Bangladeshi grey hat hackers has breached the domain registrar of Malawi, a landlocked country in southeast Africa that leads to defacement of several high profile websites.
Hackers placed the defacement page in the "nic.mw/r00t.htm". They also managed to upload their defacement page in registrar.mw, biz.mw, co.mw, com.mw, www.coop.mw,www.dot.mw, www.edu.mw/, www.gov.mw, www.int.mw, www.net.mw.
At the time of writing, the hacked websites still displays the defacement page. You can also check the mirror of the defacement here: http://zone-h.net/archive/notifier=BD%20GREY%20HAT%20HACKERS
Of course, this is not the first time the site is under the radar of the hackers. Earlier this year, Bangladeshi hackers hijacked the NIC.mw and left the Google Malawi , Kaspersky, MSN, Yahoo defaced.
We are not sure whether the nic fails to patch the previous vulnerability that leads to the security breach or BGHH found a new vulnerability. It is always better to take care of your web-app security once you find yourself victim of hackers.
Hackers placed the defacement page in the "nic.mw/r00t.htm". They also managed to upload their defacement page in registrar.mw, biz.mw, co.mw, com.mw, www.coop.mw,www.dot.mw, www.edu.mw/, www.gov.mw, www.int.mw, www.net.mw.
At the time of writing, the hacked websites still displays the defacement page. You can also check the mirror of the defacement here: http://zone-h.net/archive/notifier=BD%20GREY%20HAT%20HACKERS
Of course, this is not the first time the site is under the radar of the hackers. Earlier this year, Bangladeshi hackers hijacked the NIC.mw and left the Google Malawi , Kaspersky, MSN, Yahoo defaced.
We are not sure whether the nic fails to patch the previous vulnerability that leads to the security breach or BGHH found a new vulnerability. It is always better to take care of your web-app security once you find yourself victim of hackers.
The City of Lansing, capital of the U.S. State of Michigan, official website(lansingmi.gov) has been hacked by the Turkey hacker group known as TurkishAjan. The group defaced the website an leaked the database.
The home page(index.jsp) of the website is not affected by the defacement. Hackers seem to have uploaded the defacement page in "index.html" page. The defacement is still available at "www.lansingmi.gov/index.html".
In case you missed it, you can still check the mirror of the defacement at zone-h record : goo.gl/PnmX6
5.83MB size RAR file has been uploaded in the Speedyshare. As you can see in the above image, the RAR file contains 20 folders. Each folder contains few 'xls' files.
After analyzing the files, EHN found the files contain username, email address and plain-text passwords and few other details.
Recently, the same group breached the City of Akron , Akron-Canton Airport websites and left their home page defaced.
The Akron-Canton Airport website(www.akroncantonairport.com) currently displays a message stating the website is hacked by the Turkish hacker group called TurkishAjan.
A security breach was announced from the @TurkishAjan twitter account :
"Akron Canton Airport Hacked. File:http://goo.gl/uE0ZM Zone:http://goo.gl/1O2vV @EHackerNews #hack pic.twitter.com/own9t1hcSu"
The link provided in the tweet leads to "Akron Canton Airport.rar"(532kb) file that contains the few documents, xls files and a config.txt file.
The configuration file contains database name, Database username and database password.
While the contest.xls contains less sensitive information such as names and email addresses, the users.xls file contains user id, email address and encrypted password.
The same group is responsible for the City of Akron website hack. Following the city of akron security breach, the city filed a police report. The city is also reportedly working with the FBI.
A security breach was announced from the @TurkishAjan twitter account :
"Akron Canton Airport Hacked. File:http://goo.gl/uE0ZM Zone:http://goo.gl/1O2vV @EHackerNews #hack pic.twitter.com/own9t1hcSu"
 | |
| Defaced page |
The link provided in the tweet leads to "Akron Canton Airport.rar"(532kb) file that contains the few documents, xls files and a config.txt file.
