Saudi branch of Anonymous hacktivist has launched cyberattack on Saudi Government websites , the operation has been named as "#OpSaudi". Few government websites are facing heavy Distributed-denial-of-service(DDOS) attack from the Anonymous.
The affected government sites include Saudi Arabia and the Ministry of Foreign Affairs(mofa.gov.sa), The Ministry of Finance(mof.gov.sa), General Intelligence Presidency(gip.gov.sa ).
gosi.gov.sa, Riyadh Region Traffic(www.rt.gov.sa), hrc.gov.sa are also being targeted by the hackers.
The Anonymous saudi also claimed they have gained access to the server of Qassim Region Traffic website(q-t.gov.sa/h.asp) and deleted the database.
General Directorate of Education in Jeddah website fell victim to the cyber attack. Hackers identified and exploited the SQL Injection vulnerability in feenakhair.jedu.gov.sa.
"saudi people like slave for the gov , and 2 days ago a saudi prince kidnapped a girl & raped her . then killed her and throw her body naked" Anonymous Saudi stated as reason for the cyber attack.
The fight between a spam fighting company called "Spamhaus" and a web hosting company called "Cyberbunker" has slowed down a majority of the internet by making DNS resolving slow.
The reason behind the attack is that Spamhaus added the IP addresses of cyberbunker to its "spam" list due to Cyberbunker allowing almost any sort of content to be hosted hence also maybe the source for spam. So Cyberbunker attacked back and this attack also affected normal internet users.
The attack was possible because of the large number of vulnerable DNS servers that allow open DNS resolving.Simply put an attack exploiting this type of vulnerability makes use of the vulnerability of the DNS server to increase the intensity of the attack 100 fold.
The origins of these type of attacks goes back to the 1990's to an attack called "smurf attack"
But now the attack method has become more efficient and uses DNS amplification to flood the victim with spoofed requests which are sent to the DNS servers by using a botnet of compromised computers.The attack at its peak reached a speed of 300 Gbps making it the largest DDOS attack in history.
Cyberbunker which claims itself to be a supporter of free speech and defender against the "big bullies" seems to have now have stooped down to their level of using aggressive offensive methods that affect the normal functioning of the internet.This is not the way to go !
The people who run DNS resolvers are also equally responsible for these attacks as its their vulnerable servers that make these attacks possible, the internet community should come up with a PERMANENT solution to this problem.
Please read cloudflare's blog post for a detailed analysis : http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet
The reason behind the attack is that Spamhaus added the IP addresses of cyberbunker to its "spam" list due to Cyberbunker allowing almost any sort of content to be hosted hence also maybe the source for spam. So Cyberbunker attacked back and this attack also affected normal internet users.
The attack was possible because of the large number of vulnerable DNS servers that allow open DNS resolving.Simply put an attack exploiting this type of vulnerability makes use of the vulnerability of the DNS server to increase the intensity of the attack 100 fold.
The origins of these type of attacks goes back to the 1990's to an attack called "smurf attack"
But now the attack method has become more efficient and uses DNS amplification to flood the victim with spoofed requests which are sent to the DNS servers by using a botnet of compromised computers.The attack at its peak reached a speed of 300 Gbps making it the largest DDOS attack in history.
Cyberbunker which claims itself to be a supporter of free speech and defender against the "big bullies" seems to have now have stooped down to their level of using aggressive offensive methods that affect the normal functioning of the internet.This is not the way to go !
The people who run DNS resolvers are also equally responsible for these attacks as its their vulnerable servers that make these attacks possible, the internet community should come up with a PERMANENT solution to this problem.
Please read cloudflare's blog post for a detailed analysis : http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet
The websites of the Knight Center for Journalism in the Americas and the International Symposium for Online Journalism hit by massive cyber attack that left the sites down for last two weeks.
