British National Party's Twitter account and website hacked by Anonymous


A Hacker appears to affiliated with Anonymous hacktivists has hijacked the official twitter account of British National Party(BNP) and started to post anti-government and hateful messages.


The hacker also managed to deface one of the subdomains of BNP(British National Party Twitter account hacked by Anonymous ).  The defacement message simply says "Hacked by Anon_0x03, [redacted] the Government!"

When an user asked about the motive of the attack, the hacker simply replied that BNP is a random target.

"I'm not even from GB." the tweet posted from hacked BNP account(@BNP) reads.

It appears hackers have access to the account for more than 20 hours.  But, No one from BNP have noticed.  The recent tweet says "damn racist".

At the time of writing, the hacker has still access to the BNP twitter account and the subdomain is still defaced.

#OpTurkey: Hacktivists hit Turkey with massive Cyber attack


Turkey suffers massive cyber attack after several hacktivists started to participate in the ongoing hacking operation against Turkey government.  "#OpTurkey",the operation was launched in retaliation to the violent police response against protesters.

A hacker group from Turkey named TurkHackTeam has claimed to have breached ofmuftulugu.gov.tr and Mufti COUNTY CERKES (cerkesmuftulugu.gov.tr).

The group leaked some info from the server  :
 1.http://pastebin.com/pF93F7Uf
 2. http://pastebin.com/CcGuBD9H

Even Syrian Electronic Army who usually target western media participated in the operation and breached Turkish Prime Minister(PM) and Turkish Ministry of Interior websites.

 The group left a message on the defacement page: "Syria and Turkey are one. We salute Turkey's brave protesters"

Atlantic Bank, Fidelity Bank Ghana and few other sites hacked by Sepo


A hacker with twitter handle @anon_4freedom a.k.a "sepo" who has been quite for some time, has come with some interesting hacks.  Today he hacked into multiple Bank websites.

 The list of affected websites includes Atlantic Bank Group (banqueatlantique.net), Fidelity Bank Ghana(fidelitybank.com.gh),Italian Labour Union ( uil.it), Agricultural Development Bank of Ghana (agricbank.com).

The hacker managed to identify the SQL injection vulnerabilities that allowed him to gain access to the database server.  At EHN, we have verified the vulnerability.   

All leaks (pastebin.com/u/HackinotrThe) just contain server details, database details such as Database username, OS, Database name, SQL version  and Host IP.  It also contains the list of table names.

Hacker didn't the leak the personal data of users because he don't like to expose the normal people's data.

South African Police Service website breached by #Anonymous


The official website of South African Police Service has been breached by the Anonymous hacktivist with online name "DomainerAnon". 

"This action is to serve as a reminder to the government regarding the murders of 34 protesting miners outside the Marikana platinum mine by police. "Hacker stated as reason for the attack.

"To date no officers have been brought to justice... This situation will NOT be tolerated. #OpMarikanaMiners"

The hacker provided a link to the database dump(pastebay.com/1232460) that includes Usernames, hashed passwords, Telephone numbers and few other details.

He also shared a 13Mb size file named "EMAILS.csv" in the DatafileHost which is said to be contain emails.

Suspected Anonymous hackers arrested in Jordan for #OpIsrael attack


A massive cyber attack dubbed as "#OpIsrael" launched by joined Anonymous hacktivists hit the Israel websites.  Hackers launched ddos attacks, defacements, database leaks and social network hacks.

Following the cyber attack, Jordanian security forces has arrested several youths who are allegedly participated in the cyberattack.

In response, Anonymous threatened to attack Jordanian internet sites. The group demanded the activists' immediate release.

"A Facebook group called 'The Third Intifada – Jordan' boasted that 100,000 Israeli internet sites had been disabled" Arutz Sheva Israel News report reads.

Bangladesh Government websites defaced by Rahm Anonymous

An Anonymous Hacker with the twitter handle " Rahm Anonymous " has launched cyber attack against the Bangladesh Government websites.

The hacker defaced the following Government websites: Sub-domain of Bangladesh Public Service Commission(portal.bpsc.gov.bd/rahm.php), SEQAEP (www.seqaep.gov.bd/admin/), nidw.gov.bd/administrator, Bangladesh National Commission for UNESCO(bncu.gov.bd/administrator/ ).


