Ministry of Health Saudi Arabia website defaced by Moroccan hackers


Moroccan Islamic Union-Mail hacks and deface the official website of prevention program of injuries and accidents - Ministry of Health Saudi Arabia(moh-ncd.gov.sa)

The site was showing a picture of Mohamed Morsi The President Of Egypt and member in the Muslim Brotherhood and a clear message in arabic which said :

"Penetration in response to a statement by the Ministry of Interior inclusion of the Muslim Brotherhood in the list of terrorist groups."

"Our message to the governor of Saudi Arabia: The day will come who are under it is exposed to more than what it is now Syria." hackers said.

" The most worthy AQIM contain the Two Holy Mosques to be a compromise in everything Do not be biased for a class to another, until he became Al Saud believe in all that is Islamic terrorist And all of the resistance for pursuing terrorism The injustice of kin most Reluctantly --- one of Hussam signed Mohannad. Signature: Moroccan Islamic Union-mail"

The mirror of the defacement is available here:  http://www.aljyyosh.org/mirror.php?id=125826

This is not the first time the site being targeted by hackers - Earlier this year, a hacker going by handle 'Dr.SHA6H' also defaced the website.

Syrian National Coalition website and US Central Command hacked by Syrian Electronic Army


The official website of the National Coalition for Syrian Revolutionary and Opposition Forces(etilaf.org) and few other websites have been hacked and defaced by Syrian Electronic Army.

In addition to Syrian National Coalition hack, the group also hacked into Masarat Syria (masaratsyria.com) and the City Council of Daraya (darayacouncil.org).

The hacked websites went offline at the time of writing, A mirror of the defacement can be found here:
  • http://www.zone-h.org/mirror/id/22015751
  • http://www.zone-h.org/mirror/id/22015787
  • http://www.zone-h.org/mirror/id/22015855
Recently, the group also announced that they have successfully breached the US Central Command(CENTCOM) and accessed hundreds of documents.

In the meantime, the Syrian Electronic army also posted a tweet "How much does @Microsoft charge @FBIPressOffice ever month to spy on your emails? Stay tuned for their leaked documents. #SEA #PRISM".

BSNL subdomain's defaced by "Kai-h4xOrR And Trojan"



Two Pakistani hackers called "Kai-h4xOrR And Trojan" have managed deface some webpages of BSNL's sub-domains.

The defaced pages are:
http://learntelecom.bsnl.co.in/acp_main_module/schedule_list.asp
http://www.vas.bsnl.co.in/vas/contact_us.jsp?cir=11

They left the following message: "Team MaXiMiZerSOp# Free For Kashmir"

BSNL has very bad track record with security it has been defaced multiple times in the past few years.

Mirrors:http://zone-h.com/mirror/id/22021830

http://zone-hc.com/archive/mirror/d0abab6_learntelecom.bsnl.co.in_mirror_.html

http://zone-hc.com/archive/mirror/ea72f34_vas.bsnl.co.in_mirror_.html

Russian Today (RT) news website hacked

On Sunday, the famous Russian news website RT.com has bee hacked and defaced.

The hackers gained access to the admin panel of the RT website and managed to publish several articles containing "Nazi" word in the headline.

The security breach also has been confirmed by the Russian Today in its official twitter account saying "Hackers deface RT.com  website, crack admin access, place "Nazi" in every headline. Back to normal now.".

Some of the published articles are entitled "Russian Senators vote to use stabilizing Nazi forces on Ukrainian territory", "Nazi nationalist leader calls on 'most wanted' Nazi umarov' to act against Russia' ".

The website has been restored and back to normal.  But still, no hackers appear to have taken credit for the breach.

EC Council official website hacked


A hacker who calls himself "Eugene Belford" (A character from the movie "Hackers" )has hacked the EC-Council website - an organization that offers Certified Ethical Hacker(CEH)

"Owned by certified unethical software security professional" The defacement message reads.

He has also put in the deface page documents proving that "Edward Snowden" attended the CEH classes in India.

A spokesman from CSPF (Cyber Security and Privacy Foundation) says, it appears to be hackers used DNS hijacking attack to deface the website and possible gain access to their email.