“The malicious cyber-attack was enough to shut our websites down, but not to enough to shut us up. We rapidly created WordPress blogs to continue our regular and unique report on Journalism in the Americas,” said professor Rosental Alves, founder and director of the Knight Center for Journalism in the Americas at the University of Texas at Austin.
“We have no idea why someone would want to attack our sites"said professor Alves.
They noticed that the origin of the cyber-attack was in computers located in Russia.
According to the Knight center news report, the attack was taken place on March 11. Those affected websites are now back online.
"We had to shut down the sites, while the University of Texas IT department conduct its work to clean the sites and make sure increase its security levels.We are happy to be back with our normal presence on the Web,” said professor Alves.
“The malicious cyber-attack was enough to shut our websites down, but not to enough to shut us up. We rapidly created WordPress blogs to continue our regular and unique report on Journalism in the Americas,” said professor Rosental Alves, founder and director of the Knight Center for Journalism in the Americas at the University of Texas at Austin.
“We have no idea why someone would want to attack our sites"said professor Alves.
They noticed that the origin of the cyber-attack was in computers located in Russia.
According to the Knight center news report, the attack was taken place on March 11. Those affected websites are now back online.
"We had to shut down the sites, while the University of Texas IT department conduct its work to clean the sites and make sure increase its security levels.We are happy to be back with our normal presence on the Web,” said professor Alves.
Anonymous hacktivist launched cyber attack against the Egypt Government websites under the operation called '#OpEgypt'.
The cyber attack comes after naked Egyptian man being dragged across a street and beaten by at least eight riot policemen during a protest in Cairo on Friday.
The hacktivist DDoSed the several Government websites including Egyptian Cabinet(cabinet.gov.eg), official website of Egyptian Ministry of Culture(ecm.gov.eg) and NREA site(nrea.gov.eg).
Few more affected websites are Egypt's Information Portal(eip.gov.eg), Center for Information and Decision Support Cabinet(idsc.gov.eg), The Ministry of Planning and International Cooperation(mic.gov.eg), Ministry of Interior(moiegypt.gov.eg) and Official website of the Ministry of Information(moinfo.gov.eg).
At the time of writing, those websites are still down and being attacked by the Anonymous hackers.
The Russian antivirus firm Doctor Web has discovered a new Android Trojan that helps Cyber criminals to launch Distributed-denial-of-service(DDOS) attacks. It is also capable of sending sms based on the command received from the hacker.
According to the report, the malware "Android.DDoS.1.origin" likely spreads via Social engineering attacks and disguises itself as a legitimate application from Google.
 |
| Fake Google Play icon |
Once the malware is launched, it transmits the victim's phone number to cybercriminal and then waits for further SMS instructions.
From now onwards, the Cyber criminal can launch DDOS attack against any server by sending a command message containing the server and port details. After receiving the instructions, the malware starts to send packets to the specified address.
The malware reduces the performance of the infected device. The victim will get unexpected bills for accessing Internet and SMS.
Indian Anonymous hacktivists launched Distributed denial of service attack against Aiplex Software Pvt. Ltd.
Aiplex is a company based in Vijayanagar, Bangalore, India contracted by the MPAA to deliver copyright notices to websites that they deem violate copyright laws, and distributed denial-of-service attacks (DDoS) to said sites if they fail to remove the offending content.
"We just showed Aiplex India is no one to to deliver copyright notices to websites. " Anonymous said in the twitter.
Aiplex is a company based in Vijayanagar, Bangalore, India contracted by the MPAA to deliver copyright notices to websites that they deem violate copyright laws, and distributed denial-of-service attacks (DDoS) to said sites if they fail to remove the offending content.
"We just showed Aiplex India is no one to to deliver copyright notices to websites. " Anonymous said in the twitter.
A group calling itself "Izz ad-Din al-Qassam Cyber Fighters announced another distributed-denial-of-service(DDOS) attack against major banks as part of second week of the Phase 2 of Operation Ababil.