He also claimed to have taken down more than 40 Bangladesh Government websites.  The hacker has posted a list of affected websites in pastebin(pastebin.com/CMLu4vMP).

EHN has tried to verify the hacker claim about the DDOS attacks, the site seems to be down but those sites are working with "www".

At the time of writing, the defaced websites still hosts the defacement page uploaded by the hacker.

"WELCOME BACK ADMIN-- --YOUR SITE GOT HACKED!!!-- NOTHING PERSONAL WITH YOU--THIS IS JUST BECAUSE OF--YOUR STUPID COUNTRY . HACKERS ARE ABUSING OUR RELEGION. AND WE ALWAYS WANTED PEACE BUT NOW THE SHORE IS GETTING OFF. NOW THIS IS JUST THE BEGINNING!!! " The hacker stated in the defacement page as reason for the attack.

Philippines President site & other Government sites hacked by Anonymous Philippines


Anonymous Philippines has breached several Philippines Government websites including the official website of the Philippines President website.  The hackers managed to publish an article in the President website(http://1.president.gov.ph/news/anonymous-philippines/) with title "Anonymous Philippines" .

"Greetings, President Aquino! We have watched how you signed into law a bill that endangers and tramples upon the netizens’ freedom of speech and expression. Now, we are silent witnesses as to how you are mishandling the Sabah issue." The article published by the hackers reads.

"We did not engage the Malaysian hackers who invaded our cyberspace since we expected you to appropriately and judiciously act on the same, but you failed us. You did nothing while our fellow brothers are being butchered by the Malaysian forces, and while our women and children become subject of human rights abuses. If you can’t act on the issue as the Philippine President, at least do something as a fellow Filipino. We are watching."

The security breach was initially published by the Clifford Trigo in The PinoyTechNews and notified to EHN about the hack.

The hacker also defaced the following Government websites :
http://www.gdelpilar.gov.ph/
http://www.calasiao.gov.ph/
http://bolinao.gov.ph/
http://mauban.gov.ph/
http://apayao.gov.ph/
http://www.mauban.gov.ph/
http://www.drd.pnp.gov.ph/

At the time of writing, all of the government websites still displays the defacement page except the President websites.  The article published in President website has been removed.

Teleton Colombia database hacked by LulzSec Argentina


LulzSec Argentina hacktivist has managed to identify multiple security flaws in the Teleton Colombia website(www.teleton.org.co) -   fundraising event broadcast on television.

The hacker managed to exploit the SQL Injection vulnerability in the website and extracted the database.  He dumped the database in a paste (pastebin.com/hY4ibzmn).

The leak contains personal information including names, date of birth, email addresses, usernames.

The hacker leaked the admin user id and password(plain-text) in one of the tweet posted in his official twitter account.

He also identified a Non-persistent Cross site scripting vulnerability in the Teleton.org.co. POC Code :
teleton.org.co/buscar/articulo/?texto=1<ScRiPt >prompt(910244)</ScRiPt>

Team M3DU5A hacked Constantin Film and leaked login credentials


The hackers from a group called "TEAM M3DU5A" have hacked into the official website of Constantin Film AG (www.constantin-film.de)- a German film production and film distribution company.

The hackers managed to compromise the database and leaked in the pastebin(pastebin.com/vW40pRFL).

The dump contains the username and MD5 hashed passwords belong to Backend page . It also contains the username & plain-text passwords for the Movie and Budget Database .

In addition to the login credentials , the team leaked the a number of email addresses compromised from the server and links to login pages.

The group also provided two screenshots which shows that they have successfully logged in with the stolen credentails , allows them to create new movie project post.

Report says the hacker attack was retaliation for the shut down of an illegal file sharing website drei.bz by German copyright protection group GVU

"F*** the Copyright Lobby and Contentmafia | F*** the GVU | F*** the GEMA | RIP drei.bz" Hacker said in their leak.

The Constantin Film website uses the open source CMS TYPO3 . Recently, Typo3 updated their version to patch a critical SQL injection vulnerability which is found to be exploited in the wild. It seems like Constantin Film fails to update to the latest version.

Chinese Government website pzhws.gov.cn hacked by lot of hackers


Today, One of the Anonymous News twitter accounts @PublicAnonNews announced that an anonymous hacker called Av4sT defaced the Panzhihua Health Information Network - one of the Chinese Government websites.

