Saudi branch of Anonymous hacktivist has launched cyberattack on Saudi Government websites , the operation has been named as "#OpSaudi". Few government websites are facing heavy Distributed-denial-of-service(DDOS) attack from the Anonymous.
The affected government sites include Saudi Arabia and the Ministry of Foreign Affairs(mofa.gov.sa), The Ministry of Finance(mof.gov.sa), General Intelligence Presidency(gip.gov.sa ).
gosi.gov.sa, Riyadh Region Traffic(www.rt.gov.sa), hrc.gov.sa are also being targeted by the hackers.
The Anonymous saudi also claimed they have gained access to the server of Qassim Region Traffic website(q-t.gov.sa/h.asp) and deleted the database.
General Directorate of Education in Jeddah website fell victim to the cyber attack. Hackers identified and exploited the SQL Injection vulnerability in feenakhair.jedu.gov.sa.
"saudi people like slave for the gov , and 2 days ago a saudi prince kidnapped a girl & raped her . then killed her and throw her body naked" Anonymous Saudi stated as reason for the cyber attack.
The Philippines cyber space is again facing another cyber war. Following the cyberattack from China, Malaysia hackers, now the Taiwan hackers have started the cyber war against Philippines.
The operation named #OpPhilippines has been launched by the Anonymous Taiwan. The attack comes after Philippine Coast Guard killed Taiwanese fisherman. EHN was notified about the cyberwar by pinoyhacknews.
"Philippine coastguard killed taiwanese unarmed fishermen is injustice and unforgivable. Philippine government protecting murders is unacceptable." The hackers posted in the pastebin. "You must apologize. Killers must be arrested immediately. Otherwise, we will not stop."
The hackers defaced the '.gov.ph' domain registry website(dns.gov.ph/opph.html). They also defaced one more government webstie "Advanced Science and Technology Institute(suppliers.asti.dost.gov.ph/opph.html)".
The hacktivist also leaked database from six different Government websites as part of the cyberwar. The links to the database dump is provided in a single paste(pastebin.com/sRykr2Wd).
The affected websites includes Department of Education of the Philippines(former.deped.gov.ph), onlineservices.ipophil.gov.ph, Provincial Government of Bulacan (bulacan.gov.ph), Philippine Public Safety College(ppsc.gov.ph),Province of Sulu(sulu.gov.ph). The leak contains username, email address and passwords.
The hackers also dumped(pastebin.com/D7gCEdS6) the database from the 'gov.ph' domain registry website that contains username and password details belong to all Government websites. It has more than 2300 entries.
The official website belongs to the Cooperative development authority of Philippines has been attacked by a hacker team with the name of Al-Qaeda militant.
The team earlier today sent notification to EHN in Twitter "@EHackerNews Official Website of the Provincial Government of Camiguin, Philippines #Hacked www.camiguin.gov.ph".
They defaced the main webpage of the site with a text "Hacked by Bin Laden hacker". The hackers also defaced the Official Website of the Provincial Government of Camiguin, Philippines(www.camiguin.gov.ph).
"The reason is that we against the Goverment We do it for Osama Bin Laden :)" The hacker stated as a reason for the attack .
At the time of writing, both sites show Forbidden error message "You don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request." It seems like the admin is investigating the issue and trying to patch the vulnerability.
The mirror :
http://www.zone-h.org/mirror/id/19570687
The Election Commission of Pakistan(ECP) website reportedly suffered cyber attacks - Pakistan Government temporarily shuts down the www.ecp.gov.pk to avoid further cyber attack.
The attacks are allegedly originated from Asia and Russia, according to Director General IT, Khizar Aziz statement.
“Had our host server was based in Pakistan, then there could have been immense loss,”The Pakistan Today quoted as Khizar Aziz saying.
He said the ECP host server is Canada-based server. He also said that they are transferring the ECP to more secure server to prevent future cyber attacks.
"Aziz said that ECP’s website has been shutdown under a deliberate strategy to avoid further attacks during the transition period." The Pakistan Today report reads.
The fight between a spam fighting company called "Spamhaus" and a web hosting company called "Cyberbunker" has slowed down a majority of the internet by making DNS resolving slow.