Another CEH certified professional says he was not satisfied with EC Coucil  Training. He says though the course material is good and certification is recognised worldwide, the trainers from francisees of EC Coucil do not know hacking and they are not competent to take CEH classes.


Update: Sometime after this news was posted the hacker edited the deface page with this extra text. 

"Defaced again? Yep, good job reusing your passwords morons jack67834#

owned by certified unethical software security professional
Obligatory link: http://attrition.org/errata/charlatan/ec-council/
-Eugene Belford

P.S It seems like lots of you are missing the point here, I'm sitting on thousands of passports belonging to LE (and .mil) officials "

It might be that the attacker has gotten access to the emails of EC Council and hence all the email correspondence of the Law Enforcements and Military officials might be compromised also.



Las Vegas Sands casino websites hacked and defaced by Anti WMD Team

Las Vegas Sands Corp which is said to be the world largest casino operator, has been targeted by hackers.  Websites of Sands casino and its subsidiaries have been defaced.

The sites home page modified with the world map marking the location of sands casinos with flickering flame.

"Damn A, Don't  let your tongue cut your throat "the defacement message reads. "Encouraging the use of weapons of Mass destruction, Under Any condition , is a Crime"

The defacement also contained personal information of Sands employees including e-mail id, social security numbers and other information.

The sign left in the defacement suggest it is done by a hacker group identified as "Anti WMD team".  However, we are not able to find any history about this group.

List of affected websites are: Sands official website (sands.com), Venetian (www.venetian.com), Palazzo (palazzo.com), Sands Bethlehem (pasands.com), Marina Bay Sands (www.marinabaysands.com), Venetian Macao (venetianmacao.com), Sands Macao (sandsmacao.com) and Holiday Inn Macao Cotai Central (sandscotaicentral.com).

All of the affected websites are currently showing "Undergoing Maintenance" message.

Sands Spokesperson told Associate Press that the company is working with law enforcement to find out the hacker behind this security breach.  The company couldn't say whether customers' card data had been compromised.

Two more Indian Government websites hacked by Pakistani Hackers


In last few days, several Pakistani hacker groups have defaced plenty of Indian government websites.  Pakistan Haxors CREW is one of the group targeting the Indian websites.

The group today hacked into two Indian government websites: West Bengal State Coastal Zone Management Authority and Damodar Valley Corporation .

At the time of writing, 'wbsczma.gov.in' still showing the defacement while the 'portal.dvc.gov.in' went offline.  The group also claimed to have dumped the database. 

Today, another group named as "Team MaXiMiZerS" have defaced two India's Kerala state government websites along with hundreds of other websites.

Last night, Voice Of Black Hat Hackers group from Pakistan hacked two India's Rajasthan state government websites.

Pakistani hacker group 'Team MaXiMiZerS' hacks India's Kerala state Government websites

Hundreds of Indian websites including two Kerala state Government websites have been breached by a Pakisani hacker group identifying itself as "'Team MaXiMiZerS"

The affected websites are Cooperative Institute of Management and Technology (cimat.kerala.gov.in) and Kerala Cultural Welfare Development(cwb.kerala.gov.in), Kerala's Kannur University (kannuruniversity.ac.in). 

Other affected sites have been listed here: http://pastebin.com/p0zPbQDC

The defaced websites displayed the message  "What we Ask From India All the time is the only Kashmir , Most of the times we dnt act like that but this is the only way left . Why indian army is killing innocent's in kashmir ?  We Just Ask you these simple Question's and the indian gov got no answer's..... why ?"

"This is the only way left to protest for us. For what you are scared of ? India will loose the beauty of kashmir ? how many muslim brother's being killed on daily basis did u ever thought ? a 16 year's girl raped and killed a boy shot in the head for what ? because they are protesters ?All we ask is just the Answer of these Questions Nothing Personal ...you will pay for these sins one day"

Two Rajasthan Government websites hacked by Voice Of Black Hat Hackers

Pakistani hackers keep targeting Indian Government websites and breached several servers.

Today, a hacker named "ArYaNZ KhaN " from a pakistan hacker group called as "Voice Of Black Hat Hackers" hacked into the two India's Rajasthan government websites.