"Originally, we sympathize deeply with families of the schoolchildren victimized by the horrible happening of Sandy Hook Elementary school. It’s very clear that a system which its rulers and capitalists are the owners of weaponry big companies never care about occurrence of these events." The hackers said.
"The attacks will be persistent till eliminating injustice and stopping the insults to the prophet of mercy and removing the offensive film, and we are sure that we will reach to our goals. "
According to the hacker statement, the attacks of this week will be as wide as previous week. Hackers didn't mention the name of target banks.
"The 5 major US banks will be attacked and we subsequently suggest that from now on they prepare their context of sorrowfulness to the customers of banks because of inaccessibility."
Last week, the same group launched DDoS attack against 5 major US banks including U.S. Bancorp, JPMorgan Chase, Bank of America, PNC Financial Services Group and SunTrust Banks.
"Originally, we sympathize deeply with families of the schoolchildren victimized by the horrible happening of Sandy Hook Elementary school. It’s very clear that a system which its rulers and capitalists are the owners of weaponry big companies never care about occurrence of these events." The hackers said.
"The attacks will be persistent till eliminating injustice and stopping the insults to the prophet of mercy and removing the offensive film, and we are sure that we will reach to our goals. "
According to the hacker statement, the attacks of this week will be as wide as previous week. Hackers didn't mention the name of target banks.
"The 5 major US banks will be attacked and we subsequently suggest that from now on they prepare their context of sorrowfulness to the customers of banks because of inaccessibility."
Last week, the same group launched DDoS attack against 5 major US banks including U.S. Bancorp, JPMorgan Chase, Bank of America, PNC Financial Services Group and SunTrust Banks.
The Anonymous hacktivist has launched Distributed Denial of Service(DDOS) attack against Egypt Government site under the operation called "#OpEgypt" . The cyber attack against Egyptian President Mohamed Morsi was decided last week.
In an online press release, Anonymous outlined its complaints against Morsi:
"To Dr. Morsi: Anonymous will not sit by and watch you washing away what thousands of Egyptians got killed and injured for. It’s your duty to listen to your own people.
The decisions you made have cause the death of 3 young Egyptians in addition to hundreds more injured. In addition, your organized propaganda is portraying your legitimate opposition as if they are opposing the revolution, which you are destroying. We challenge your propaganda machine.
"When you ignore this message, not only will we attack your organization’s websites, Anonymous will also make sure that you stand exposed against your people as well as the international community. Anonymous will not spare anybody who supports such crimes. " Anonymous said.
"It’s in your hands to stop this: continue hardening your head and you will be subject to civil protest - lend an ear to the claim of freedom from your people and the hostilities will cease."
The list Government sites taken down by Anonymous:
http://www.complain.idsc.gov.eg/
http://www.alazhar.gov.eg
http://www.inplanning.gov.eg
http://wwww.tas.gov.eg
http://www.gopp.gov.eg/
http://www.complain.idsc.gov.eg
http://www.ema.gov.eg
http://www.presidency.gov.eg/
http://www.egyptiancabinet.gov.eg
http://www.egac.gov.eg/
http://www.cabinet.gov.eg/
http://www.mts.gov.eg/
http://wwww.capmas.gov.eg/
http://www.mmc.gov.eg/
http://www.moi.gov.eg/
http://www.schools.moe.gov.eg/
http://www.ltc.gov.eg/
http://www.shoura.gov.eg/
http://www.parliament.gov.eg/
http://www.goeic.gov.eg/
http://www.alazhar.gov.eg/
http://www.kalyobiya.gov.eg/
http://www.manpower.gov.eg/
http://www.Urban-comm.gov.eg
*Update*:
http://www.alextp.gov.eg
http://www.masry.gov.eg
*Update 2*:
www.ismailia.gov.eg
www.goief.gov.eg/
www.alhokoma.gov.eg
www.hio.gov.eg/
www.incometax.gov.eg/
www.mop.gov.eg
nationalarchives.gov.eg
At the time of writing , we are not able to reach most of the websites. It seems like the hackers keep firing.
