Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Government websites hacked. Show all posts

The Russian Hacker Group Killnet Took Down the Anonymous Website

 

The Russian hacker group Killnet said that they took down the Anonymous website "anonymoushackers[.]net" and called on Russians not to believe the Internet fakes and to stay calm. Killnet's appeal was published on one of its Telegram channels on Tuesday, March 1. 

According to the hacker group, "the Internet is full of fake information about hacking Russian banks, attacks on the servers of Russian media and much more. All this has no danger to people. This "information bomb" carries only text. And no more harm. Don't give in to fake information on the Internet. Do not doubt your country". 

Hackers blamed the events in Ukraine on the country's President, Vladimir Zelensky, as well as American leader Joe Biden. The leaders of the EU countries, as they say in the appeal, are following the lead of the United States. 

 According to independent verification done by CySecurity News, there is no official website for Anonymous Group. 

Russian hackers said that they had already disabled the website of the Anonymous group, along with the website of the Right Sector banned in the Russian Federation. The Anonymous hacker group declared a cyberwar on Russia and claimed responsibility for a hacker attack, for example, on the RT website. 

On February 28, the websites of Izvestia, TASS, Kommersant, Forbes, Fontanka, Mela, E1, Buro 24/7, RBC, Znak.Com and other Russian media were hacked. On the same day, massive DDoS attacks were launched against websites of the Crimean government and authorities. Hackers used a botnet with IP addresses mostly located in North and South America, Taiwan, and a number of other countries. 

On February 26, the Ministry of Information reported that users of the public services portal may face difficulties when working with the services of the site due to cyberattacks. At the same time, the department clarified that the personal data and information of citizens are reliably protected. On the same day, the administration of the President of the Russian Federation reported regular cyberattacks on the Kremlin's website. Moreover, Russian Railways reported that the company's website is subject to regular serious DDoS attacks. 

Earlier, Information security expert Nenakhov told what danger Anonymous hackers pose to Russia. According to him, DDoS attacks are the easiest thing that can happen. Government websites, government online services such as Gosuslugi, email, social media accounts of politicians, websites, and the IT infrastructure of state banks and defense companies are relatively more vulnerable to attacks.


Lake County government shuts down servers after ransomware attack

After the massive cyberattack in Texas, officials from Lake County, Illinois revealed on Friday, August 23 that the county has been hit by a cyberattack that forced the shutdown of email service and several internal applications.

The officials also mentioned that the breach came in the form of ransomware, which is a type of malware that prevents users from accessing their system or personal files and demands a ransom payment in order to regain access.

Mark Pearman, director of county's information technology office said that on Thursday, August 22, the IT staff was installing cybersecurity software on 3,000 individual employee laptops and working on the process to remove the ransomware malware from 40 county servers.

The ransomware attack was first noticed by systems administrators on Thursday and to prevent it the IT staff started taking encrypted and unencrypted servers off the network.

However, the official clarified that there was no evidence of data theft from county servers and restoring the systems will take the entire week and more information about the attack will be known by Monday, August 26.

As reported, the IT department is working with the county's cybersecurity contractor, Crowdstrike to conduct a damage assessment. This process includes scanning of all the servers, almost 3,000 computers to determine those infected by the ransomware.

Almost a month ago, LaPorte County, Indiana also suffered a similar breach and the authorities paid a ransom of $132,000 worth of Bitcoins to the hackers to restore the access to affected systems.

Another ransomware hit 22 Texas town governments and recently Louisiana was also forced to declare a state of emergency after some of its school districts' networks were hacked. Now, Texas' 22 town government has become the victim of ransomware.

After all these events, National Guard Chief Gen Joseph Lengyel called the events a "cyber storm." He also mentioned that these multi-state cyber attack reiterates the need for more standardized policies and training for cyber units across the force.

Elliot Alderson(FSociety) hacks BSNL


Elliot Alderson sends information of vulnerabilities he found on BSNL. he released this from his twitter handle "fs0c131y".

It looks like he has found multiple vulnerabilities like sql injection, ransomware attacks on two servers and broken authentication. he claims some of these vulnerabilities were reported by another hacker in India 2 years back and BSNL did not respond back.

It is unclear if this hacker passed on some of the vulnerabilities to "Elliot Alderson"

According to the hacker, "You will find multiple issues with different level of severity. All these issues have been reported to BSNL via Twitter. I discussed with @BSNLCorporate and a member of their IT team. They acknowledged the issues and fixed them".