One of the website is appeared to be a testing website(webmis.rajasthan.gov.in/ArYaNZ.html).  The other one belong to the "Information and Public Relations Department of Rajasthan(dipr.rajasthan.gov.in/ArYaNZ.html).

"HEY INDIA!; Think again! Salute oh martyr from the land of Kashmir, your last wish to recite verses of holy Quran was not fulfilled. But the dream you lived with, will surely be fulfilled. India will taste defeat. " the defacement message reads.

"India celebrates this day while not realising what is coming for it now, this wont end the Intifada from Kashmir, you will see more and intesne reveolution." Hacker said in the defacement.

Moroccan Islamic Union-Mail hacks 5 Italian Government websites

Moroccan hackers going with the team handle "Moroccan Islamic Union-Mail" have hacked and defaced Several Of Italian Government Websites again.

Home page of the hacked websites have been modified with hackers' message and a youtube video. 

"We do not want muscle-flexing. Just want to get our message across the world to discover the truth."The message left by the team reads. " Yes, the fact that should be explored invite you to show filter this video to discover the truth for yourself.  #THE TRUTH WILL PREVAIL"

In addition to the above statement the defaced website was also playing a
Youtube video, depicting The stark reality about the Prophet Muhammad in the
Bible.

Link of targeted website along with its mirror can be found below:

http://www.smsagenovesi.gov.it/
http://www.add-attack.com/defaced/468738/smsagenovesi.gov.it/

http://www.superdue.gov.it/
http://dark-h.org/deface/id/8018

http://www.matteodellacorte.gov.it/
http://www.add-attack.com/defaced/468745/matteodellacorte.gov.it/

http://www.terzonocera.gov.it/
http://www.add-attack.com/defaced/468744/terzonocera.gov.it/

http://www.liceoclassicogbvico.gov.it/
http://www.add-attack.com/defaced/468747/liceoclassicogbvico.gov.it/

Hackers modified the content of home page 10 hours ago.  But, all of those affected sites are still showing the defacement.

The group has hacked several other Government websites in the past including South African, Colombia.

Peruvian local news website NetLima hacked by Venezuelan Hackers


A group of Venezuelan hackers affiliated with Anonymous hacktivists managed to gain access to the website of Netlima, a Peruvian online news paper site that covers news related to Lima city.

Even though the main page is not affected, the hackers used the unauthorized access to modify the content of few pages of the site in order to show their message.

Few pictures and a short message have been placed in those affected pates.

" Article 350 has its own life, lives in each of our hearts, can lead us to freedom. Let's give life and to liberate Venezuela. " the message reads.  "In this country there will never be revolution without evolution of Consciousness.!".

In the end of the modified-page, the hackers apologized to the admin of the site for the inconvenience and said "nothing personal, it is a protest for my Country." 
List of affected pages:
http://www.netlima.com/avisos2/index.php
http://www.netlima.com/noticias.php
http://www.netlima.com/web1/index.html

Two hacker groups namely "Hacker Claus Team" and "Anonymous Juventud" have done this defacement.  Currently, the affected pages still shows the defacement.

Official website of Assam Rifles hacked by Pakistan Haxors CREW


Just few minutes ago, the Pakisani hacker group known as "Pakistan Haxors CREW" has hacked into the official website of Assam Rifles.

The main home page is not affected by this attack.   The hacker has just uploaded a html file 'phc.html' in the main website(http://assamrifles.gov.in/phc.html).

Hacker didn't provide much information on the defaced page except a short message saying "Security Breach! Admin Secure It Thankssss".

In their official facebook page, the hacker group said "We Have What We Want".  We are not sure what they mean by that,  whether they have obtained any sensitive information or just mentioning about the defacement. The mirror of the defacement is here "add-attack.com/mirror/466057/ ".

According to the add-attack mirror record(www.add-attack.com/mirror/466052/), there is another group called "United Bangladesh Hackers" also defaced the website, just few hours before Pakistani hackers.

The same pakistani hacker group recently breached the Indian Railways website and uploaded their defacement.

Confirmed: Angry Birds website hacked by Anti-NSA Hacker

Syrian Electronic Army yesterday posted a tweet saying that one of its friend with handle "Anti-NSA" hacker defaced the Angry website.