The Egyptian Presidency(presidency.gov.eg) website faces the heavy cyber attack and displays "Under construction"message.
The leaked password is plain text format. We are not sure how hackers compromised these email address and passwords.
"#Opisrael 113K Emails & Password Of Israel and Support LEAKED by Anony Indonesia on www.anonpaste.me/anonpaste2/index.php?010f3f5bcaedf7d1#14fXEqTTPNHHlTsws3dAMB9dnkulYvvk9I/EefPOId8=" An0nplus' Tweet reads.The full list 4 MB text file is compressed and uploaded in this site 'www.industrialstoressuppliers.com/total-mails.rar'
The hackers also target the Israeli Bank & Credit Card Site. In anonPaste , they have listed the sites which is being attacked. At the time of writing, we are not able to reach Bank Hapoalim (www.bankhapoalim.co.il) and Adanim Mortgage Bank(www.adanim.co.il) displays "Hello From Adanim"
www.anonpaste.me/anonpaste2/index.php?83b50da250c38004#+AR/uijtiY30tsoV3VeKbNNYT/kXf8GwRkCiVe5CcFM=
Find the rest of the OpIsrael hack here: OpIsrael Hack archive
The anonymous hackers launched Distributed denial of service(DDOS) attack against Ukraine Bank website(bank.kiev.ua ). The attack was announced in twitter by hacker named 'LegionCr3w' .
"bank.kiev.ua/ TANGO DOWN! reason: corruption / election 2012 #OpUkraine"the tweet posted by hacker reads.
"Dear #corrupt #governments out there: We are Anonymous. We are your enemy. We will always fight. We will win. #Anonymous" another tweet reads.
At the time of writing ,we are not able to reach the site and downforeveryoneorjustme reports "It's not just you! http://www.bank.kiev.ua looks down from here. "
Besides DDOS attack, He has hacked into one of the Ukraine government website(dabi.gov.ua) few days back. The data stolen from the server was dumped in the pastebin.
http://pastebin.com/D37YwLp2
 |
| Argentina Government sites under ddos attack |
The day after they sent a warning message to the Government, the Anonymous hackers has launched distributed denial of service(DDoS) attack against several Government websites.
Today, they have taken down the President of Argentina (www.presidencia.gov.ar) and Ministry of Economy and Finance of Argentina (www.mecon.gov.ar).
Other sites being targeted are Argentina Army and anses website. At present, we are able to reach www.ara.mil.ar and anses.gob.ar .
MEcon site displays "Error establishing a database connection" .
Hackers has breached the server belong to Provincial Directorate of Fisheries (DPP) (maa.gba.gov.ar). They have leaked the extracted data in pastebin that contains database name, username, plain-text passwords.
http://pastebin.com/5bam8kJm
Ministy of Science , technology and Innovation (www.mincyt.gob.ar) also got hacked and data has been dumped in pastebin. The dump contains username, hashed password.
Hackers leaked database from PAMI.ORG.AR that contains username, email address and some other information.
The Chilean branch of Anonymous hacktivist has targeting the official websites of National Indigenous Development Corporation (conadi.gov.cl) and Regional Government of La Araucanía( www.laaraucania.cl ).
Earlier today, The hackers has launched the distributed denial of service(DDoS) attack against the Chile Government sites under the operation called "#OpNewen".
 |
| CONADI.gob.cl under cyber attack |
After Anonymous continuously sending malicious packets to the conadi.gov.cl server, the server is down.
At the time of writing,the conadi is taken down and went offline. we are able to reach the laaraucania.cl but it also under the DDoS attack.
The Turkey branch of Anonymous hacker group has launched distributed denial of service attack and taken down the Turkey the National Judicial Network .
"5th of November - Turkey the National Judicial Network www.uyap.gov.tr and avukat.uyap.gov.tr Down #Anonymous #Op5Nov" They announced the attack in a tweet.
