Search This Blog

Showing posts with label Anonymous Hacker. Show all posts

Hacker uses a nanocomputer to steal NASA data

It wasn’t a good day for NASA when an unidentified cyber-attacker was able to steal 500 MB of mission data, through a Raspberry Pi nanocomputer.

First introduced by the charity Raspberry Pi Foundation in 2012, the Raspberry Pi is a credit-card sized device intended for the general public, young and old, beginners and amateurs. It is sold for about $35 that plugs into home televisions and is used mainly to teach coding to children and promote computing in developing countries.

The Raspberry Pi organization has just announced the release of the fourth generation of its budget desktop PC, the completely re-engineered Raspberry Pi 4.

The April 2018 attack went undetected for nearly a year, according to an audit report issued on June 18, and an investigation is still underway to find the culprit.

The hacker infiltrated into NASA’s Jet Propulsion Laboratory network and stole sensitive data and forced the temporary disconnection of space-flight systems, the agency has revealed.

Prior to detection, the attacker was able to exfiltrate 23 files amounting to approximately 500 megabytes of data, the report from NASA’s Office of inspector General said.

These included two restricted files from the Mars Science Laboratory mission, which handles the Curiosity Rover, and information relating to the International Traffic in Arms Regulations which restrict the export of US defense and military technologies.

“More importantly, the attacker successfully accessed two of the three primary JPL networks,” the report said.

"Officials were concerned the cyberattackers could move laterally from the gateway into their mission systems, potentially gaining access and initiating malicious signals to human space flight missions that use those systems."

NASA came to question the integrity of its Deep Space Network data “and temporarily disconnected several space flight-related systems from the JPL network.”

Russian hackers claim to have breached 3 US antivirus makers

A group of elite Russian hackers claims to have infiltrated their networks and stolen the source code for their software.

Researchers with Advanced Intelligence (AdvIntel) have been tracking the activity of the group on underground forums for some time. The hackers, who operate under the handle Fxmsp, have an established reputation for infiltrating well-protected networks. Their targets typically include highly-sensitive corporate and government information.

Two months ago AdvIntel saw Fxmsp reappear on hacking forums after a half-year hiatus. It's probably no coincidence that the group reported that its campaign against security software firms had kicked off six months earlier.

Fxmsp laid low until it had achieved its goal. When its stealth operation concluded, the hackers allegedly made off with more than 30 terabytes of data from their latest victims. They posted screenshots showing folders, files, and source code.

The asking price for this trove of data: a cool $300,000. They also claimed to still have access to the networks and would throw that in at no extra charge to the lucky buyer.

If what they're offering is the real deal, then this is pretty much a worst-case scenario for the three firms that were compromised. Access to the source code allows hackers the opportunity to locate showstopping vulnerabilities and exploit them, rendering the software useless... or worse. They could even turn what was once legitimate protection from malware into an incredibly effective spying tool.

Hacker uploads about 1 billion user data in 2 months

A serial hacker who goes by the name of Gnosticplayers has released another 65.5 million records of users last week taking his grand total of 932 million records overall, with the consequences of the data pool as yet unknown. Since mid-February, Gnosticplayers has been putting batches of hacked data on Dream Market, which is a dark web marketplace for selling illegal products like hacking tools guns and drugs.

"The hacker's name is Gnosticplayers, and he's responsible for the hacks of 44 companies, including last week's revelations," the ZDNet reported late on Monday. The names of big companies that were hit included UnderArmor, 500px, ShareThis, MyHeritage and GfyCat. The releases have been grouped in four rounds -- Round 1 (620 million user records), Round 2 (127 million user records), Round 3 (93 million user records), and Round 4 (26.5 million user records).

"Last week, the hacker notified ZDNet about his latest release -- Round 5 -- containing the data of 65.5 million users, which the hacker claims to have been taken from six companies: gaming platform Mindjolt, digital mall Wanelo, e-invitations and RSVP platform Evite, South Korean travel company Yanolja, women's fashion store Moda Operandi, and Apple repair center iCracked," the report added.

Earlier in March, the serial hacker stole and posted personal data of close to 843 million users of various popular websites. The companies impacted include GameSalad, Estante Virtual, Coubic, LifeBear, Bukalapak and Youthmanual.

Larceny of $70 million from the largest crypto-mining marketplace

The notice announcing "service unavailable" as well as an official press release was displayed on the website of the Slovenian digital currency mining firm NiceHash, which it said endured a hack of its Bitcoin wallet on the seventh of December.

 In a video update that streamed live on Facebook, the CEO and co-founder Marko Kobal provided an update to a rather startling declaration that the organization, established in 2014, had been subjected to a hack and ensuing theft which additionally compromised its payment system also.

 The news was accompanied by the increasing reports of vacant wallets as well as an additionally expanded downtime period for the service's website; every one of the operations for the website in question has been halted for the following 24 hours.

As per Kobal, the attack began in the early hours of December 6 after a worker's PC had been compromised , he further added that their team is working with law enforcement and clarified that " we're still conducting a forensic analysis” to determine how it all happened and to discover the exact amount of bitcoin that was stolen.

