The Philippines cyber space is again facing another cyber war. Following the cyberattack from China, Malaysia hackers, now the Taiwan hackers have started the cyber war against Philippines.
The operation named #OpPhilippines has been launched by the Anonymous Taiwan. The attack comes after Philippine Coast Guard killed Taiwanese fisherman. EHN was notified about the cyberwar by pinoyhacknews.
"Philippine coastguard killed taiwanese unarmed fishermen is injustice and unforgivable. Philippine government protecting murders is unacceptable." The hackers posted in the pastebin. "You must apologize. Killers must be arrested immediately. Otherwise, we will not stop."
The hackers defaced the '.gov.ph' domain registry website(dns.gov.ph/opph.html). They also defaced one more government webstie "Advanced Science and Technology Institute(suppliers.asti.dost.gov.ph/opph.html)".
The hacktivist also leaked database from six different Government websites as part of the cyberwar. The links to the database dump is provided in a single paste(pastebin.com/sRykr2Wd).
The affected websites includes Department of Education of the Philippines(former.deped.gov.ph), onlineservices.ipophil.gov.ph, Provincial Government of Bulacan (bulacan.gov.ph), Philippine Public Safety College(ppsc.gov.ph),Province of Sulu(sulu.gov.ph). The leak contains username, email address and passwords.
The hackers also dumped(pastebin.com/D7gCEdS6) the database from the 'gov.ph' domain registry website that contains username and password details belong to all Government websites. It has more than 2300 entries.
An unknown hacker breached the website of the Prime minister Yingluck Shinawatra's office (opm.go.th/opminter/mainframe.asp) and posted abusive message with the altered photo of her.
"I’m a slutty moron” The offensive comment made by the cybercriminals in the defaced page. “I know that I am the worst Prime Minister ever in Thailand history!!!”.
Although the defacement sign says it was hacked by the hacker group "Unlimited Hack Team", the team denied the involvement in the security breach.
“It might have been done by some teenagers... or maybe it was for political purposes,” the prime minister’s secretary-general, Suranand Vejjajiva is quoted in the NewStraitsTimes' report as saying.
It appears the security breach comes after she filed a defamation case against a cartoonist for allegedly comparing her to a prostitute on his Facebook page.
"I’m a slutty moron” The offensive comment made by the cybercriminals in the defaced page. “I know that I am the worst Prime Minister ever in Thailand history!!!”.
Although the defacement sign says it was hacked by the hacker group "Unlimited Hack Team", the team denied the involvement in the security breach.
 |
| Image credits: manager.co.th |
“It might have been done by some teenagers... or maybe it was for political purposes,” the prime minister’s secretary-general, Suranand Vejjajiva is quoted in the NewStraitsTimes' report as saying.
“Hacking a website is easy... but don’t forget that checking who did it is not hard either,” he told reporters.
It appears the security breach comes after she filed a defamation case against a cartoonist for allegedly comparing her to a prostitute on his Facebook page.
The famous Turkish hacking group RedHack has defaced the official Government website of the Istanbul(istanbul.gov.tr ).
The hacker group specified they hacked this website in retaliation of attacks on people at MayDay.
"Hacked in retaliation of attack on people at MayDay and to commemorate revolutionaries Deniz. Yusuf, Huseyin hanged on 6th May 1972" the tweet posted by the hacker group reads.
Hacker posted a picture of the Istanbul Governor Hüseyin Avni Mutlu picture with the following message "I didn't say you can't be a Mayor, I said you can't be a man".(translated)
At the time of writing, the website seems to be restored by the administrator and back to normal.
The official website of Rajasthan Public service commission(RPSC) was found to be hacked and defaced by the Pakistani hacker named "Codacker" with the message "Pakistan Zindabad".
The hacker placed two links in the News section that leads to the defacement page. According to the TOI report, the website was restored by the admin and changed the password of the website.
"We also put the websites on surveillance and have reported to the IT ministry,"K K Pathak, secretary of RPSC told Times of India.