The reason behind the attack is that Spamhaus added the IP addresses of cyberbunker to its "spam" list due to Cyberbunker allowing almost any sort of content to be hosted hence also maybe the source for spam. So Cyberbunker attacked back and this attack also affected normal internet users.
The attack was possible because of the large number of vulnerable DNS servers that allow open DNS resolving.Simply put an attack exploiting this type of vulnerability makes use of the vulnerability of the DNS server to increase the intensity of the attack 100 fold.
The origins of these type of attacks goes back to the 1990's to an attack called "smurf attack"
But now the attack method has become more efficient and uses DNS amplification to flood the victim with spoofed requests which are sent to the DNS servers by using a botnet of compromised computers.The attack at its peak reached a speed of 300 Gbps making it the largest DDOS attack in history.
Cyberbunker which claims itself to be a supporter of free speech and defender against the "big bullies" seems to have now have stooped down to their level of using aggressive offensive methods that affect the normal functioning of the internet.This is not the way to go !
The people who run DNS resolvers are also equally responsible for these attacks as its their vulnerable servers that make these attacks possible, the internet community should come up with a PERMANENT solution to this problem.
Please read cloudflare's blog post for a detailed analysis : http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet
The reason behind the attack is that Spamhaus added the IP addresses of cyberbunker to its "spam" list due to Cyberbunker allowing almost any sort of content to be hosted hence also maybe the source for spam. So Cyberbunker attacked back and this attack also affected normal internet users.
The attack was possible because of the large number of vulnerable DNS servers that allow open DNS resolving.Simply put an attack exploiting this type of vulnerability makes use of the vulnerability of the DNS server to increase the intensity of the attack 100 fold.
The origins of these type of attacks goes back to the 1990's to an attack called "smurf attack"
But now the attack method has become more efficient and uses DNS amplification to flood the victim with spoofed requests which are sent to the DNS servers by using a botnet of compromised computers.The attack at its peak reached a speed of 300 Gbps making it the largest DDOS attack in history.
Cyberbunker which claims itself to be a supporter of free speech and defender against the "big bullies" seems to have now have stooped down to their level of using aggressive offensive methods that affect the normal functioning of the internet.This is not the way to go !
The people who run DNS resolvers are also equally responsible for these attacks as its their vulnerable servers that make these attacks possible, the internet community should come up with a PERMANENT solution to this problem.
Please read cloudflare's blog post for a detailed analysis : http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet
Yesterday South Korea was hit by a massive cyber attack . The attack disturbed the functioning of three banks and two TV channels. The bank were hit such that no financial transactions can be made.
The TV channels were affected by locking their computers hence not allowing the TV channels to edit or function to full efficiency.The attack points towards North Korea which only days ago said it will attack South Korea.
The attacks originated from China but this might simply be because the IP's from North Korea are not allowed in South Korean Cyberspace ,so the hackers could have used compromised computers in China to bypass that restriction and also to hide their real location.
Unlike other "disruption" attacks which rely on DDOS this was done using a malware called "DarkSeoul" which "locked" the systems.
These sort of attacks are more dangerous because when you block the DDOS attack the servers will get back to "normal" with minimum effort but a virus attack takes much longer to recover from and even then you cant be really sure that the computers are fully clean.
This recent attack shows that the need for a strong "physical" army is not needed to bring down an another country. A few experienced hackers can do the work of a massive army.
It is third day since the Indian hacker "Godzilla" took control of the Proxy used by Pakistan Government websites, Pakistan temporarily lost access to their proxy network.
Today, the hacker claimed to have got access of the back up server and found the back up server is also saved in the same network.
He also found that the pakistan.gov.pk is not running but just pretending that they are up.
"One thing is true Pakistan is good at pretending like nothing happened, let it be a cyber attack or a TERRORIST attack. " The hacker said.
We have also checked the Pakistan.gov.pk website by clicking the login button, it just redirects to an IP address(202.83.164.27/wps/portal) that was used by Pakistan government when they didn't have proxy system.
The IP address is down now because the govt have made it down long time when they shifted to proxy network.
