Indexeus.org website hacked by Pernicious Developers 2014

A day after Security blogger Brian Krebs published an article entitled "Even Script Kids Have a Right to Be Forgotten", hackers breached the Indexeus website(indexeus.org)

Yesterday, Krebs wrote an article about "Indexeus" which is a new search engine containing database of stolen user names and passwords from more than 100 data breaches.

According to KrebsOnSecurity, the database contained stolen credentials from the recent Yahoo and Adobe breaches.


The site also contained databases of few hacker forums that have been hacked. It seems to have ticked off many hackers.  Today, the website was defaced by hacker group Pernicious Developers.

"This is the Original Pernicious Developers, we're still here. Even if you don't know which version of the group who did this." The defacement message reads.  At the time of writing, the website shows a blank page. 

Owner of the Indexeus has replied in one of the threads in HackForums about the hack:



Mirror:
http://www.zone-h.org/mirror/id/22702440

*Update:
The hacker group have provided a screenshot that shows they uploaded a backdoor shell to the affected website.


Official websites of Taj Mahal and Agra Fort hacked by Pakistani hackers


The Pakistani hackers continue to target Indian Government and other websites.  'Pakistan Haxors Crew' is to be one of the most active groups that targeting Indian websites.

Today, the hacker known as 'H4$N4!N H4XOR' from the group hacked into one of the popular Indian Government websites ; The main page of Taj Mahal website(www.tajmahal.gov.in) is now displaying the Pakistan's flag.

The message posted on the defaced page reads follows:
"Whatever you fail to detect, will cause your downfall..Pakistan Haxors Crew is here to remind you of your Security.. Our fight is not against any individual but the system as whole"

It is not the only website defaced in the recent attack. The group also changed the contents of other popular government websites including Agra Fort official site(agrafort.gov.in) and Fatehpur Sikri site.

While other sites are modified to display the hacker's content in the front page of the site, hackers have placed their defacement page in Fatehpur Sikrisite at "http://fatehpursikri.gov.in/r00t.html"  

At the time of writing, all of the affected websites still display the contents modified by the hackers. 

Tata Motors website hacked by Pakistani Hackers


The official website of Tata Motors, the Largest Indian multinational automotive manufacturing company, has been breached and defaced by a Pakistani Hacker who uses the online moniker "H4$N4!N H4XOR".

The main website is not affected by this breach. The Hacker has defaced the 'connect.tatamotors.com', a sub-domain dedicated for the Auto Expo 2014.

"India B Ready I Am Coming  :P " The hacker wrote on the defaced page.

"Pakistan Haxors Crew is here to remind you of your security... Our fight is not against any individual but the system as a whole.. Should you choose to ignore security, it will reincarnate as your worst nightmare !  We just defaced your website to give you a chance to put your hands on it before others come and destroy it!"

At the time of writing, the Tata Motors' sub-domain still showed the defacement page. The mirror of defacement is available here:  http://zone-h.com/mirror/id/22337776

LK Advani's official website hacked by Pakistani Hacker

Screenshot of Defacement

The next day after Bihar BJP's official website get hacked by hacker claimed to be from Pakistan, the official website of Senior BJP Leader LK Advani (www.lkadvani.in) also got defaced by the same hacker.

The hacker who called himself Muhammad Bilal began the defacement message by saying "I'M Back ;D gOOd mOrNing Narendra Modi".  The hacker also wrote "Free Kashmir..Freedom is our goal."

The hacker also claimed to have defaced the websites of Bharti Janta Party In Lok Sabha and Bharti Janta Party In Rajya Sabha.

A screenshot published in the hacker's profile shows that he also gained access to the database server.  The accessed information includes email IDs, hashed-passwords, phone numbers and other details.

At the time of writing, the LK Advani's website is down for maintenance.

Bihar BJP website hacked and defaced by Pakistani Hackers

Bharatiya Janata Party's(BJP) website once again has been targeted by hackers claimed to be from Pakistan.

This time, a hacker named Muhammad Bilal from Pak Cyber Experts group breached the official Bihar Bjp website(www.biharbjp.org) and defaced the home page.