But it doesn't seem like they have fully restored the website. At EHN, we are still able to see the defacement page uploaded at the "http://rpsc.rajasthan.gov.in/index.html".
"Codacker is here. Hey Admin! I own you now. Feel the wrath of Pakistani Hacker" the defacement message reads.
Changing the password alone won't help in stopping the hackers. They should identify the vulnerability that allowed the hacker to breach the website and patch that vulnerability.
"Old is Gold" but it is not applicable for your CMS. A Number of Nepal government websites which use out-dated joomla version have been breached by a group of hackers.
The security breach was done by the group called as Msulim Cyber Sh3ll'z. The same group yesterday hacked into a number of Bangladeshi and Vietnam government website.
The list of affected sites: Nepal Law Commission(lawcommission.gov.np), deonuwakot.gov.np, www.dadokanchanpur.gov.np, Department of National Park and Wildlife Conservation(dnpwc.gov.np), Ramgram Municipality(ramgram.gov.np), nidmc.gov.np.
The websites have been defaced with a simple message "Box owned by shockwave Khan! This time nepal Government Boxed xd. No comments".
Mirrors:
http://zone-h.com/mirror/id/19664452
http://zone-h.com/mirror/id/19664453
Sil3nt hack3r , a member of hacking crew called as Muslim Cyber Sh3ll'z, has breached multiple Bangladesh government websites and left those sites defaced.
The list of affected websites includes Ministry of Chittagong Hill Tracts Affairs, Bangladesh National Commission for UNESCO, BPSC Departmental Examination(portal.bpsc.gov.bd) and Cabinet Division(cabinet.gov.bd) .
The security breach was done few days ago but still few sites are not recovered by the admin and displays the defacement page.
We can still able to see the defacement page at 'www.bncu.gov.bd' and 'www.mochta.gov.bd/ck.htm'.
Apart from Bangladeshi government websites, the crew also defaced Indian government website(pcmcindia.gov.in) , Vietnam govt. (cti.gov.vn).
This is not the first time the Bangladesh National Commission for UNESCO being attacked. It was defaced multiple times in the past , last month it was defaced by Rahm Anonymous.
*Outdated Joomla:
At EHN, we have found those affected government websites are using outdated Joomla version 1.5 that has multiple critical vulnerabilities.
The hacker group "ANON_0x03" affiliated with Anonymous hacktivists has invaded the website belong to Infantry branch of Argentina Army (infanteria.mil.ar).
The website has been defaced and notified in the zone-h mirror page by a hacker with the handle "voldem0rt".
Unlike other hackers, they didn't left any messages in the defacement. They leaked the compromised database in the defacement instead.
The data leaked by Anon 0x03 includes email addresses, usernames, hashed passwords and other information.
We are still able to see the defacement page at the time of writing. But the security breach was done 24 hours ago.
Mirror:
http://www.zone-h.org/mirror/id/19658987
They also leaked login credentials belong to few Peru government websites along with the link to login panel.
A hacker group named as "Islamic Ghost Team" has breached government websites from Haiti, Vietnam,Turkmenistan.
Haiti government websites including Interministerial Committee for Planning(CIAT.gouv.ht) , Ministry of Planning and External Cooperation(mpce.gouv.ht) is affected by this security breach.
The hacked site includes sub-domain of Commerce and Industry of Turkmenistan website(cotton.cci.gov.tm), sub-domain of Electronic portal Pacific if Vietnam(soyte.binhduong.gov.vn).
The team left their footprints on the affected websites by uploading their defacement page. The hackers didn't specify any specific reason for the attack.
From the Zone-h archive, the hacker seems to target the Government websites. In the past, the team defaced government websites from Panama, Saudi Arabia, Malaysia, Kenya, Libya.
Brazilian hacker group known as "HighTech Brazil HackTeam" has reportedly breached one of the official NIC server of India and took control of the websites.
Hackers has defaced the government websites hosted on a single windows 2008 server belong to NIC, according to Cyber-N report.