The configuration file contains database name, Database username and database password.
While the contest.xls contains less sensitive information such as names and email addresses, the users.xls file contains user id, email address and encrypted password.
The same group is responsible for the City of Akron website hack. Following the city of akron security breach, the city filed a police report. The city is also reportedly working with the FBI.
The Philippines cyber space is again facing another cyber war. Following the cyberattack from China, Malaysia hackers, now the Taiwan hackers have started the cyber war against Philippines.
The operation named #OpPhilippines has been launched by the Anonymous Taiwan. The attack comes after Philippine Coast Guard killed Taiwanese fisherman. EHN was notified about the cyberwar by pinoyhacknews.
"Philippine coastguard killed taiwanese unarmed fishermen is injustice and unforgivable. Philippine government protecting murders is unacceptable." The hackers posted in the pastebin. "You must apologize. Killers must be arrested immediately. Otherwise, we will not stop."
The hackers defaced the '.gov.ph' domain registry website(dns.gov.ph/opph.html). They also defaced one more government webstie "Advanced Science and Technology Institute(suppliers.asti.dost.gov.ph/opph.html)".
The hacktivist also leaked database from six different Government websites as part of the cyberwar. The links to the database dump is provided in a single paste(pastebin.com/sRykr2Wd).
The affected websites includes Department of Education of the Philippines(former.deped.gov.ph), onlineservices.ipophil.gov.ph, Provincial Government of Bulacan (bulacan.gov.ph), Philippine Public Safety College(ppsc.gov.ph),Province of Sulu(sulu.gov.ph). The leak contains username, email address and passwords.
The hackers also dumped(pastebin.com/D7gCEdS6) the database from the 'gov.ph' domain registry website that contains username and password details belong to all Government websites. It has more than 2300 entries.
An unknown hacker breached the website of the Prime minister Yingluck Shinawatra's office (opm.go.th/opminter/mainframe.asp) and posted abusive message with the altered photo of her.
"I’m a slutty moron” The offensive comment made by the cybercriminals in the defaced page. “I know that I am the worst Prime Minister ever in Thailand history!!!”.
Although the defacement sign says it was hacked by the hacker group "Unlimited Hack Team", the team denied the involvement in the security breach.
“It might have been done by some teenagers... or maybe it was for political purposes,” the prime minister’s secretary-general, Suranand Vejjajiva is quoted in the NewStraitsTimes' report as saying.
It appears the security breach comes after she filed a defamation case against a cartoonist for allegedly comparing her to a prostitute on his Facebook page.
"I’m a slutty moron” The offensive comment made by the cybercriminals in the defaced page. “I know that I am the worst Prime Minister ever in Thailand history!!!”.
Although the defacement sign says it was hacked by the hacker group "Unlimited Hack Team", the team denied the involvement in the security breach.
 |
| Image credits: manager.co.th |
“It might have been done by some teenagers... or maybe it was for political purposes,” the prime minister’s secretary-general, Suranand Vejjajiva is quoted in the NewStraitsTimes' report as saying.
“Hacking a website is easy... but don’t forget that checking who did it is not hard either,” he told reporters.
It appears the security breach comes after she filed a defamation case against a cartoonist for allegedly comparing her to a prostitute on his Facebook page.
The famous Turkish hacking group RedHack has defaced the official Government website of the Istanbul(istanbul.gov.tr ).
The hacker group specified they hacked this website in retaliation of attacks on people at MayDay.
"Hacked in retaliation of attack on people at MayDay and to commemorate revolutionaries Deniz. Yusuf, Huseyin hanged on 6th May 1972" the tweet posted by the hacker group reads.
Hacker posted a picture of the Istanbul Governor Hüseyin Avni Mutlu picture with the following message "I didn't say you can't be a Mayor, I said you can't be a man".(translated)
At the time of writing, the website seems to be restored by the administrator and back to normal.