Kobal went ahead to state that he couldn't give extra points of interest, however, he added that the attack seems, by all accounts, to be “an incredibly coordinated and highly sophisticated one.”

However the Wall Street Journal reported that, Andrej P. Škraba, the head of the marketing at NiceHash, affirmed to the outlet that roughly 4,700 bitcoins, worth up to $70 million disappeared from NiceHash's bitcoin wallet, Škraba also told the Journal that he too like Kobal trusted that "it was a professional attack", but would not give any more information on the matter, taking note of that the further improvements would be released at a later date.

NiceHash, which exhorted its clients to change their online passwords after it stopped operations on Wednesday, has given a couple of other insights about the attack on its payment system also.

"We ask for patience and understanding while we investigate the causes and find the appropriate solutions for the future of the service", it said on its website.

The Slovenian police said that were investigating the hack, but however, declined to further comment.

British National Party's Twitter account and website hacked by Anonymous

A Hacker appears to affiliated with Anonymous hacktivists has hijacked the official twitter account of British National Party(BNP) and started to post anti-government and hateful messages.

The hacker also managed to deface one of the subdomains of BNP(British National Party Twitter account hacked by Anonymous ).  The defacement message simply says "Hacked by Anon_0x03, [redacted] the Government!"

When an user asked about the motive of the attack, the hacker simply replied that BNP is a random target.

"I'm not even from GB." the tweet posted from hacked BNP account(@BNP) reads.

It appears hackers have access to the account for more than 20 hours.  But, No one from BNP have noticed.  The recent tweet says "damn racist".

At the time of writing, the hacker has still access to the BNP twitter account and the subdomain is still defaced.

#OpTurkey: Hacktivists hit Turkey with massive Cyber attack

Turkey suffers massive cyber attack after several hacktivists started to participate in the ongoing hacking operation against Turkey government.  "#OpTurkey",the operation was launched in retaliation to the violent police response against protesters.

A hacker group from Turkey named TurkHackTeam has claimed to have breached and Mufti COUNTY CERKES (

The group leaked some info from the server  :

Even Syrian Electronic Army who usually target western media participated in the operation and breached Turkish Prime Minister(PM) and Turkish Ministry of Interior websites.

 The group left a message on the defacement page: "Syria and Turkey are one. We salute Turkey's brave protesters"

Atlantic Bank, Fidelity Bank Ghana and few other sites hacked by Sepo

A hacker with twitter handle @anon_4freedom a.k.a "sepo" who has been quite for some time, has come with some interesting hacks.  Today he hacked into multiple Bank websites.

 The list of affected websites includes Atlantic Bank Group (, Fidelity Bank Ghana(,Italian Labour Union (, Agricultural Development Bank of Ghana (

The hacker managed to identify the SQL injection vulnerabilities that allowed him to gain access to the database server.  At EHN, we have verified the vulnerability.   

All leaks ( just contain server details, database details such as Database username, OS, Database name, SQL version  and Host IP.  It also contains the list of table names.

Hacker didn't the leak the personal data of users because he don't like to expose the normal people's data.

South African Police Service website breached by #Anonymous

The official website of South African Police Service has been breached by the Anonymous hacktivist with online name "DomainerAnon". 

"This action is to serve as a reminder to the government regarding the murders of 34 protesting miners outside the Marikana platinum mine by police. "Hacker stated as reason for the attack.

"To date no officers have been brought to justice... This situation will NOT be tolerated. #OpMarikanaMiners"

The hacker provided a link to the database dump( that includes Usernames, hashed passwords, Telephone numbers and few other details.

He also shared a 13Mb size file named "EMAILS.csv" in the DatafileHost which is said to be contain emails.

Suspected Anonymous hackers arrested in Jordan for #OpIsrael attack

A massive cyber attack dubbed as "#OpIsrael" launched by joined Anonymous hacktivists hit the Israel websites.  Hackers launched ddos attacks, defacements, database leaks and social network hacks.

Following the cyber attack, Jordanian security forces has arrested several youths who are allegedly participated in the cyberattack.

In response, Anonymous threatened to attack Jordanian internet sites. The group demanded the activists' immediate release.

"A Facebook group called 'The Third Intifada – Jordan' boasted that 100,000 Israeli internet sites had been disabled" Arutz Sheva Israel News report reads.

Bangladesh Government websites defaced by Rahm Anonymous

An Anonymous Hacker with the twitter handle " Rahm Anonymous " has launched cyber attack against the Bangladesh Government websites.

The hacker defaced the following Government websites: Sub-domain of Bangladesh Public Service Commission(, SEQAEP (,, Bangladesh National Commission for UNESCO( ).

He also claimed to have taken down more than 40 Bangladesh Government websites.  The hacker has posted a list of affected websites in pastebin(

EHN has tried to verify the hacker claim about the DDOS attacks, the site seems to be down but those sites are working with "www".

At the time of writing, the defaced websites still hosts the defacement page uploaded by the hacker.