When i tried to visit the page pzhws.gov.cn, i have been invited with Anonymous Logo and " Hacked by Av4sT.  Access Denied" Message. 

After Gathering some information about this website, i found that this is not the first time the site being defaced by hackers.

The websites has been breached several times by lot of hackers.  In fact, I am still able to view the previous defacements.  

*A Hacker named s13doeL uploaded a defacement text in the site on 20 Jan,2013.  You can still see the defacement page here: pzhws.gov.cn/z.txt

*A hacker named Jack Riderr from Johor Hacking Crew has uploaded defacement page on 20 Jan 2013. The defacement page is still there: pzhws.gov.cn/folder.htm

* Turkish hackers breached and uploaded their defacement also : 
pzhws.gov.cn/images/rht.htm

* In 2010, HEXB00T3R defaced the site but the defacement has been removed.

I am not sure whether the hackers exploit the vulnerability or the site has multiple vulnerabilities.  The question is whether the Chinese Government about these hack ?! Why they are not taking any steps to protect this website?

MVS Comunicaciones Hacked by MexicanH Team


The Mexian Hacker group named as "MexicanH" affiliated to Anonymous hacktivists has claimed to have breached MVS Comunicaciones (MVS)- a Mexican Media conglomerate that owns owns MASTV, MVS Radio.

The hacker team announced the attack in Twitter that they hacked MVS comunicaciones , and posted a link to database dump(pastebin.com/EYUj5vm3)

The database dump contains more than 3000 usernames, encrypted passwords and email addresses. The data are compromised from 30 different databases. 

Cyber War News analyzed the dump and found that the same email id has been used in different database server; There is around 1700 unique accounts with email ids.

Anonymous Twitter account allegedly hacked by Rustle League

We can refer this week as Twitter account hack week. Following the high profile twitter account hack, now twitter account of a hacker also hijacked by hackers.


A Hacker group called as Rustle League has hijacked @Anon_Central, Twitter account belong to one of the Anonymous hacktivist that has more than 160k followers.

"The reason Anonymous fell victim is probably human weakness," BBC cited as Graham Cluley saying, senior consultant at security firm Sophos.

"Chances are that they followed poor password practices, like using the same password in multiple places or choosing a password that was easy to crack.

In response to the numerous account compromises, Twitter has issued a “friendly reminder about password security” in which they advise users to follow four important rules to make sure their accounts aren’t hacked.

Anonymous Hackers leaked 600,000 credentials from Israeli portal Walla!


An anonymous hacker going by the name of AnonSabre has managed to breach the servers of the popular Israeli web portal Walla. As a result of the security breach, hackers dumped around 600,000 email accounts and passwords. The hack was done as part of the operation called "#OpIsrael".

The hacker first uploaded the compromised data in 93 separate pastebin posts(pastebin.com/6BYg2suP). The links in question are dead at the time of writing.

The leaked credentials were first found by PwnedList, a service that helps users figure out if their account credentials were stolen as part of a hack.

“The data leak included 583,083 credentials. The passwords were hashed and salted, but the salts were leaked as well.” PwnedList .

Walla has confirmed the breach, but the representatives say that the leaked data is useless because the passwords leaked by the hacker are encrypted.

#OpLastResort: Anonymous leaks 4000 U.S. Bank executive details in hacked Alabama Govt Site


Anonymous hackers has leaked login and private information of more than 4000 U.S Bank executives , under their latest Operation Last Resort (#OpLastResort).

Hackers usually choose the pastebin or Anonpaste site for leaking the compromised data. Interestingly, hackers chose a government website for publishing the data. They hacked into the Alabama Criminal Justice Information Center (acjic.alabama.gov) and published the data.

"Now we have your attention America: Anonymous's Superbowl Commercial 4k banker d0x via the FED http://acjic.alabama.gov/documents/oops-we-did-it-again.html … #opLastResort #Anonymous" Hacker announced the attack in Twitter.

The data published by Anonymous contains Addresses, Business Phone numbers, Email addresses, Fax numbers, names, institutions, Login IDs, hashed passwords and titles.

Based on the titles provided in the leak, the data are allegedly belong to Information Systems/Security Officer, EVP & Chief Financial Officer, President, Vice President, Managing Officer, CFO, Asst. Vice President and Cashier, CEO, Vice Chairman, Senior Vice President, BRANCH MANAGER and others.

