Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Anonymous hacktivists. Show all posts

SEGA's Europe Security : AWS S3 Bucket Exposed Provides Steam API Access

 


During a cloud-security assessment, SEGA Europe discovered that critical data was being kept in an unsecured Amazon Web Services (AWS) S3 bucket, and it's sharing the story to encourage other companies to double-check their own systems. VPN Overview researcher Aaron Phillips collaborated with SEGA Europe to protect the leaked data. SEGA's revelation, according to Phillips, is designed to assist the broader cybersecurity community in improving their own defenses.

The unsecured S3 bucket may be used to access user data, including information on thousands of members of the Football Manager forums at community.sigames.com. The following are the issues that have been detected in SEGA Europe's Amazon cloud: 

  • Developer key for Steam 
  • RSA keys are a type of cryptography. 
  • PII and passwords that have been hashed 
  • API key for MailChimp 
  • Credentials for Amazon Web Services 

Sensitive data in hands of a malicious actor could be disastrous for any company, but as Lookout's Hank Schless explained to Threatpost, gaming companies continue to be of particular interest to attackers. To threat actors, gaming firms hold a gold mine of personal data, development information, proprietary code, and payment information. Gaming firms must ensure that their data is protected while consumers from all over the world play their games, thanks to data privacy rules like the CCPA and GDPR.

Indeed, well-known brands like Steam, Among Us, Riot Games, and others have been hacked and utilized to deceive innocent gamers. There is no evidence that malevolent third parties had previously accessed sensitive data or exploited any of the disclosed vulnerabilities, according to the security firm. Researchers were able to upload files, run scripts, edit existing web pages, and change the settings of critically susceptible SEGA domains, according to the researchers. Downloads.sega.com, cdn.sega.com, careers.sega.co.uk, sega.com, and bayonetta.com are among the affected sites. The domain authority scores of several of the afflicted domains are high. 

This cybersecurity research should serve as a wake-up call for enterprises to evaluate their cloud security procedures. The researchers are hoping that more companies follow SEGA's lead in researching and addressing known vulnerabilities before fraudsters use them. There is no evidence that malevolent third parties had previously accessed sensitive data or exploited any of the disclosed vulnerabilities, according to the security firm.

United States Census Bureau hacked by Anonymous hacktivists


A group of cyber activists who refer to themselves as 'Anonymous' have taken full credit for a cyber attack on a US Government website, which has led to a leak of several employee data.

Anonymous has taken credit for hacking the United States Census Bureau website and have published the data which includes names, telephone numbers, email addresses, addresses and the ranks of employees within the US Government. The breached and published data also consists of the much difficult but yet not impossible to crack password hashes.

Anonymous claims that the reason behind the hack is the Trans-Pacific Partnership and the Transatlantic Trade and Investment Partnership which stands Numero Uno in the list of priorities for the American administration and claim a progressive reform in the politico-economic platform of the nation, by creating an alliance with the major Atlantic and Pacific nations. Despite of the numerous opposition the twin pact has gathered in this short period of time, Anonymous is the only group that has raised its opposition vocally.

However, the data breach is not one the most feared activities that the government could with at the moment, such as a massive data breach in the Office of Personnel Management; it is nonetheless embarrassing.

The US Census Bureau, in an emailed statement has confirmed the data breach and that a investigation has been initiated by the IT forensics team. The bureau spokesperson has launched a statement that none of the stolen data 'confidential'.

Now a more lucid investigation can only tell if the data that is being published online is a federal threat or not.

Anonymous hacktivists launch DDOS attack against GCHQ website


It seems like Anonymous hackers have launched a Distributed denial of service(ddos) attack against GCHQ website.

The attack just came after Edward Snowden leaked a document which revealed that British Spy Agency (GCHQ) carried out ddos attacks to disrupt the anonymous hacktivists' communication channel.

Some anonymous hacktivists also claimed to have successfully disrupted the website of GCHQ.  Netcraft confirmed that gchq.gov.uk today has experienced 'noticeable performance issues'.  Netcraft says the attack could be originated from Romania.

"Curiously, a much larger amount of downtime has been observed from Netcraft's Romanian performance monitor since the leaked slides were made public."Netcraft post reads.

"That could indicate much more extreme DDoS mitigation techniques are being applied to these requests, and this in turn suggests that if an attack is occurring, perhaps Romania is one of the countries from which the attacks are being launched."

Anonymous hacktivists leak Mafia, corruption documents compromised from Italian Government


Anonymous hacktivists has leaked a number of documents which is said to have compromised from the personal computers of regional administrations, mainly presidents of Calabria, Lombardia, Sicilia, Toscana, Campania and Puglia.