The team didn't provide any specific reason for the attack, it seems like the attack is for increasing their hack counts in 'zone-h' -- a famous website that hosts mirror of the defacement.
The list of defaced sites includes Energy Department of Government of Karnataka(gokenergy.gov.in), BEML Technology Division( bemltech.nic.in), Bangalore Urban(bangaloreurban.nic.in), Manipur VAT Dept(www.manipurvat.gov.in), Arunachal Pradesh VAT( www.aruntax.nic.in) and other sub-domains of nic.in.
The full list of defaced websites can be found here:
http://pastebin.com/6jPBpp8a
Hackers has defaced the government websites hosted on a single windows 2008 server belong to NIC, according to Cyber-N report.
The team didn't provide any specific reason for the attack, it seems like the attack is for increasing their hack counts in 'zone-h' -- a famous website that hosts mirror of the defacement.
 |
| defacement |
The list of defaced sites includes Energy Department of Government of Karnataka(gokenergy.gov.in), BEML Technology Division( bemltech.nic.in), Bangalore Urban(bangaloreurban.nic.in), Manipur VAT Dept(www.manipurvat.gov.in), Arunachal Pradesh VAT( www.aruntax.nic.in) and other sub-domains of nic.in.
The full list of defaced websites can be found here:
http://pastebin.com/6jPBpp8a
The official website belongs to the Cooperative development authority of Philippines has been attacked by a hacker team with the name of Al-Qaeda militant.
The team earlier today sent notification to EHN in Twitter "@EHackerNews Official Website of the Provincial Government of Camiguin, Philippines #Hacked www.camiguin.gov.ph".
They defaced the main webpage of the site with a text "Hacked by Bin Laden hacker". The hackers also defaced the Official Website of the Provincial Government of Camiguin, Philippines(www.camiguin.gov.ph).
"The reason is that we against the Goverment We do it for Osama Bin Laden :)" The hacker stated as a reason for the attack .
At the time of writing, both sites show Forbidden error message "You don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request." It seems like the admin is investigating the issue and trying to patch the vulnerability.
The mirror :
http://www.zone-h.org/mirror/id/19570687
A hacker group called as "Algerian To the Core" has break into multiple Government websites of Thailand. The team left their footprints by modifying the pages of the site.
Thailand Personnel labour(personnel.labour.go.th) , Thailand Police(www.donwan.mahasarakham.police.go.th), nongyasaiudon.go.th are found to be the list of victim websites.
The group defaced sub-domains of Mahidol University, THAILAND : migrationcenter.mahidol.ac.th, www.idsa.ipsr.mahidol.ac.th, www2.ipsr.mahidol.ac.th, www.thailandometers.mahidol.ac.th.
Thailand Personnel labour(personnel.labour.go.th) , Thailand Police(www.donwan.mahasarakham.police.go.th), nongyasaiudon.go.th are found to be the list of victim websites.
The group defaced sub-domains of Mahidol University, THAILAND : migrationcenter.mahidol.ac.th, www.idsa.ipsr.mahidol.ac.th, www2.ipsr.mahidol.ac.th, www.thailandometers.mahidol.ac.th.
 |
| Defacement |
The full list of hacked sites with mirror can be found here : http://pastebin.com/SprFscYS
The hacked sites with Mirrors:
1.ministryofenergy.dl.gov.ng
Mirror of the defacement: hack-db.com/315807.html
2.strathbogie.vic.gov.au
Mirror of the defacement: hack-db.com/315805.html
"The Goverment lie about the Country Philippines They spread bullshit to everyone thats why 'LulzSec Philippines' strikes back" The hacker stated as reason for the attack.
An Anonymous Hacker with the twitter handle " Rahm Anonymous " has launched cyber attack against the Bangladesh Government websites.
The hacker defaced the following Government websites: Sub-domain of Bangladesh Public Service Commission(portal.bpsc.gov.bd/rahm.php), SEQAEP (www.seqaep.gov.bd/admin/), nidw.gov.bd/administrator, Bangladesh National Commission for UNESCO(bncu.gov.bd/administrator/ ).