It is very interesting to note, BSNL has talked to the hacker and worked on their issue and patched/fixed/taken down some of these site. Most of the vulnerabilities have been addressed.Contrary to the claims, BSNL action has been proactive.


The same hacker had earlier identified vulnerabilities in multiple website like Indian express, aadhar, punjab police and Bangalore police.

It is unclear if law enforcement agencies have registered cases to pursue the hackers.

"Law enforcement agencies can take action if the affected parties register compliant", says a senior law enforcement officer.

According to a Mumbai based IT security company , "we believe the intrusion are from hackers in india(who may have used vpn and tor) to hide their identity, If the hackers only wanted to expose vulnerabilities, they should work with penetration testing company who are CERTIN Empaneled. They will earn out of this exercise".

Another IT Security Company who worked for close to 20 years in information security says, "This is work of a script kiddie. BSNL security was like 0/10 and this guys skill is 1/10."


Ministry of External Affairs thanks hacker for Inputs on Vulnerabilities


Kapustkiy, the hacker who hacked into 7 Indian Embassies and also hacked into Indian embassy in New York wrote to E Hacking News. In exclusive email he says he was in for a surprise when a senior Indian government official sent him an email.

Kapustkiy claims "They have started to fix everything one by one, and thanks all media for the support", he claims he had no malicious intent and only wanted to show that these vulnerabilities existed. He resorted to posting on pastebin only because the Embassy Officials did not respond to him.

Kapustkiy sent a screenshot of email(to E Hacking News), he received from the joint secretary in MEA. The Senior MEA officially has appreciated kapustkiy's efforts to bring forth the vulnerabilities. He requested the hacker not to post further hacks into pastebin. 

Kapustkiy was pleasantly surprised by this email from Ministry of external affairs.

"Corporate India should learn from this incident, how Government of India has responded to such an incident where they appreciate the hacker and take steps to fix the vulnerabilities. Most Indian corporates cover up security breaches in India, maybe they should take a page from the Indian Government" says J Prasanna, Director, Cyber Security and Privacy Foundation Pte Ltd.

Seven websites of Indian Embassy hacked, database leaked




Seven domains of Indian Embassy in Europe and Africa has been hacked and published by Kapustkiy & Kasimierz L on Pastebin.com (http://pastebin.com/GqJcwSSc).

The countries where Indian Embassy got affected are South Africa, Libya, Italy, Switzerland, Malawi, Mali, Romania.

Indian Embassy in South Africa (http://www.hcisouthafrica.in/)  was the first one to be hacked.  The hackers published the admin login detail and password, other than that they also published the whole database containing the name, passport number, email-id and their phone numbers. The published data contains 161 entries, and the database contains 22 tables.

While the  Indian Embassy in Bern was the second target (http://indembassybern.ch/) and it contains 3 databases with 19 tables with total 35 entries, and login details with passwords. The compromised data includes the name, last name, email id, address, college, and a course where students are enrolled.

The third country that got affected is Italy. The hackers hacked three databases with 149 entries, including the name, email-id, telephone numbers, and their passport numbers. Here also the affected are the students.

In Libya also the Indian embassy's three databases were hacked with 24 tables and 305 entries. While High Commission of Mali was the least affected by this hack, with 14  entries and 16 tables.

The Indian Embassy in Malawi hacked database contains the 74 entries with 16 entries, including their name, email-id, and their mother name. The Romanian Embassy saw the hack of two databases with 139 entries and 42 entries separately with their passport numbers.

When E Hacking News contacted the hacker, he clarified that "I am from Netherlands. I've found several SQL on their website and I reported it.But they ignored me so I dumped there db" - says hacker on email.

Brazil Government website hacked, redirected to malicious website

malicious javascript

Security Researcher at F-Secure has spotted a piece of malicious code injected in the official website of the City of Franca in São Paulo, Brazil(franca.sp.gov.br).

Hackers managed to place a malicious javascript code in one of the javascript file which loads malicious flash object.  The flash object redirects visitors to a malicious domain.

Researcher didn't specify what exactly served in the malicious domain.

The website using outdated joomla version(1.5), Cybercriminals might have exploited any known vulnerabilities.  According to researchers, this is not the only Brazil government website using outdated CMS.