The defacement contains a picture of person standing on Narendra Modi's photo and posted some comments.  The hacker also called India as Stupid.

"I just woke up for reading Namaz. I just thought i will check BJP website :D good site it was :( then my mind changed :( i thought to write 'Pakistan Army' or 'pakistan zindabad' on the site of people who say [redacted] about Pakistan." defacement message reads(translated).

The hacker has a past history of attacking Indian websites and Modi's related websites.

This is not the first time BJP's websites being defaced by Pakistani Hackers.  Earlier this month, hacker with online handle 'Sniper Haxxx' defaced the BJP Junagadh unit's website.

It seems like the website was defaced before 14 hours. The website is still showing the defacement. You can find the mirror of the defacement here: http://zone-h.com/mirror/id/22233554

Ministry of Health Saudi Arabia website defaced by Moroccan hackers


Moroccan Islamic Union-Mail hacks and deface the official website of prevention program of injuries and accidents - Ministry of Health Saudi Arabia(moh-ncd.gov.sa)

The site was showing a picture of Mohamed Morsi The President Of Egypt and member in the Muslim Brotherhood and a clear message in arabic which said :

"Penetration in response to a statement by the Ministry of Interior inclusion of the Muslim Brotherhood in the list of terrorist groups."

"Our message to the governor of Saudi Arabia: The day will come who are under it is exposed to more than what it is now Syria." hackers said.

" The most worthy AQIM contain the Two Holy Mosques to be a compromise in everything Do not be biased for a class to another, until he became Al Saud believe in all that is Islamic terrorist And all of the resistance for pursuing terrorism The injustice of kin most Reluctantly --- one of Hussam signed Mohannad. Signature: Moroccan Islamic Union-mail"

The mirror of the defacement is available here:  http://www.aljyyosh.org/mirror.php?id=125826

This is not the first time the site being targeted by hackers - Earlier this year, a hacker going by handle 'Dr.SHA6H' also defaced the website.

Syrian National Coalition website and US Central Command hacked by Syrian Electronic Army


The official website of the National Coalition for Syrian Revolutionary and Opposition Forces(etilaf.org) and few other websites have been hacked and defaced by Syrian Electronic Army.

In addition to Syrian National Coalition hack, the group also hacked into Masarat Syria (masaratsyria.com) and the City Council of Daraya (darayacouncil.org).

The hacked websites went offline at the time of writing, A mirror of the defacement can be found here:
  • http://www.zone-h.org/mirror/id/22015751
  • http://www.zone-h.org/mirror/id/22015787
  • http://www.zone-h.org/mirror/id/22015855
Recently, the group also announced that they have successfully breached the US Central Command(CENTCOM) and accessed hundreds of documents.

In the meantime, the Syrian Electronic army also posted a tweet "How much does @Microsoft charge @FBIPressOffice ever month to spy on your emails? Stay tuned for their leaked documents. #SEA #PRISM".

BSNL subdomain's defaced by "Kai-h4xOrR And Trojan"



Two Pakistani hackers called "Kai-h4xOrR And Trojan" have managed deface some webpages of BSNL's sub-domains.

The defaced pages are:
http://learntelecom.bsnl.co.in/acp_main_module/schedule_list.asp
http://www.vas.bsnl.co.in/vas/contact_us.jsp?cir=11

They left the following message: "Team MaXiMiZerSOp# Free For Kashmir"

BSNL has very bad track record with security it has been defaced multiple times in the past few years.

Mirrors:http://zone-h.com/mirror/id/22021830

http://zone-hc.com/archive/mirror/d0abab6_learntelecom.bsnl.co.in_mirror_.html

http://zone-hc.com/archive/mirror/ea72f34_vas.bsnl.co.in_mirror_.html

Russian Today (RT) news website hacked

On Sunday, the famous Russian news website RT.com has bee hacked and defaced.

The hackers gained access to the admin panel of the RT website and managed to publish several articles containing "Nazi" word in the headline.

The security breach also has been confirmed by the Russian Today in its official twitter account saying "Hackers deface RT.com  website, crack admin access, place "Nazi" in every headline. Back to normal now.".