#OpEgypt: Egyptian government websites under Cyber attack by Anonymous


Anonymous hacktivist launched cyber attack against the Egypt Government websites under the operation called '#OpEgypt'.

The cyber attack comes after naked Egyptian man being dragged across a street and beaten by at least eight riot policemen during a protest in Cairo on Friday.

The hacktivist DDoSed the several Government websites including Egyptian Cabinet(cabinet.gov.eg), official website of Egyptian Ministry of Culture(ecm.gov.eg) and NREA site(nrea.gov.eg).


Few more affected websites are Egypt's Information Portal(eip.gov.eg), Center for Information and Decision Support Cabinet(idsc.gov.eg), The Ministry of Planning and International Cooperation(mic.gov.eg), Ministry of Interior(moiegypt.gov.eg) and Official website of the Ministry of Information(moinfo.gov.eg).

At the time of writing, those websites are still down and being attacked by the Anonymous hackers.

Self Proclaimed Ethical Hacker Trishneet Arora website hacked by Team Cyber-Rog


Last night, Self Proclaimed Ethical Hacker Trishneet Arora official website(trishneetarora.in) has breached and defaced by the hacker group called "Team Cyber-Rog ".

Trishneet is the author of a book "The Hacking Era". And claims himself to be awarded as India's best ethical hacker, Punjab's No.1 Cyber Crime Consultant and World's 2nd Youngest Author of Ethical Hacking Books.Trishneet has been known on the internet as founder of TAC Security Solutions, a cyber security company.

As far as Wikipedia is concerned they deleted his own made page (http://en.wikipedia.org/wiki/Trishneet_Arora) 3 times in the past for the following reasons:

"12:29, 20 October 2012 Bwilkins (talk | contribs) deleted page Trishneet Arora (G4: Recreation of a page that was deleted per a deletion discussion (CSDH))
18:01, 18 October 2012 MBisanz (talk | contribs) deleted page Trishneet Arora (Wikipedia:Articles for deletion/Trishneet Arora)
13:13, 2 September 2012 Boing! said Zebedee (talk | contribs) deleted page Trishneet Arora (G11: Unambiguous advertising or promotion)"

After Numerous restore tries by him , the deface page is still up ,Exposing his true face.  Trishneet as claimed by hackers conducts so called ethical hacking workshops around the country.  A lot of people have informed us that this guy has absolute 0 knowledge in this field and yet goes around acting as a "professional it security expert". All his websites are under free hosting and last night another one of his domain was hacked .

http://pastebin.com/2L3VVyrf

"You have dissapointed us, we will continue to own and expose people like Trishneet . Learn to secure yourself before you teach others . Trishneet ,stop making fake account of girls and and conducting fake workshops for money/profit. We are watching you ,Expect Us!" the message from the Cyber-Rog team. "oh and good luck with your book sales now :P"

The defaced page: http://trishneetarora.in/index.html


We come to know about this hack when a security researcher Vedachala reported a XSS security flaw in the Trishneet website.

The POC code provided by Vedachala for the Reflected XSS:
http://trishneetarora.in/assets/';alert(String.fromCharCode(80,79,79,82,32,78,48,111,98,44,40,86,51,68,64,67,72,52,76,65,32,72,51,114,101,41,46,32,83,51,99,117,114,101,32,121,111,117,114,32,97,36,36,32,102,105,114,115,116,46,46))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(80,79,79,82,32,78,48,111,98,44,40,86,51,68,64,67,72,52,76,65,32,72,51,114,101,41,46,32,83,51,99,117,114,101,32,121,111,117,114,32,97,36,36,32,102,105,114,115,116,46,46))//";alert(String.fromCharCode(80,79,79,82,32,78,48,111,98,44,40,86,51,68,64,67,72,52,76,65,32,72,51,114,101,41,46,32,83,51,99,117,114,101,32,121,111,117,114,32,97,36,36,32,102,105,114,115,116,46,46))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(80,79,79,82,32,78,48,111,98,44,86,51,68,64,67,72,52,76,65,32,72,51,114,101,46,32,83,51,99,117,114,101,32,121,111,117,32,97,36,36,32,102,105,114,115,116,46,46))</SCRIPT>

*Note: This is guest post submitted by one of the Reader.