He also claimed to have taken down more than 40 Bangladesh Government websites. The hacker has posted a list of affected websites in pastebin(pastebin.com/CMLu4vMP).
EHN has tried to verify the hacker claim about the DDOS attacks, the site seems to be down but those sites are working with "www".
At the time of writing, the defaced websites still hosts the defacement page uploaded by the hacker.
"WELCOME BACK ADMIN-- --YOUR SITE GOT HACKED!!!-- NOTHING PERSONAL WITH YOU--THIS IS JUST BECAUSE OF--YOUR STUPID COUNTRY . HACKERS ARE ABUSING OUR RELEGION. AND WE ALWAYS WANTED PEACE BUT NOW THE SHORE IS GETTING OFF. NOW THIS IS JUST THE BEGINNING!!! " The hacker stated in the defacement page as reason for the attack.
The hacker defaced the following Government websites: Sub-domain of Bangladesh Public Service Commission(portal.bpsc.gov.bd/rahm.php), SEQAEP (www.seqaep.gov.bd/admin/), nidw.gov.bd/administrator, Bangladesh National Commission for UNESCO(bncu.gov.bd/administrator/ ).
He also claimed to have taken down more than 40 Bangladesh Government websites. The hacker has posted a list of affected websites in pastebin(pastebin.com/CMLu4vMP).
EHN has tried to verify the hacker claim about the DDOS attacks, the site seems to be down but those sites are working with "www".
At the time of writing, the defaced websites still hosts the defacement page uploaded by the hacker.
"WELCOME BACK ADMIN-- --YOUR SITE GOT HACKED!!!-- NOTHING PERSONAL WITH YOU--THIS IS JUST BECAUSE OF--YOUR STUPID COUNTRY . HACKERS ARE ABUSING OUR RELEGION. AND WE ALWAYS WANTED PEACE BUT NOW THE SHORE IS GETTING OFF. NOW THIS IS JUST THE BEGINNING!!! " The hacker stated in the defacement page as reason for the attack.
The Bangladesh Grey Hat Hacker group has breached websites from different countries including Israel,Peru,Argentina,Bhutan.
Speaking to EHN, the hacker said the security breach is part of the protest against Israel and support to recent attacks of Anonymous Operation Israel.
The hacked Peru Govt. sites are Luricocha District Municipality (muniluricocha.gob.pe), Lucanas District Municipality(munilucanas.gob.pe), Chirinos District Municipality(munichirinos.gob.pe), Municipal Portal Canas Province(municanas.gob.pe),hospital Ventanilla(hospitalventanilla.gob.pe).
Bhutan InfoComm and Media Authority(bicma.gov.bt) and MHPA Telephone Directory(mhpa.gov.bt) are also defaced by the BGHH group.
*Update*:
The hackers also defaced Bhutan Drug Regulatory Authority(dra.gov.bt), Bhutan National Museum(www.nationalmuseum.gov.bt) .
The rest of the affected websites can be found in this link: pastebin.com/q4Aw1T5u
The Algerian branch of the hacktivist group Anonymous has hacked more than 1600 websites. Speaking to EHN, the hacker said the mass defacement was done within 1 day.
While the main page of the affected sites are untouched, the hacker just uploaded the defacement pages as "c.html" file in the target websites.
The team defaced the websites with a Palestine flag and a hash tag "#FreePalestine. "This is a special deface for Palestine " hackers said next to the defacement list posted in the pastebin.
After removing the duplicate entries, EHN found there are more 1000+ defaced websites. At the time of writing, the websites still shows the defaced page.
Among the hacked sites there are plenty of Educational and Government websites of China. EHN analyzed the domains and found there are around 30 Chinese Government websites defaced in this cyber attack.