Some of the published articles are entitled "Russian Senators vote to use stabilizing Nazi forces on Ukrainian territory", "Nazi nationalist leader calls on 'most wanted' Nazi umarov' to act against Russia' ".

The website has been restored and back to normal.  But still, no hackers appear to have taken credit for the breach.

EC Council official website hacked


A hacker who calls himself "Eugene Belford" (A character from the movie "Hackers" )has hacked the EC-Council website - an organization that offers Certified Ethical Hacker(CEH)

"Owned by certified unethical software security professional" The defacement message reads.

He has also put in the deface page documents proving that "Edward Snowden" attended the CEH classes in India.

A spokesman from CSPF (Cyber Security and Privacy Foundation) says, it appears to be hackers used DNS hijacking attack to deface the website and possible gain access to their email.

Another CEH certified professional says he was not satisfied with EC Coucil  Training. He says though the course material is good and certification is recognised worldwide, the trainers from francisees of EC Coucil do not know hacking and they are not competent to take CEH classes.


Update: Sometime after this news was posted the hacker edited the deface page with this extra text. 

"Defaced again? Yep, good job reusing your passwords morons jack67834#

owned by certified unethical software security professional
Obligatory link: http://attrition.org/errata/charlatan/ec-council/
-Eugene Belford

P.S It seems like lots of you are missing the point here, I'm sitting on thousands of passports belonging to LE (and .mil) officials "

It might be that the attacker has gotten access to the emails of EC Council and hence all the email correspondence of the Law Enforcements and Military officials might be compromised also.



Las Vegas Sands casino websites hacked and defaced by Anti WMD Team

Las Vegas Sands Corp which is said to be the world largest casino operator, has been targeted by hackers.  Websites of Sands casino and its subsidiaries have been defaced.

The sites home page modified with the world map marking the location of sands casinos with flickering flame.

"Damn A, Don't  let your tongue cut your throat "the defacement message reads. "Encouraging the use of weapons of Mass destruction, Under Any condition , is a Crime"

The defacement also contained personal information of Sands employees including e-mail id, social security numbers and other information.

The sign left in the defacement suggest it is done by a hacker group identified as "Anti WMD team".  However, we are not able to find any history about this group.

List of affected websites are: Sands official website (sands.com), Venetian (www.venetian.com), Palazzo (palazzo.com), Sands Bethlehem (pasands.com), Marina Bay Sands (www.marinabaysands.com), Venetian Macao (venetianmacao.com), Sands Macao (sandsmacao.com) and Holiday Inn Macao Cotai Central (sandscotaicentral.com).

All of the affected websites are currently showing "Undergoing Maintenance" message.

Sands Spokesperson told Associate Press that the company is working with law enforcement to find out the hacker behind this security breach.  The company couldn't say whether customers' card data had been compromised.

Two more Indian Government websites hacked by Pakistani Hackers


In last few days, several Pakistani hacker groups have defaced plenty of Indian government websites.  Pakistan Haxors CREW is one of the group targeting the Indian websites.

The group today hacked into two Indian government websites: West Bengal State Coastal Zone Management Authority and Damodar Valley Corporation .

At the time of writing, 'wbsczma.gov.in' still showing the defacement while the 'portal.dvc.gov.in' went offline.  The group also claimed to have dumped the database. 

Today, another group named as "Team MaXiMiZerS" have defaced two India's Kerala state government websites along with hundreds of other websites.

Last night, Voice Of Black Hat Hackers group from Pakistan hacked two India's Rajasthan state government websites.

Pakistani hacker group 'Team MaXiMiZerS' hacks India's Kerala state Government websites

Hundreds of Indian websites including two Kerala state Government websites have been breached by a Pakisani hacker group identifying itself as "'Team MaXiMiZerS"

The affected websites are Cooperative Institute of Management and Technology (cimat.kerala.gov.in) and Kerala Cultural Welfare Development(cwb.kerala.gov.in), Kerala's Kannur University (kannuruniversity.ac.in). 

