your Home Security”
When criminals, and possibly even terrorists, have access to this kind information, it could have serious consequences. One of the gun owners told the BBC that the breach “seriously compromises my security arrangements for my firearms and puts me in a situation where me and my family could be targeted and in danger”. The British Association for Shooting & Conservation (BASC) posted a warning on their website. They urge members to be wary. “Our advice to members would be to check home security and be extra vigilant. Make sure all firearms are appropriately locked away and make sure buildings are kept secure. Follow normal good crime security advice and report anything suspicious to the police.”
Website Vulnerability in Old iFrame
News is circulating that the hackers gained access to part of the Guntrader database via a vulnerability in an old iFrame on their website. Guntrader did not disclose any details about what exactly happened. The investigation is ongoing. The UK’s National Crime Agency is also looking into the breach. Malicious iFrame attacks are not uncommon. An iFrame, short for inline frame, is the name of an html tag. Website builders can use iFrames to insert content from another website into a page. Hackers, however, can misuse this feature to insert malicious code and install, for example, a Trojan or keylogger. If a website is not designed to prevent QSL injection, hackers can easily access the website’s database. Hackers could also redirect visitors to a different URL. Or use the website to infect visitor’s computers as soon as they open the infected page. This is when a good antivirus program comes in handy.