F-Secure has contacted the Brazil's  Computer Security and Incident Response Team - CTIR Gov and informed about the incident.

Kerala Government websites hacked by Syrian Hacker 'Dr.SHA6H'

A Syrian Hacker using online handle 'Dr.SHA6H' who is known for his Government websites' hack, now started targeting Indian Government websites. Today, he hacked into a number of Indian Government sites and left them defaced.

The hacker claiming he is a Syrian who does not accept "the Syrian regime's actions of murder, rape and destruction with the support of most of the countries". He wants to save Syria from Hell.

Though it is still in question why he targeted Indian government, he left a message related to Syria in the defacement.

"Today, after looking at what faces ( Syria ) note most of the countries in the world do not want help Syria. There are a lot of countries all over the world enter the irrational intervention in the problems of other countries such as the
United States intervened in the problem ( Osama bin Laden ) Why .. !?" The defacement message reads.


"Now, America and other countries do not interfere in the problem of Syria Is
there an international interest with ( Bashar al-Assad ) .. !? Or economic interest
or is a political interest ( We do not understand ) .. We want answer all the countries of the world, there are children dying, women raped and houses destroyed."


 
The affected Indian sites are belong to the Kerala State Government websites.  The list of hacked websites are INSIGHT(insight.kerala.gov.in), Kerala State Blood Transfusion Council(blood.kerala.gov.in), Thiruvananthapuram Medical College(tmc.kerala.gov.in), Kerala State Planning Board(spb.kerala.gov.in).

The other affected sites are :
  • Right to Education Kerala(rtekerala.gov.in)
  • Thiruvananthapuram(trivandrum.gov.in)
  • Fisheries Network Information System(fishnetkerala.gov.in)
  • Ombudsman For LSGI Kerala (ombudsmanlsgiker.gov.in)
  •  Farm Information Bureau(fibkerala.gov.in)
  • Arogyakeralam National Rural Health Mission Kerala Web Portal (arogyakeralam.gov.in), sevana.gov.in

Pakistan Army website and Facebook fan pages hacked by Indian Hacker


If you are regular reader of EHN , you know that this is not the first time the Pakistan Army website is under cyber attack.  Once again Indian hacker "Godzilla" breached the Pakistan Army website.

Speaking to E Hacking News, the hacker said that he hacked into "pakistanarmy.gov.pk" and left a malicious PDF file disguised as a magazine.


The admin clicked the PDF exploit which results in his computer is infected with malware.  It allowed the hacker to compromise the facebook fan pages.

The following Facebook fans pages deleted by the hacker : Pakistan Army Official Facebook Page (www.facebook.com/OfficialPakArmy)  Pakistan Army Officers Club Facebook Page (www.facebook.com/fb.paoc), Pakistan Army Fan Facebook Page(www.facebook.com/pakarmyfanpage).

He claimed the admin removed the login page of CMS used by the website but failed to remove the backdoor.

"Now no more deals, if you can fire then we can bombard  You are punished for breaking ceasefire we are coming for you." Hacker stated as reason for the cyber attack.

The website and facebook pages has been recovered at the time of writing.  It also appears the admin of the facebook pages blocked India from accessing the pages.

You can find more proof and details about the hack here:
http://pastebin.com/3jkp6k2e

Thailand Prime Minister website hacked and abusive message posted

An unknown hacker breached the website of the Prime minister Yingluck Shinawatra's office (opm.go.th/opminter/mainframe.asp) and posted abusive message with the altered photo of her.

"I’m a slutty moron” The offensive comment made by the cybercriminals in the defaced page. “I know that I am the worst Prime Minister ever  in Thailand history!!!”.

Although the defacement sign says it was hacked by the hacker group "Unlimited Hack Team", the team denied the involvement in the security breach.

Image credits: manager.co.th

“It might have been done by some teenagers... or maybe it was for political purposes,” the prime minister’s secretary-general, Suranand Vejjajiva is quoted in the NewStraitsTimes' report as saying.

Hacking a website is easy... but don’t forget that checking who did it is not hard either,” he told reporters.

It appears the security breach comes after she filed a defamation case against a cartoonist for allegedly comparing her to a prostitute on his Facebook page.