Other affected sites have been listed here: http://pastebin.com/p0zPbQDC

The defaced websites displayed the message  "What we Ask From India All the time is the only Kashmir , Most of the times we dnt act like that but this is the only way left . Why indian army is killing innocent's in kashmir ?  We Just Ask you these simple Question's and the indian gov got no answer's..... why ?"

"This is the only way left to protest for us. For what you are scared of ? India will loose the beauty of kashmir ? how many muslim brother's being killed on daily basis did u ever thought ? a 16 year's girl raped and killed a boy shot in the head for what ? because they are protesters ?All we ask is just the Answer of these Questions Nothing Personal ...you will pay for these sins one day"

Two Rajasthan Government websites hacked by Voice Of Black Hat Hackers

Pakistani hackers keep targeting Indian Government websites and breached several servers.

Today, a hacker named "ArYaNZ KhaN " from a pakistan hacker group called as "Voice Of Black Hat Hackers" hacked into the two India's Rajasthan government websites.

One of the website is appeared to be a testing website(webmis.rajasthan.gov.in/ArYaNZ.html).  The other one belong to the "Information and Public Relations Department of Rajasthan(dipr.rajasthan.gov.in/ArYaNZ.html).

"HEY INDIA!; Think again! Salute oh martyr from the land of Kashmir, your last wish to recite verses of holy Quran was not fulfilled. But the dream you lived with, will surely be fulfilled. India will taste defeat. " the defacement message reads.

"India celebrates this day while not realising what is coming for it now, this wont end the Intifada from Kashmir, you will see more and intesne reveolution." Hacker said in the defacement.

Moroccan Islamic Union-Mail hacks 5 Italian Government websites

Moroccan hackers going with the team handle "Moroccan Islamic Union-Mail" have hacked and defaced Several Of Italian Government Websites again.

Home page of the hacked websites have been modified with hackers' message and a youtube video. 

"We do not want muscle-flexing. Just want to get our message across the world to discover the truth."The message left by the team reads. " Yes, the fact that should be explored invite you to show filter this video to discover the truth for yourself.  #THE TRUTH WILL PREVAIL"

In addition to the above statement the defaced website was also playing a
Youtube video, depicting The stark reality about the Prophet Muhammad in the
Bible.

Link of targeted website along with its mirror can be found below:

http://www.smsagenovesi.gov.it/
http://www.add-attack.com/defaced/468738/smsagenovesi.gov.it/

http://www.superdue.gov.it/
http://dark-h.org/deface/id/8018

http://www.matteodellacorte.gov.it/
http://www.add-attack.com/defaced/468745/matteodellacorte.gov.it/

http://www.terzonocera.gov.it/
http://www.add-attack.com/defaced/468744/terzonocera.gov.it/

http://www.liceoclassicogbvico.gov.it/
http://www.add-attack.com/defaced/468747/liceoclassicogbvico.gov.it/

Hackers modified the content of home page 10 hours ago.  But, all of those affected sites are still showing the defacement.

The group has hacked several other Government websites in the past including South African, Colombia.

Peruvian local news website NetLima hacked by Venezuelan Hackers


A group of Venezuelan hackers affiliated with Anonymous hacktivists managed to gain access to the website of Netlima, a Peruvian online news paper site that covers news related to Lima city.

Even though the main page is not affected, the hackers used the unauthorized access to modify the content of few pages of the site in order to show their message.

Few pictures and a short message have been placed in those affected pates.

" Article 350 has its own life, lives in each of our hearts, can lead us to freedom. Let's give life and to liberate Venezuela. " the message reads.  "In this country there will never be revolution without evolution of Consciousness.!".

In the end of the modified-page, the hackers apologized to the admin of the site for the inconvenience and said "nothing personal, it is a protest for my Country." 
List of affected pages:
http://www.netlima.com/avisos2/index.php
http://www.netlima.com/noticias.php
http://www.netlima.com/web1/index.html

Two hacker groups namely "Hacker Claus Team" and "Anonymous Juventud" have done this defacement.  Currently, the affected pages still shows the defacement.