The leak is only the first leak in series of leaks targeting Italian regional Government. This first leak contains documents compromised from personal computer and mobile devices of Giuseppe Scopelliti, an Italian politician and a member of The People of Freedom political party.

"Giuseppe did nothing to stop mafia in Calabria spreading like plague,
nor he did anything to at least look like trying." hackers wrote in cyberguerilla website.


The hacktivists have posted a 400MB archive file containing 1000 documents and Gallery of 27 documents.

"This is just a beginning. People of Italia do have the right to know what the government is involved in, especially when it comes to mafia wars and corruption in the region." hackers wrote.

12 Year old Anonymous hacker hacks websites for Video Games


A 12 year old school boy from Quebec has admitted hacking several government and police websites as part of Anonymous operations  in spring 2012.

According to Toronto sun report, the boy whose name can't be published is said to have involved with computer since he was 9 year old.

His actions were not politically motivated.  He traded the pirated information for video games.

The hacker is said to have hacked websites including government sites of Chile, Montreal Police sites, , the Quebec Institute of Public Health and some other websites.


Court heard he used different cyber attacks including defacing websites, compromising data from servers and Denial of service attacks.

Operation Direnis: RedHack and Anonymous Team Up for November 5 Protests


November 5 is Guy Fawkes Day on which Anonymous hacktivists and activists from all over the world participate in various protests.

According to Softpedia report, the famous Turkey hacktivists "RedHack" and the world famous hacktivists "Anonymous" have said to have teamed up for the Nov 5 protest.

The operation has been dubbed as "Operation Direnis(#OpDirenis)", "dirensis means "resistance" in Turkey.   Interestingly, the individuals claimed there will be no defacement, data leaks or any other cyber attacks!

 “Both Anonymous and RedHack are not solely based on hacks, leaks or the exposure of corrupt officials. The very core of both groups are based on activism, in where upon protesting and rebellion is an act of not chaos or anarchy, but of justice, truth and liberty,” the initiators of the operation stated.

 “We are here with you today to warn you of an operation that will either go down in history, or it will be forever forged in the stones of rocks, deep in the shadow and forgotten,”

 “It is up to the people of Turkey to make one final push to declare both their civil, human and political rights.”

Anonymous Venezuela hacks Venezuelan Military and other government websites



The Anonymous Venezula has hacked into a number of Venezuelan government websites that includes Military website.

The list of affected websites includes hidropaez.gob.ve, Military Technical Academy(atmb.mil.ve), Military Counterintelligence Directorate(dgim.mil.ve), Aragua Police website(policiadearagua.gob.ve), Municipal Police of Vargas(policiamunicipalvargas.gob.ve).

The group also hacked one educational website "University of Falcon(udefa.edu.ve) .

"Good day Venezuela. What seemed to them the night and early morning we offered? In the next few days are a lot more action ;)" The tweets posted by the group reads.

"We are not criminals, we are just citizens voicing their dissatisfaction with this crap called "government". Politicians Tremble!"

At the time of writing, most of the websites are still showing the defacement page.

Jordan's PM's website hacked by Anonymous hacktivist


Anonymous hacktivists have hacked into official website of Jordan's Prime ministry in a protest against raising taxes and prices.  The website was defaced with a message in Arabic to Prime Minister Abdullah Nsur.

"Hi uncle, how are you? We are sorry, we hacked your website. Are you upset? We feel much worse when you raise prices. The people know this feeling but you do not," the defacement message reads.

According to Voice of Russia report, the website has been restored after it was hacked for several hours.  The official claimed to have identified the attackers.

At the time of writing, the website(pmo.gov.jo) is offline.  You can still view the defacement in Google cache: http://webcache.googleusercontent.com/search?q=cache:http://pmo.gov.jo/PMO_Images/635159460595068250.htm

#OpTurkey - Fox Turkey & VodaSoft hacked by Anonymous

Anonymous hacktivists continue their cyberattack against Turkey.  Today, they have breached Fox turkey and Vodasoft Call Center Solutions websites.

The security breach is part of the ongoing operation "#OpTurkey" which was kicked off in response to the government's violent attempt to suppress Turkish protests.

Unfortunately, the Government fails to know the violence against protesters will get the attention of Internet activists.

Hackers leaked more than thousands data from the Fox Turkey website(fox.com.tr) which contain ip address, email ids and name : http://nopaste.me/paste/208744166651b10f0ba7d44

The Vodasoft's leak comprise of username, email address, name and password details :http://nopaste.me/paste/126630249651b1068f3ee4c

Recently hacktivists breached the Prime minister website, Ministry of Interior and more Turkey websites as part of the operation.