At the time, we were not able to confirm the defacement.  No one was reported to have seen the hack.  Even the Zone-h mirror didn't confirm the defacement, displayed a message "The mirror is onhold and has not been verified yet".

So, we didn't have strong proof to report the hack.  Today,  Rovio, creator of angry birds, confirmed that the defacement was there for few minutes and corrected immediately.  Now, the Zone-h record also confirmed it.

Antti Tikkanen, Director of Security Response at F-Secure Labs, said in twitter that the attack is actually 'DNS Hijack attack'. He mentioned that the website itself not touched by the hacker; hacker managed to modify the DNS records.

He also said that the angrybirds website pointed to some IP address(31.170.165.141) assoicated with Lithuania for at least one hour.  The same IP address shown in the Zone-h record(https://www.zone-h.org/mirror/id/21666969).

The hack comes after the angry birds application is said to be used by NSA and GCHQ to spy on people. 

Indian Railways website hacked by Pakistan Haxors Crew


The official website of the Indian Railways has once again been hacked by Pakistani Hackers group.  This time, it is done by two hackers named as " H4$N4!N H4XOR" and "HUNTER KHAN" from the "Pakistan Haxors CREW(PHC)".

The home page of the site is not affected.  However, hackers managed to upload a "index.html" in a subdirectory("http://er.indianrailways.gov.in/cris/edrm_site/notice/index.html")

Not the first time :

Last August, Pakistan Cyber Army hacked into Indian Railways and uploaded their defacement page in the same "edrm_site" directory with a short message "Hello Guys. Aooooo Indian Railway Pawned LOL. Go to Hell This hack in reply to Pak Army Website".

In 2012, another hacker with handle "AiNAB", a member of Pakistan hacker group called Pakistan cyber pyrates, defaced multiple sub-domains of Indian Railways.(Refer: http://www.zone-h.org/archive/notifier=AiNAB/page=2)

At the time of writing, the website still shows the defacement message.  It is still unknown whether the previous vulnerability hasn't been fixed or hackers discovered new vulnerability.

It is worth to note the "H4$N4!N H4XOR" has hacked several Indian websites including Tamilnadu popular TV channels Jaya TV and Sun TV.

Poonam Pandey website hacked by Pakistani Hacker "Haxor 99"


Pakistani hacker with handle "Haxor 99" has hacked into Official website of Poonam Pandey - an Indian model and Bollywood film actress. The hacker defaced the home page.

The same hacker recently defaced the websites belong to Indian Pop singer "Daler Mehndi" and Canadian singer "Raghav Mathur".

The hacker left the same defacement message saying . "Nothing Delete or Harmed...Rise a Voice for Justice of Kashimr. Patch Your Site".

It appears Poonam pandey needs help in recovering her website and patching the vulnerability.

"Really upset! & Scared.. My website is Hacked... It says to Raise Voice for Kashmir!... dont know what to do?" Poonam Pandey tweeted from her twitter account.

Exclusive: BCCI official website hacked by Bangladesh Grey Hat Hackers



A hacker named as "Ashik Iqbal Chy", from Bangladeshi Grey Hat hackers group hacked into the official website of Board Of Control For Cricket In India(BCCI.tv).

The hacker managed to publish and edit few articles with title "HackeD By AshiK IqbaL Chy" in the news section of the site.  Links to edited articles have also been displayed in the main page.

Hacker also changed the picture of the site with Bangladeshi cricket players with a short message saying " Don't mess up with Tigers!"

Hacker told EHN that he gained access to the admin panel of the website and managed to delete articles from the site which results in "under maintanence" mode.

Hacker told EHN that he managed to deface the home page also last night.  He provide us a screenshot of the admin panel.

Exclusive: Admin panel of BCCI

At the time of writing, the website is under "maintenance" mode.  Here is the list of mirrors of defacements:
http://www.zone-h.com/mirror/id/21650626
http://www.zone-h.com/mirror/id/21650812

Reason for the Hack:
One of the member of the hacker group told E Hacking News the hack is part of a protest against "India, England and Australia proposal on test cricket placed to the International Cricket Council"

MS Dhoni official website hacked by United Bangladeshi Hackers


MS Dhoni, the captain Indian Cricket Team, Official website has been hacked and defaced by Bangladeshi Hacker group called as "United Bangladeshi Hackers".