Nepal Government websites hacked by Muslim Cyber Sh3ll'z


"Old is Gold" but it is not applicable for your CMS. A Number of Nepal government websites which use out-dated joomla version have been breached by a group of hackers.

The security breach was done by the group called as Msulim Cyber Sh3ll'z. The same group yesterday hacked into a number of Bangladeshi and Vietnam government website.

The list of affected sites: Nepal Law Commission(lawcommission.gov.np), deonuwakot.gov.np, www.dadokanchanpur.gov.np, Department of National Park and Wildlife Conservation(dnpwc.gov.np), Ramgram Municipality(ramgram.gov.np), nidmc.gov.np.

The websites have been defaced with a simple message "Box owned by shockwave Khan! This time nepal Government Boxed xd. No comments".

Mirrors:
http://zone-h.com/mirror/id/19664452
http://zone-h.com/mirror/id/19664453

Haiti, Vietnam,Turkmenistan Government sites defaced by Islamic Ghost Team


A hacker group named as "Islamic Ghost Team" has breached government websites from Haiti, Vietnam,Turkmenistan.

Haiti government websites including Interministerial Committee for Planning(CIAT.gouv.ht) , Ministry of Planning and External Cooperation(mpce.gouv.ht) is affected by this security breach.

The hacked site includes sub-domain of Commerce and Industry of Turkmenistan website(cotton.cci.gov.tm), sub-domain of Electronic portal Pacific if Vietnam(soyte.binhduong.gov.vn).

The team left their footprints on the affected websites by uploading their defacement page.  The hackers didn't specify any specific reason for the attack.

From the Zone-h archive, the hacker seems to target the Government websites.  In the past, the team defaced government websites from Panama, Saudi Arabia, Malaysia, Kenya, Libya.

Cyber Attack shuts down Election Commission of Pakistan website


The Election Commission of Pakistan(ECP) website reportedly suffered cyber attacks - Pakistan Government temporarily shuts down the www.ecp.gov.pk to avoid further cyber attack.

The attacks are allegedly originated from Asia and Russia, according to Director General IT, Khizar Aziz statement.
 
“Had our host server was based in Pakistan, then there could have been immense loss,”The Pakistan Today quoted as Khizar Aziz saying.

He said the ECP host server is Canada-based server.  He also said that they are transferring the ECP to more secure server to prevent future cyber attacks.

"Aziz said that ECP’s website has been shutdown under a deliberate strategy to avoid further attacks during the transition period." The Pakistan Today report reads.

Turkey Contact Point and Central Finance & Contracts Unit websites database leaked by D35m0nd142


Two Turkish Government websites found to be affected by critical SQL Injection vulnerabilities.  The hacker known as D35m0nd142 has exploited this vulnerability in a such way that he compromised database of those websites.

 The two affected sites are 'Central Finance & Contracts Unit (cfcu.gov.tr)' and 'Republic of Turkey Ministry of Economy(tcp.gov.tr)'.

In the dump(pastebin.com/GgjcKggL) belong to CFCU, the hacker leaked the 912 email addresses and encrypted passwords. 

"I've hacked over 96000 accounts but I've published just 912 of them and all encrypted." D35m0nd142 wrote where the data was leaked.

In the dump (pastebin.com/ZuzMqCqA) belong to TCP.gov.tr, the hacker leaked the 96 email addresses and encrypted passwords.

Pakistan goverment site again hacked via SQL Injection vulnerability


Indian hacker Godzilla has once again hacked a very important Pakistani site  www.pakistan.gov.pk .

He took down lots of Pakistani sites just a few days ago. http://www.ehackingnews.com/2013/03/indian-hacker-godzilla-leaked-pakistan.html

Then he told the reason behind the attacks that "Pakistan is a country which is currently supporting terrorist activities through ISI, and if they regret Pakistan army and Ministry of Defense mail server backups are enough to proof how closely the are related to terrorism. Pakistan stop these activities before its too late."

The attack seems to be done via SQL injection.





He finally noted that "No matter how hard you try we will get inside in no time." 

Speaking to EHN the hacker said "Admins and Governments takes website security lightly thinking that they are hosted outside  gets treated through your inside network. Thats enough to get inside your network"

United States Sentencing Commission(ussc.gov) hacked and defaced by Anonymous


Anonymous hacktivists breached the website belong to United States Sentencing Commission (ussc.gov) and defaced the site under the operation called "#opLastResort"

" Two weeks ago today, a line was crossed. Two weeks ago , Aaron Swartz was killed. Killed because he faced an impossible choice. Killed because he was forced into playing a game he could not win -- a twisted and distorted perversion of justice -- a game where the only winning move was not to play." The defacement message reads.