Hacker also said he is extracting the data from the Database. Once he finished the extracted the data, he will take down the rest of IPs .
*Update*:
Pakistan Datatbase dumped :
http://www.ehackingnews.com/2013/03/indian-hacker-godzilla-leaked-pakistan.html
After hacking the main Pakistani government and Army site, the Indian hacker "Godzilla" today notified EHN about another cyber attack against the Pakistani Government websites.
Yesterday, the hacker hacked the Pakistani main government website(pakistanarmy.gov.pk) by exploiting the proxy-misconfiguration vulnerability. Today he managed to hack more Pakistani website by gaining access to the Internal Networks.
"proxy was configured in such a way that the local ip 192.168.70.103 was running through that proxy" The hacker told EHN. "It is a local ip switched through the proxy"
"Pakistan Government Switches under control. Pakistan admins please dont disturb us when we are working. Your official website www.pakistan.gov.pk will be up as soon as we finish are work." The hacker said.
"You tried to use proxy for your security and we used the same proxy to crush you."
"IBM SERVER AND Layer 2-3 Gigabit Ethernet Switch Module for IBM eServer BladeCenter and 22 local machines were used to build the proxy and secure the digital cyber space of Pakistan. which is owned badly."
List of hacked sites:
Ministry of Information Technology of Pakistan
www.moitt.gov.pk
Ministry of Railways of Pakistan
www.railways.gov.pk
Ministry of Economic Affairs & Statistics of Pakistan
www.ead.gov.pk
Ministry of Interior of Pakistan
www.interior.gov.pk
Ministry of Inter Provincial Coordination of Pakistan
www.ipc.gov.pk
Ministry of Religious Affairs Pakistan
www.mora.gov.pk
Establishment Division of Pakistan
www.establishment.gov.pk
Ministry of Housing & Works of Pakistan
www.housing.gov.pk
Ministry of Science and Technology of Pakistan
www.mosp.gov.pk
Planning Commission of Pakistan
www.planningcommission.gov.pk
Ministry of Minorites Affair of Pakistan
www.minorities.gov.pk
Local Government Division of Pakistan
www.lgrd.gov.pk
Ministry of Environment of Pakistan
www.moenv.gov.pk
*Update 1:
Pakistani Government under heavy cyber attack from hacker 'Godzilla'
http://www.ehackingnews.com/2013/03/pakistani-government-under-cyber-attack.html
*Update 2:
Indian Hacker Godzilla leaked Pakistan Government website's Database details
http://www.ehackingnews.com/2013/03/indian-hacker-godzilla-leaked-pakistan.html
China's National Computer Network Emergency Response Coordination Center (CNCERT) , the Chinese top cyber security agency reportedly identified that more than half of cyber attacks on this year targeting their nation's computer system are originated from the US.
CNCERT detected 2,196 US-based control servers were controlling 1.29 million infected computers in china.
According to Xinhua report, more than 80 websites of public institutions , Government and companies were attacked from september 2012 to February 2013. CNCERT found that 39 of those websites were attacked from U.S. IP addresses.
"A large amount of facts have proven that for many years, China has been one of the primary victims of cyber attacks," an unnamed official from the China National Internet Information Office told Xinhua.
Last month, US-based computer security company released a report which accused Chinese military unit of conducting a series of sophisticated hacking attack on US. But Chinese authorities denied the accusations and claimed that their systems are targeted by US.
The hacker from Nullcrew hacktivists has managed to breach the Time Warner's support page - An American cable telecommunications company.
The hackers announced that attack in Twitter "We hacked Time Warner Cable, due to them attempting to participate in the six strikes. supportcenter.timewarnercable.com:8888/sdcxuser/".
They defaced the site with a gorilla picture. In the defacement page, the hackers leaked the database details, username, passwords, SSL Keys file password.
The hacktivist criticize the password used by admin, they are using the very simple password "changeme".
At the time of writing, the website has been taken down by the admin, you can see the mirror of the defacement here: http://www.freezepage.com/1362546977OFVSJKBYGE
Today, One of the Anonymous News twitter accounts @PublicAnonNews announced that an anonymous hacker called Av4sT defaced the Panzhihua Health Information Network - one of the Chinese Government websites.