The defacement was first discovered and reported by the Techgator .

Hackers didn't deface the home page.  They just managed to have uploaded a text file named "bd.txt" in the "Uploadedfiles" directory ("http://www.dhoniworld.com/uploadedfiles/bd.txt").

We are not sure how hackers managed to hack the website whether they have admin access or just some "Unrestricted File Upload" vulnerability.

"Hacked By Black Tiger From United Bangladeshi Hackers.Stop Abusing Our Test Cricket.Don't Try To Play With Fire. We Are Bangladeshi Hackers. Mind It!" The defacement left in the page reads.

After checking the Uploadedfiles directory, we came to know that this is not the first time the website being hacked by hackers.  Several other hacker group also managed to upload a text as well as image files.  It appears hackers also attempt to upload C99 backdoor shell.


*Update: Nope, It is not hacked
One of EHN reader Sri Ram Shyam contacted me and provide more info how hackers managed to upload the files.  


It is neither "unrestricted file upload" nor any other vulnerability.  The form itself allows to upload only image/text files.  I believe it is not harmful for the website in anyway.

WHMCS Documentation website hacked by b0x

A Hacker with online name "b0x", also one of the admin of MadLeets hackers forum, has hacked into the WHMCS website - A company that offers client management, billing& support solutions for online businesses.

The main page or website is not affected by this  breach.  Hacker managed to upload a html file "b0x.html" in the image directory of WHMCS documentation website(docs.whmcs.com).

Hacker didn't leave any message other than "b0x" in the defacement page.  Whenever main page of a website is not defaced, it will take time to admin to notice it.  So, we are still able to see the defacement at "http://docs.whmcs.com/images/b0x.html".

Hacker also provided mirror of the defacement " http://zone-h.org/mirror/id/21518159".

This is not the first time WHMCS being victim of hackers attack.  In 2012, the infamous UGNazi hacker group break into WHMCS using Social Engineering attack.

Update:

"Our system admin team just evaluated the server and b0x.html had a timestamp dating back to 2012. At the current time it is our belief that this was the result of a previous vulnerability related to mediawiki and no defacement has taken place." WHMCS representatives told Softpedia.

Microsoft Office Blog hacked by Syrian Electronic Army


As i said earlier, this year starts with bad luck for Microsoft.  As promised earlier in their tweet that they didn't finish their attack on Microsoft, they have attacked another website belong to Microsoft. This time, it is official 'Microsoft Office' blog.

"We didn't finish our attack on @Microsoft yet, stay tuned for more! #SEA" Hackers posted in one of their earlier tweets.

Hackers posted a screen shot that shows they managed to post articles entitled "Hacked by Syrian Electronic Army" in the blogs.office.com.


They also mentioned in their tweet that Microsoft can expect more attack from SEA team.

Hackers also posted couple of screen shots that shows they have gained access to the control panel of Office blog.



"Dear @Microsoft, Changing the CMS will not help you if your employees are hacked and they don't know about that. #SEA" latest tweet from SEA reads.

The latest attack is part of the series attack against Microsoft, started with  Skype blog and twitter account hijack.  This was followed by hijack of Xbox twitter account, Twitter account of Microsoft News and Microsoft official blog.

Anti-Narendra Modi websites hacked and defaced


Narendra Modi, Gujarat Chief Minister and BJP's prime ministerial candidate has so many support from youngsters. It seems now he also gets support from hackers.

Few websites against Narendra Modi has been breached by hackers. The list of hacked websites:
  •  http://www.fekuexpress.com/
  • http://www.thekalyugtimes.com/
  • http://www.fekuneeds.com/ 
  • http://feku.me/
  • http://www.fekuonsale.com/
    The hackers defaced the home page with a picture of Narendra modi and a message saying "Narendra Modi Fan is here".

    "we are the person of him, nobody can rule on us)
    sun rises from the hopes everywhere
     intention are steely courage of everystep
     we are today going to write destiny by our hand
     MODIJI NEXT PM
    Narendra Modi Zindabad" The defacement reads(translated).