Here is the list of Hacked Chinese Govt. sites:
- cjzp.hnbys.gov.cn/c.html
ga.10.gov.cn/c.html
gz.sxyjcz.gov.cn/c.htm
gzzw.gov.cn/c.html
jsj.jinchuan.gov.cn/c.html
oa.nbxsws.gov.cn/c.html
pnwh.puning.gov.cn/c.html
qnczj.gov.cn/c.html
qx.xiangtan.gov.cn/c.html
rencai.dongying.gov.cn/c.html
slj.pinghu.gov.cn/c.html
tez.zzhb.gov.cn/c.html
www.czkx.gov.cn/c.html
tp.bjcg.gov.cn/c.html
www.dywater.gov.cn/c.html
www.hljms.gov.cn/c.html
www.hnlyrs.gov.cn/c.html
www.langao.gov.cn/c.html
www.qnczj.gov.cn/c.html
www.qzta.gov.cn/c.html
www.rzeic.gov.cn/c.html
www.sdwhzf.gov.cn/c.html
www.shyyfw.gov.cn/c.html
www.snqy.xyzfw.gov.cn/c.html
www.tongcheng.jcy.gov.cn/c.html
www.wcrk.gov.cn/c.html
www.wgjsj.gov.cn/c.html
gz.sxyjcz.gov.cn/c.html
kfq.tslr.gov.cn/c.html
tlxkj.tlinfo.gov.cn/c.html
*Update*:
We apologized to EHN readers for providing wrong information. Today, we reported the SCTA.gov.sa site was hacked by a hacker named ' CrAzY ArAr' from 'Syrian Cyber Eagles' group. We have been contacted by the original hacker who claimed 'no connection' to this group.
We found that 'Syrian Cyber Eagles' group is fake group who took credits for the hacks of other hackers.
The site is originally hacked by the 'CrAzY ArAr' but he is not part of this fake group 'Syrian Cyber Eagles'.
The hacker managed to deface the two sub-domains of the SCTA website : ssb.scta.gov.sa , online.scta.gov.sa. The hacker team announced the breach few minutes ago in Twitter:
"The Saudi Commission for Tourism and Antiquities (SCTA) Defaced http://ssb.scta.gov.sa" The tweet reads.
The hacked websites still show the defacement page. The mirror of the defacement can be found at zone-h :
- www.zone-h.org/mirror/id/19512493
- www.zone-h.org/mirror/id/19512492
Anonymous Philippines has breached several Philippines Government websites including the official website of the Philippines President website. The hackers managed to publish an article in the President website(http://1.president.gov.ph/news/anonymous-philippines/) with title "Anonymous Philippines" .
"Greetings, President Aquino! We have watched how you signed into law a bill that endangers and tramples upon the netizens’ freedom of speech and expression. Now, we are silent witnesses as to how you are mishandling the Sabah issue." The article published by the hackers reads.
"We did not engage the Malaysian hackers who invaded our cyberspace since we expected you to appropriately and judiciously act on the same, but you failed us. You did nothing while our fellow brothers are being butchered by the Malaysian forces, and while our women and children become subject of human rights abuses. If you can’t act on the issue as the Philippine President, at least do something as a fellow Filipino. We are watching."
The security breach was initially published by the Clifford Trigo in The PinoyTechNews and notified to EHN about the hack.
The hacker also defaced the following Government websites :
http://www.gdelpilar.gov.ph/
http://www.calasiao.gov.ph/
http://bolinao.gov.ph/
http://mauban.gov.ph/
http://apayao.gov.ph/
http://www.mauban.gov.ph/
http://www.drd.pnp.gov.ph/
At the time of writing, all of the government websites still displays the defacement page except the President websites. The article published in President website has been removed.
After hacking the main Pakistani government and Army site, the Indian hacker "Godzilla" today notified EHN about another cyber attack against the Pakistani Government websites.
Yesterday, the hacker hacked the Pakistani main government website(pakistanarmy.gov.pk) by exploiting the proxy-misconfiguration vulnerability. Today he managed to hack more Pakistani website by gaining access to the Internal Networks.