Official website of Assam Rifles hacked by Pakistan Haxors CREW


Just few minutes ago, the Pakisani hacker group known as "Pakistan Haxors CREW" has hacked into the official website of Assam Rifles.

The main home page is not affected by this attack.   The hacker has just uploaded a html file 'phc.html' in the main website(http://assamrifles.gov.in/phc.html).

Hacker didn't provide much information on the defaced page except a short message saying "Security Breach! Admin Secure It Thankssss".

In their official facebook page, the hacker group said "We Have What We Want".  We are not sure what they mean by that,  whether they have obtained any sensitive information or just mentioning about the defacement. The mirror of the defacement is here "add-attack.com/mirror/466057/ ".

According to the add-attack mirror record(www.add-attack.com/mirror/466052/), there is another group called "United Bangladesh Hackers" also defaced the website, just few hours before Pakistani hackers.

The same pakistani hacker group recently breached the Indian Railways website and uploaded their defacement.

Confirmed: Angry Birds website hacked by Anti-NSA Hacker

Syrian Electronic Army yesterday posted a tweet saying that one of its friend with handle "Anti-NSA" hacker defaced the Angry website.

At the time, we were not able to confirm the defacement.  No one was reported to have seen the hack.  Even the Zone-h mirror didn't confirm the defacement, displayed a message "The mirror is onhold and has not been verified yet".

So, we didn't have strong proof to report the hack.  Today,  Rovio, creator of angry birds, confirmed that the defacement was there for few minutes and corrected immediately.  Now, the Zone-h record also confirmed it.

Antti Tikkanen, Director of Security Response at F-Secure Labs, said in twitter that the attack is actually 'DNS Hijack attack'. He mentioned that the website itself not touched by the hacker; hacker managed to modify the DNS records.

He also said that the angrybirds website pointed to some IP address(31.170.165.141) assoicated with Lithuania for at least one hour.  The same IP address shown in the Zone-h record(https://www.zone-h.org/mirror/id/21666969).

The hack comes after the angry birds application is said to be used by NSA and GCHQ to spy on people. 

Indian Railways website hacked by Pakistan Haxors Crew


The official website of the Indian Railways has once again been hacked by Pakistani Hackers group.  This time, it is done by two hackers named as " H4$N4!N H4XOR" and "HUNTER KHAN" from the "Pakistan Haxors CREW(PHC)".

The home page of the site is not affected.  However, hackers managed to upload a "index.html" in a subdirectory("http://er.indianrailways.gov.in/cris/edrm_site/notice/index.html")

Not the first time :

Last August, Pakistan Cyber Army hacked into Indian Railways and uploaded their defacement page in the same "edrm_site" directory with a short message "Hello Guys. Aooooo Indian Railway Pawned LOL. Go to Hell This hack in reply to Pak Army Website".

In 2012, another hacker with handle "AiNAB", a member of Pakistan hacker group called Pakistan cyber pyrates, defaced multiple sub-domains of Indian Railways.(Refer: http://www.zone-h.org/archive/notifier=AiNAB/page=2)

At the time of writing, the website still shows the defacement message.  It is still unknown whether the previous vulnerability hasn't been fixed or hackers discovered new vulnerability.

It is worth to note the "H4$N4!N H4XOR" has hacked several Indian websites including Tamilnadu popular TV channels Jaya TV and Sun TV.

Poonam Pandey website hacked by Pakistani Hacker "Haxor 99"


Pakistani hacker with handle "Haxor 99" has hacked into Official website of Poonam Pandey - an Indian model and Bollywood film actress. The hacker defaced the home page.

The same hacker recently defaced the websites belong to Indian Pop singer "Daler Mehndi" and Canadian singer "Raghav Mathur".

The hacker left the same defacement message saying . "Nothing Delete or Harmed...Rise a Voice for Justice of Kashimr. Patch Your Site".

It appears Poonam pandey needs help in recovering her website and patching the vulnerability.

"Really upset! & Scared.. My website is Hacked... It says to Raise Voice for Kashmir!... dont know what to do?" Poonam Pandey tweeted from her twitter account.