#OpFreeWildan: Indonesian government sites hacked in protest over Alleged Jember Hacker arrest



Recently, Indonesian Police arrested an alleged member of Jember Hacker Team for hacking the official Presidential website (presidensby.info) earlier this month. Following the arrest, the Anonymous hackers started to attack the government websites.

Wildan Yani S. Hari, 22, who works at an Internet cafe run by company CV Suryatama, was arrested on Friday by investigators from the National Police’s cyber crimes unit.

According to local news report, anonymous hackers hacked at least seven sites, including those of the Justice and Human Rights Ministry, the Social Affairs Ministry, the Tourism and Creative Economy Ministry, the Central Statistics Agency (BPS), the Business Competition Supervisory Commission (KPPU) and the Indonesian Embassy in Taskhent.

An Indonesian hacker also defaced www.pa-bengkulukota.go.id , Rakernas Supreme Court website(rakernas.mahkamahagung.go.id), prakom.depsos.go.id,  trc.depsos.go.id, outreacher.depsos.go.id. 

Anonymous hacktivist leaks 1.41 GB of Confidential data from AHK.DE

Anonymous hackers have leaked a 1.41 GB archive allegedly containing file stolen from German Chamber of Commerce (AHK.DE).

According to hacktivists statement, 2.7 Gigabyte of internal documents has been stolen from AHK office in Ukraine and Azerbaijan all from the personal computers of delegate of German economy in Ukraine, Alexander Marcus and his wife - Russian citizen and also FSB operative.

http://1337x.org/torrent/451326/German-Chamber-of-Commerce-and-Bahar-Energy-Socar-leak/

The hackers have published a preview of the leaked data which contains a number of 65 images representing scanned copies of various documents and identification papers.

"AHK is a type of organization which does lobby business processes in many countries while gathers intel on many business entities worldwide. " The hacktivist said in the leak.

"Just like in presented release of Ukraine and Azerbaijan offices of AHK - we can find internal info which AHK is not suppose to have in a first place - internal documents and financial reports and confidential agreements of Bahar Energy and SOCAR (Azerbaijan), Ministry of Internal Affairs of Ukraine etc.

Christmas Hack from Anonymous : Kuwaiti Crown Prince official site hacked


While Everyone is enjoying Christmas , the Anonymous hacktivist celebrates the Christmas in their own way.  They have send Merry Xmas card by hacking into the official website of Diwan Of The Crown Prince(cpd.gov.kw).

The hack was announced by @AnonymousIRC  in twitter " Crown Prince of Kuwait root'd to upload #AntiSec Merry Xmas Card http://cpd.gov.kw #Anonymous #LulzSec #FreeAnons"

Hacker has defaced the main page.  At the time of writing, we are still able to see the defacement page.

In the defacement page, the hackers has wrote "#MERRY XMAS FOR THOSE FRIENDS WHO ARE TORTURED, JAILED, V&'d, AND INTERNET RM'd #"

The mirror of the defacement can be found here:
http://www.zone-h.org/mirror/id/18794498





Westboro Baptist Church Spokeswoman Twitter account hacked by UGNazi Hacker Cosmo


The UGNazi hacker, CosmoTheGod , hacked into the personal twitter account of Westboro Baptist Church Spokeswoman Shirley Phelps-Roper.

After hijacking the account, he started to retweeting tens of tweets in which users condemned the ways of the Westboro Baptist Church. 


Recently, Anonymous hacktivist launched an operation against the Westboro Baptist Church, after the organization decided to picket the funerals of the ones killed in the Newtown shooting.

As a result, godhatesfags.com, the website of WBC, taken down by Distributed-denial-of-service(DDoS) attack.

At the time of writing, the site is still down and the twitter account still controlled by the Cosmo.

Anonymous hacker collective also claims that its members managed to change Phelps-Roper’s desktop background to gay porn.  They've also leaked personal details of WBC members.

http://www.anonpaste.me/anonpaste2/index.php?65e2832b96b888e3#Uxqr8wrq3ljskOY76+ubZQvSmcEtYCbIfZBqWpaGcMI=

In one of the tweet, @YourAnonNews claimed that they successfully filed a death certificate for sherley and her ssn is now blocked.