Four Anonymous hacktivists arrested in Italy

Italian Police have arrested four suspected Anonymous hackers who are believed to be the hackers who participated in the "Tango down" operations.

Four men arrested are a 43-year-old man from near Lecce, a 20-year-old from Bologna, a 28-year-old from the province of Venice and a 25-year-old from the province of Turin.

The four individual part of hacktivist movement are being accused of various attacks including a Distributed-denial-of-service(DDoS) attack against the Vatican government websites.

The police said the group also hacked into organizations for selling their IT solutions as antivirus, according to RT report.



North Korean News website Uriminzokkiri, Twitter, Flickr account hacked


Anonymous hacktivists have breached the North Korean news website (Uriminzokkiri.com) and defaced it, the hackers also took control of the Twitter account and Flickr pages.

The security breach came after the hackers claimed to have compromised 15k user data of Uriminzokkiri.  Few days back, they leaked the part of  compromised data that contains email address, password. Recently, they leaked 9001 records from Uriminzokkiri (pastebin.com/4g44jfNF).


The main site is offline at the time of writing, but the hacker still has access to the Twitter and Flickr account.  The hackers have tweeted the list of hacked sites in Twitter and have uploaded four pictures in Flickr.

 They have also defaced few websites with a wanted poster where Kim Jong Un was drawn as a pig.  

"Threatening world peace with ICBMs and Nuclear weapons. Wasting money while his people starve to death.  Concentration Camps and the worst human rights violation in the world." hacktivists mentioned in the poster as a list of crimes made by Kim Jong Un.

Anonymous Twitter account allegedly hacked by Rustle League

We can refer this week as Twitter account hack week. Following the high profile twitter account hack, now twitter account of a hacker also hijacked by hackers.


A Hacker group called as Rustle League has hijacked @Anon_Central, Twitter account belong to one of the Anonymous hacktivist that has more than 160k followers.

"The reason Anonymous fell victim is probably human weakness," BBC cited as Graham Cluley saying, senior consultant at security firm Sophos.

"Chances are that they followed poor password practices, like using the same password in multiple places or choosing a password that was easy to crack.

In response to the numerous account compromises, Twitter has issued a “friendly reminder about password security” in which they advise users to follow four important rules to make sure their accounts aren’t hacked.

Anonymous Argentina hackers attack INDEC website in Argentina


The Anonymous hacker collective from Argentina launched Distributed-denial-of-service(DDOS) attack against the INDEC national statistics website in protests of the recently released official inflation rate numbers.

"indec.gov.ar # TANGODOWN by # Anonymous They lie to the people but the people keeps his word # OUTSERVICE INDEC FRITANDOLO" The Hackers posted in Twitter.(Translated)

“We have left the INDEC out of service and it will remain like this for a while. Is this a joke? People can eat with $5.50 now, when it used to be $6?”, the tweet reads.

"indec.gov.ar controlled by # Anonymous Admins Messrs. happens both in super slow with $ 5.50 to buy # OpArgentina" The tweet reads.

"INDEC cont lying now say their site works xD oops.! Control is by # Anonymous # SinLideres We are the voice of the people we are Legion" The recent tweet from hacker reads.

According to hacker tweets, they have launched ddos attack against few other Government websites including Ministry of Economy and Finance of Argentina(mecon.gov.ar), Ministry of Defence(mindef.gov.ar).

At the time of writing , the INDEC websites is still down.

Anonymous hacktivist leaks 1.41 GB of Confidential data from AHK.DE

Anonymous hackers have leaked a 1.41 GB archive allegedly containing file stolen from German Chamber of Commerce (AHK.DE).

According to hacktivists statement, 2.7 Gigabyte of internal documents has been stolen from AHK office in Ukraine and Azerbaijan all from the personal computers of delegate of German economy in Ukraine, Alexander Marcus and his wife - Russian citizen and also FSB operative.

http://1337x.org/torrent/451326/German-Chamber-of-Commerce-and-Bahar-Energy-Socar-leak/

The hackers have published a preview of the leaked data which contains a number of 65 images representing scanned copies of various documents and identification papers.

"AHK is a type of organization which does lobby business processes in many countries while gathers intel on many business entities worldwide. " The hacktivist said in the leak.

"Just like in presented release of Ukraine and Azerbaijan offices of AHK - we can find internal info which AHK is not suppose to have in a first place - internal documents and financial reports and confidential agreements of Bahar Energy and SOCAR (Azerbaijan), Ministry of Internal Affairs of Ukraine etc.