They have also defaced the official website of TCDD Foundation(tcddvakfi.org.tr) and posted "Remember remember 5th of November"
At the time of writing, the site is still down and displays "HTTP Error 503. The service is unavailable."
The Anonymous hacker group has launched an operation called "#OpFreeTibet" agianst Chinese Government websites.
They have pasted the list of target websites in the Pastebay. It includes Ministry of Foreign Affairs(www.sdpc.gov.cn),Ministry of Science & Technology(www.most.gov.cn), www.qnjc.gov.cn,www.srea.gov.cn, www.fjlyzfcg.gov.cn, www.jlsjj.gov.cn and more sites.
Here you can find the full list:
http://www.pastebay.net/1152163
The message posted by hackers to the Chinese Government:
It has come to our attention that protests in Tibet have been escalating in recent weeks and continue to do so. Tibetan monks are disappearing and since March 2011, nearly 60 people are known to have set themselves on fire in protest against the repressive Chinese occupation of Tibet.Recently, they hacked into the official website of Jilin City Public Security Bureau Traffic Police Department by exploiting the SQL injection vulnerability. They've leaked the username and hashed password in pastebay.
The Chinese invasion of Tibet has resulted in the deaths of hundreds of thousands of Tibetans and the imprisonment and torture of thousands more.
We think it's time the Chinese government and its big corporations became targets in order to remind them that the world is watching, Anonymous is watching and that the religious & political suppression of the Tibetan people must stop.
Human rights in Tibet are non-existhttp://www.pastebay.net/1152163ant with Chinese authorities stopping at nothing to suppress dissent. The Tibetan people have no right to protest and political prisoners are subject to torture.
A message to the Government of China: For too long we have witnessd your tyranny over the people of Tibet and this demonstration is to let you know of our displeasure in your actions.
 |
| Anonymous Panama |
Panama branch of Anonymous hacker group, launched Distributed denial of service attack against National Assembly of Panama.
According to hackers tweet statment, the site is down for more than 14 hours as the result of DDos attack.
The description of the site in Google search reads "Blocked because of IPS attack. An attack was detected, originating from your system. Please contact the system administrator."
"The Assembly is TANGO DOWN LORDS ... Not only in the streets, on the WWW, http://www.asamblea.gob.pa TANGO DOWN ... We are Anonymous " The tweet posted by AnonOpsPanama reads.(translated)
"14 Hours has been a server and website of the National Assembly of Panama DOWN. We are Anonymous http://www.asamblea.gob.pa TangoDown 14 hours " The recent tweet reads.
At the time of writing,the website is still down.
*Update*
The site is down for than 35 hours. The Google search result description title reads "Attack Detected".
The Wiki Boat Brazil has claimed to have taken down the websites belong to Ministry of Finance(www.fazenda.gov.br) and Federal Police(dpf.gov.br ).
Few days back, they have also attacked the official website of Ministry of Foreign Affairs. According to hackers statement, they have attacked the site two times and site is down for 2 hours.
Besides, they have also discovered Cross site scripting vulnerability in few government sites. Central Bank of Brazil(bcb.gov.br) found to be vulnerable to Post XSS attack.
They've posted the proof-of-concept in pastebin:
pastebin.com/0AziZg05
Non-persistent XSS vulnerability has been discovered Brazil Federal Senate that failed to apply proper sanitizing method. It removes the script tags but h1 tag.
The Anonymous Bolivia has take down several Bolivia government websites under an operation called "#OpBoliviaSinCensura".
Earlier Today , they have take down the website belong to Bolivian Government Portal(www.bolivia.gob.bo) and Ministry of the Presidency (www.presidencia.gob.bo)
Few days back, they have also take down Vice-President website (www.vicepresidencia.gob.bo)
" Because the statements by the vice we are forced to make # OpBoliviaSinCensura .. # Bolivia already arrived! " The hackers posted in the Twitter.(translated).
Recently, they have hacked and defaced the Multivision SA and ATT sites. At the time of writing, all the websites are back to online and working fine.