"proxy was configured in such a way that the local ip 192.168.70.103 was running through that proxy" The hacker told EHN. "It is a local ip switched through the proxy"
"Pakistan Government Switches under control. Pakistan admins please dont disturb us when we are working. Your official website www.pakistan.gov.pk will be up as soon as we finish are work." The hacker said.
"You tried to use proxy for your security and we used the same proxy to crush you."
"IBM SERVER AND Layer 2-3 Gigabit Ethernet Switch Module for IBM eServer BladeCenter and 22 local machines were used to build the proxy and secure the digital cyber space of Pakistan. which is owned badly."
List of hacked sites:
Ministry of Information Technology of Pakistan
www.moitt.gov.pk
Ministry of Railways of Pakistan
www.railways.gov.pk
Ministry of Economic Affairs & Statistics of Pakistan
www.ead.gov.pk
Ministry of Interior of Pakistan
www.interior.gov.pk
Ministry of Inter Provincial Coordination of Pakistan
www.ipc.gov.pk
Ministry of Religious Affairs Pakistan
www.mora.gov.pk
Establishment Division of Pakistan
www.establishment.gov.pk
Ministry of Housing & Works of Pakistan
www.housing.gov.pk
Ministry of Science and Technology of Pakistan
www.mosp.gov.pk
Planning Commission of Pakistan
www.planningcommission.gov.pk
Ministry of Minorites Affair of Pakistan
www.minorities.gov.pk
Local Government Division of Pakistan
www.lgrd.gov.pk
Ministry of Environment of Pakistan
www.moenv.gov.pk
*Update 1:
Pakistani Government under heavy cyber attack from hacker 'Godzilla'
http://www.ehackingnews.com/2013/03/pakistani-government-under-cyber-attack.html
*Update 2:
Indian Hacker Godzilla leaked Pakistan Government website's Database details
http://www.ehackingnews.com/2013/03/indian-hacker-godzilla-leaked-pakistan.html
After hacking 84 Russian websites, the hacker SiR Abdou come with more hacked sites. Yesterday, he defaced 42 website and today he hacked 50 more websites. This comes to a total of 176 Russian websites within three days.
The hacker claims this penetration is to support the prisoners on hunger strike since months in Israeli jails for up their appeal to the whole world and deliver their message.
" Freedom for Prisoners of Palestinians on hunger strike in Israeli jails. God willing, up call to the world to support the prisoners in the battle of the intestines empty waging against the Israeli jailer." The defacement message reads.
Few hacked sites:
maxi-beauty.ru
pinup-parfum.ru
kazankosmetika.ru
детсад6-туймазы.рф
coral-dar.ru
holisticvision.ru
roart.ru
The full list of hacked sites can be found here:
1.pastebin.com/dGQj56E5
2.pastebin.com/nwcQc9Fg
The hacker claims this penetration is to support the prisoners on hunger strike since months in Israeli jails for up their appeal to the whole world and deliver their message.
" Freedom for Prisoners of Palestinians on hunger strike in Israeli jails. God willing, up call to the world to support the prisoners in the battle of the intestines empty waging against the Israeli jailer." The defacement message reads.
 |
| Defaced page |
Few hacked sites:
maxi-beauty.ru
pinup-parfum.ru
kazankosmetika.ru
детсад6-туймазы.рф
coral-dar.ru
holisticvision.ru
roart.ru
The full list of hacked sites can be found here:
1.pastebin.com/dGQj56E5
2.pastebin.com/nwcQc9Fg
The Team Hacker Argentino and LIberoamericaMu has breached the official website of Official website of the Governor of Junin, Mario Andres Meoni and defaced the main page.
"No more insecurity in the village, no stupid laws in the world, without conflicts and wars greedy, achieved what we all want!, " The hacker wrote in the defacement page.
"The people are tired of governments and their laws, we are united and furious and we are beginning to act, because the people are free to all, without laws and without corruption!"
The defaced page:
http://www.mariomeoni.com.ar/