"With Aaron's death we can wait no longer. The time has come to show the United States Department of Justice and its affiliates the true meaning of infiltration. The time has come to give this system a taste of its own medicine. The time has come for them to feel the helplessness and fear that comes with being forced into a game where the odds are stacked against them."

The full defacement message can be found here:
http://pastebin.com/Fbx3k2pX


Few days back, Anonymous defaced a Massachusetts Institute of Technology(MIT) website to denounce the charges against him and urge computer crime law reform and more support for open access initiatives.

11 Government websites hacked and defaced by AnonGhost



A hacker group calling itself AnonGhost has hacked into 11 Governmemt websites belong to different countries.

"To All Governments of the World, We are watching you , we can see what you're doing , we control you , we are everywhere. Rememeber this, The people you're trying to step on, we are everyone you depend on. "the hacker said in the defacement page.

"We are the people who do your laundry and cook your food and serve your dinner. We make your bed. We guard you while you are sleeping. We drive the ambulances. We direct your calls. We are cooks and taxi drivers, we are everyone you come into contact with on a daily basis. We know everything aboutyou. We process your insurance claims and credit card charges. We control every part of your life. Together we stand against the injustice of corrupt Governments."

Most of the hacked websites are from Bangladesh and few sites from brazil and greek.

The list of hacked sites and mirror can be found here
http://pastebin.com/3WSLEg9k

36 Mexico Government website hacked by Teamr00t

teamr00t hacker

Once again the Teamr00t comes with the mass defacement of Government sites . This time Mexican government sites are being targeted. 

"# It is time the Mexican government started to help the people of Mexico. Drugs, corruption and poverty continues to grow, and must be dealt with! #" Hacker said in the press release.

At the time of writing , most of websites displays the defacement page and few sites has been recovered and displays "forbidden" or "404 not found" error.

The list of hacked sites with link  to mirror can be found here:

http://pastebin.com/3L0c4rmf


44 Government sites hacked and defaced by Teamr00t


teamr00t hacker
The hacker group "Teamr00t" become more active in recent days and keep providing mass defacements. Their favorite target is Government website.

Today, they have defaced more than 40 Government websites. Most of the hacked government sites are Mexico. Also, Indonesia, Bolivia Brazil, Peru and Thailand sites are defaced by the hackers.

The sites are defaced with their usual message to the government. Most of the websites still displays the defacement page.

The full list of hacked sites can be found here:
http://pastebin.com/Z5PvSU7U
So far, they have hacked large number of government websites belong to various countries.  Yesterday, they hacked more than 20 Government websites.  You can find the hacks of Teamroot here : Teamr00t .

RedHack hackers breached Turkish Finance Ministry but officials deny it


The famous hacker collective RedHack claimed to have hacked into the systems of Turkish Ministry of Finance, as part of the protest against the fact that the salary raises of civil servants had been 'ridiculously small.'

However, Turkey Finance Ministry has denied the hacking claims from RedHack.

“All systems provided by the ministry through the Internet have been working without any problem,” Hurriyet Daily News quoted the statement from the ministry .

A legal investigation into RedHack was launched after the group staged a cyber attack on the Ankara Police Department’s website in February 2012.

Turkish authorities have named RedHack as a terrorist group. Prosecutors demanded up to 24 years in prison for alleged members of the hacker group for the cyberattacks they’ve launched against government systems over the past years.

In the first hearing, held Nov. 26, an Ankara court freed three arrested suspects in the alleged hacking case, pending trial.

400+ Chinese Government sub domains defaced by code cracker


A hacker with online handle "code cracker", from the hacker group " Pakistan cyber army", has defaced more than 400 sub domains belong to Chinese Government.

It seems like hackers managed to breach the main website Xuchang City People's Procuratorate. All of the defaced sites are sub domains xchjcy.gov.cn. Also few other defaced sites has been listed there.

All of the hacked websites has been injected with a html file called "Crack.html" that displays the defacement message.  The main pages are not affected.

The full list can be found here:
http://pastebin.com/HMm1cdXT