When i tried to visit the page pzhws.gov.cn, i have been invited with Anonymous Logo and " Hacked by Av4sT. Access Denied" Message.
After Gathering some information about this website, i found that this is not the first time the site being defaced by hackers.
The websites has been breached several times by lot of hackers. In fact, I am still able to view the previous defacements.
*A Hacker named s13doeL uploaded a defacement text in the site on 20 Jan,2013. You can still see the defacement page here: pzhws.gov.cn/z.txt
*A hacker named Jack Riderr from Johor Hacking Crew has uploaded defacement page on 20 Jan 2013. The defacement page is still there: pzhws.gov.cn/folder.htm
* Turkish hackers breached and uploaded their defacement also :
pzhws.gov.cn/images/rht.htm
* In 2010, HEXB00T3R defaced the site but the defacement has been removed.
I am not sure whether the hackers exploit the vulnerability or the site has multiple vulnerabilities. The question is whether the Chinese Government about these hack ?! Why they are not taking any steps to protect this website?
Following the Qatar Foundation and AFP Twitter accounts hack, the Syrian Electronic Army has hijacked two twitter accounts belong to France24- one of the Top French News website.
The hacktivists hijacked @FRANCE24_AR and @observateurs accounts for about three hours and posted four tweets.
Earlier today the hackers announced the attack in their official twitter account "@France24_ar Hacked by Syrian Electronic Army, another lier media fall down #SEA #Syria pic.twitter.com/LcIJyLDCA4"
According to France24 report, the hacker spread false reports about the death of Syrian opposition figures Riad al-Asaad and Manaf Tlass.
The hackers also attempted to hijack the French and English language twitter accounts of France24 by sending fake requests to reset the account passwords.
Microsoft announced that it had fallen victim to cyber attack that infects computers belong to major companies by exploiting the Java vulnerability.
In Security Response center blog, the organization said the security intrusion was similar to recent ones reported by Apple and Facebook.
"We found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations." Microsoft Trustworthy Computing Security General Manager Matt Thomlinson said in the post.
The organization claimed that they found no evidence to indicate that any data has been compromised in the incident . They are continuing their investigation.
Apple has announced that they were targeted by hackers who infected small amount of employees' computers .
The security breach occurred when employees visited a developer website that exploited a vulnerability in the Java browser plug-in, installing malware on their Mac computers.
Few days back, we reported that Facebook employees'computers infected after they visit a malicious page that exploits the java vulnerability and serves malware.
Apple become the latest high-profile American entity to say it was the victim of a recent cyberattack, following similar admissions by Twitter, The New York Times, The Wall Street Journal, The Washington Post and the U.S. Department of Energy.
The security breach occurred when employees visited a developer website that exploited a vulnerability in the Java browser plug-in, installing malware on their Mac computers.
Few days back, we reported that Facebook employees'computers infected after they visit a malicious page that exploits the java vulnerability and serves malware.
Apple become the latest high-profile American entity to say it was the victim of a recent cyberattack, following similar admissions by Twitter, The New York Times, The Wall Street Journal, The Washington Post and the U.S. Department of Energy.
Social Network giant Facebook has announced that its computer systems were targeted in a Sophisticated Java zero-day attack last month. Fortunately, Facebook figured out the existence of the malware before further damage was done.
According to Facebook security blog post, the attack occurred when a handful of employees visited a mobile developer website that was compromised.
They found no evidence that Facebook user data was compromised. Federal authorities are investigating this cyber attack.
Facebook says it was not alone and that several other companies were also attacked.
Recently, Twitter reported a cyber attack. The New York Times and Wall Street Journal newspapers have also said they were attacked and blame Chinese Hackers.
Once again Hackers successfully breached the PKNIC website(pknic.net.pk) - a Registrar for Pakistan's .pk domains. The hack was done by a hacker group called PAKbugs.
“thenews.com.pk, jang.com.pk and many others hacked,” ZombiE_KsA, the hacker, said. “More coming, stay tuned,” the hacker said.