Earlier Today, we reported that the HSBC online banking site disrupted by Denial-of-service attack. Initially, we believe that the cyber attack launched by Izz ad-Din al-Qassam Cyber Fighters.
But, The Anonymous affiliated hacker collective #FawkesSecurity have claimed responsibility for the cyber attack .
"As some of you may be aware HSBC bank suffered several DDoS attacks on the named sites in the past hours us.hsbc.com hsbc.co.uk hsbc.com hsbc.ca they were all brought down by #FawkesSecurity." Hackers said in the pastebin post.
"Before any claim fags attempt to take ownership of this attack, the proof is all in our Twitter account, Targets, time and date :) @FawkesSecurity"
While the HSBC statement claims that no customer data has been affected, the Fawkessecurity tweets that "This isn't entirely correct. We also managed to log 20,000 debit card details."
The Izz ad-Din al-Qassam Cyber Fighters' cyber attacks against U.S financial institutions is now in its fifth week. The Capital One Financial Corp. (COF), BB&T Corp. (BBT) and HSBC Bank USA are the latest victim of this cyber attack.
The bank sites have been disrupted with distributed-denial-of-service(DDoS) attacks. According to report, the attacks originated in Iran and Russia.
"With a little searching, we still found the anti-Islamic offensive film on the Internet. Thus the chain of cyber attacks on U.S. banks will continue this week. These attacks will be done since Tuesday, 16 October until Thursday, 18 October 2012 in midday hours." The hacker group said in the pastebin post on 16th October.
"We know that banks officials are concerned and waiting to see this time it is the turn of which banks. For making variation in operation, this time we give them the opportunity to understand whether they are listed or not."
"Also we have a suggestion for Mr. Panetta: Instead of concerning and spending several billions that won't be good for you, tell your henchmen on YouTube to run remove command on their computers otherwise try to solve the following equation while your banks are howling under pressure from the attacks "
Other affected banks since september include Bank of America, JPMorgan Chase, Wells Fargo, PNC, and U.S. Bank.
Hackers claiming to be part of Anonymous, defaced the official website of Sweden's National Board of Health and Welfare (socialstyrelsen.se) on Tuesday night, leaving a profane message for anyone who visited the site.
"We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us," the defacement message reads “F*** Swedish,” the Nyheter24 news website reported.
According to TheLocal.se report, Sweden's Courts Administration (Domstolsverket) website, domstol.se, was also crippled on Wednesday morning, in an attack similar to those which left several Swedish websites inaccessible on Monday.
"We’re looking into it. There's definitely a disturbance but have no details yet about what’s lying behind this," Courts Administration spokesperson Håkan Sonesson told the TT news agency.
The attacks come just days after a hacker claiming to be part of anonymous claimed that The Pirate Bay is down because of a raid by Swedish police , posted a YouTube video -warning of future attacks.
According to reports, The Pirate Bay was down from a power failure due to an issue with a power distribution unit.
"We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us," the defacement message reads “F*** Swedish,” the Nyheter24 news website reported.
According to TheLocal.se report, Sweden's Courts Administration (Domstolsverket) website, domstol.se, was also crippled on Wednesday morning, in an attack similar to those which left several Swedish websites inaccessible on Monday.
"We’re looking into it. There's definitely a disturbance but have no details yet about what’s lying behind this," Courts Administration spokesperson Håkan Sonesson told the TT news agency.
The attacks come just days after a hacker claiming to be part of anonymous claimed that The Pirate Bay is down because of a raid by Swedish police , posted a YouTube video -warning of future attacks.
According to reports, The Pirate Bay was down from a power failure due to an issue with a power distribution unit.
"The downtime coincided with a raid at its former hosting company PRQ, but The Pirate Bay stated they they haven’t been using PRQ’s services for quite some time. The downtime was a mere coincidence, they told us, although it was later admitted that the site may have used a PRQ relay." Torrentfreak post reads.