The hackers – ZombiE_KsA, Z3r0Byt3, Xploiter and Dr Freak – criticised PKNIC for being unable to fix the vulnerabilities in its DNS servers.
“Here we go again, pknic.net.pk you think you control .pk domains? … You don’t! Today, we are controlling .pk domains,” Hacker said in the defacement page. “After you patched your shitty system, we still owned you,” the message read.
"Here we go again, pknic.net.pk you think you control .pk domains? LOL you don't! today we are controlling .pk domains! " The Hacker said in the defacement page "after you patched your shitty system we still owned you it was perfect security"
Hacker claimed to have dumped 23,000 accounts information belong to government ,news, blogs, forums and other website. They defaced Jang.com.pk, Thenews.com.pk, propakistani.pk.
At the end of defacement, hackers asked the PKNIC to contact PakBugs on their official forum for patching the vulnerability.
This is not the first time the PKNIC is being under cyber attack. At the end of last year(November),Turkish Hacker group Eboz has breached the PKNIC website and defaced all top websites including Google, Yahoo, Microsoft and more.
Anonymous hacktivist launched cyber attack against the Egypt Government websites under the operation called '#OpEgypt'.
The cyber attack comes after naked Egyptian man being dragged across a street and beaten by at least eight riot policemen during a protest in Cairo on Friday.
The hacktivist DDoSed the several Government websites including Egyptian Cabinet(cabinet.gov.eg), official website of Egyptian Ministry of Culture(ecm.gov.eg) and NREA site(nrea.gov.eg).
Few more affected websites are Egypt's Information Portal(eip.gov.eg), Center for Information and Decision Support Cabinet(idsc.gov.eg), The Ministry of Planning and International Cooperation(mic.gov.eg), Ministry of Interior(moiegypt.gov.eg) and Official website of the Ministry of Information(moinfo.gov.eg).
At the time of writing, those websites are still down and being attacked by the Anonymous hackers.
The Tunisian cyber army has claimed to have hacked a number of French websites. The hackers have breached the website belong to ministry of sport and jeunesse(drdjs-basse-normandie.jeunesse-sports.gouv.fr)
They have dumped the database in pastebin(pastebin.com/wSEfbSd9). The dump contains the vulnerable link, username, email address, hashed password. It includes the admin username and password.
The admin account is using very weak password, it is easy for hacker to crack. A simple Google search returns the password of admin.
The hacker also hacked french association of science economic website(afse.fr) and leaked the database(pastebin.com/fY68z7Eb). The leak contains username, email address, plain-text format passwords.
Recently, they have hacked into the france chamber of commerce(littoral-normand-picard.cci.fr) , french normal superior school website(archicubes.ens.fr) and leaked the database.
*Update*
The hacker claimed that they have hacked France Ministry of Development website and leaked the compromised database (pastebin.com/WVswJ820). It includes the username, password, email address details.
Twitter researchers detected unusual access patterns that led to them identifying unauthorized access attempts to Twitter user data.
The team revealed that anonymous hackers may have had access to approximately 250,000 user credentials that includes usernames, email addresses, session tokens and encrypted/salted versions of passwords
As a precautionary security measure, Twitter has reset passwords and revoked session tokens for these accounts.
The affected accounts will have recently received an email regarding the issue and ask you to create a new password.
Recently, Indonesian Police arrested an alleged member of Jember Hacker Team for hacking the official Presidential website (presidensby.info) earlier this month. Following the arrest, the Anonymous hackers started to attack the government websites.
Wildan Yani S. Hari, 22, who works at an Internet cafe run by company CV Suryatama, was arrested on Friday by investigators from the National Police’s cyber crimes unit.
According to local news report, anonymous hackers hacked at least seven sites, including those of the Justice and Human Rights Ministry, the Social Affairs Ministry, the Tourism and Creative Economy Ministry, the Central Statistics Agency (BPS), the Business Competition Supervisory Commission (KPPU) and the Indonesian Embassy in Taskhent.
An Indonesian hacker also defaced www.pa-bengkulukota.go.id , Rakernas Supreme Court website(rakernas.mahkamahagung.go.id), prakom.depsos.go.id, trc.depsos.go.id, outreacher.depsos.go.id.