Philippines President site & other Government sites hacked by Anonymous Philippines

Anonymous Philippines has breached several Philippines Government websites including the official website of the Philippines President website.  The hackers managed to publish an article in the President website( with title "Anonymous Philippines" .

"Greetings, President Aquino! We have watched how you signed into law a bill that endangers and tramples upon the netizens’ freedom of speech and expression. Now, we are silent witnesses as to how you are mishandling the Sabah issue." The article published by the hackers reads.

"We did not engage the Malaysian hackers who invaded our cyberspace since we expected you to appropriately and judiciously act on the same, but you failed us. You did nothing while our fellow brothers are being butchered by the Malaysian forces, and while our women and children become subject of human rights abuses. If you can’t act on the issue as the Philippine President, at least do something as a fellow Filipino. We are watching."

The security breach was initially published by the Clifford Trigo in The PinoyTechNews and notified to EHN about the hack.

The hacker also defaced the following Government websites :

At the time of writing, all of the government websites still displays the defacement page except the President websites.  The article published in President website has been removed.

Teleton Colombia database hacked by LulzSec Argentina

LulzSec Argentina hacktivist has managed to identify multiple security flaws in the Teleton Colombia website( -   fundraising event broadcast on television.

The hacker managed to exploit the SQL Injection vulnerability in the website and extracted the database.  He dumped the database in a paste (

The leak contains personal information including names, date of birth, email addresses, usernames.

The hacker leaked the admin user id and password(plain-text) in one of the tweet posted in his official twitter account.

He also identified a Non-persistent Cross site scripting vulnerability in the POC Code :<ScRiPt >prompt(910244)</ScRiPt>

Team M3DU5A hacked Constantin Film and leaked login credentials

The hackers from a group called "TEAM M3DU5A" have hacked into the official website of Constantin Film AG ( a German film production and film distribution company.

The hackers managed to compromise the database and leaked in the pastebin(

The dump contains the username and MD5 hashed passwords belong to Backend page . It also contains the username & plain-text passwords for the Movie and Budget Database .

In addition to the login credentials , the team leaked the a number of email addresses compromised from the server and links to login pages.

The group also provided two screenshots which shows that they have successfully logged in with the stolen credentails , allows them to create new movie project post.

Report says the hacker attack was retaliation for the shut down of an illegal file sharing website by German copyright protection group GVU

"F*** the Copyright Lobby and Contentmafia | F*** the GVU | F*** the GEMA | RIP" Hacker said in their leak.

The Constantin Film website uses the open source CMS TYPO3 . Recently, Typo3 updated their version to patch a critical SQL injection vulnerability which is found to be exploited in the wild. It seems like Constantin Film fails to update to the latest version.

Chinese Government website hacked by lot of hackers

Today, One of the Anonymous News twitter accounts @PublicAnonNews announced that an anonymous hacker called Av4sT defaced the Panzhihua Health Information Network - one of the Chinese Government websites.

When i tried to visit the page, i have been invited with Anonymous Logo and " Hacked by Av4sT.  Access Denied" Message. 

After Gathering some information about this website, i found that this is not the first time the site being defaced by hackers.

The websites has been breached several times by lot of hackers.  In fact, I am still able to view the previous defacements.  

*A Hacker named s13doeL uploaded a defacement text in the site on 20 Jan,2013.  You can still see the defacement page here:

*A hacker named Jack Riderr from Johor Hacking Crew has uploaded defacement page on 20 Jan 2013. The defacement page is still there:

* Turkish hackers breached and uploaded their defacement also :

* In 2010, HEXB00T3R defaced the site but the defacement has been removed.

I am not sure whether the hackers exploit the vulnerability or the site has multiple vulnerabilities.  The question is whether the Chinese Government about these hack ?! Why they are not taking any steps to protect this website?

MVS Comunicaciones Hacked by MexicanH Team

The Mexian Hacker group named as "MexicanH" affiliated to Anonymous hacktivists has claimed to have breached MVS Comunicaciones (MVS)- a Mexican Media conglomerate that owns owns MASTV, MVS Radio.

The hacker team announced the attack in Twitter that they hacked MVS comunicaciones , and posted a link to database dump(

The database dump contains more than 3000 usernames, encrypted passwords and email addresses. The data are compromised from 30 different databases. 

Cyber War News analyzed the dump and found that the same email id has been used in different database server; There is around 1700 unique accounts with email ids.

Anonymous Twitter account allegedly hacked by Rustle League

We can refer this week as Twitter account hack week. Following the high profile twitter account hack, now twitter account of a hacker also hijacked by hackers.

A Hacker group called as Rustle League has hijacked @Anon_Central, Twitter account belong to one of the Anonymous hacktivist that has more than 160k followers.

"The reason Anonymous fell victim is probably human weakness," BBC cited as Graham Cluley saying, senior consultant at security firm Sophos.

"Chances are that they followed poor password practices, like using the same password in multiple places or choosing a password that was easy to crack.

In response to the numerous account compromises, Twitter has issued a “friendly reminder about password security” in which they advise users to follow four important rules to make sure their accounts aren’t hacked.

Anonymous Hackers leaked 600,000 credentials from Israeli portal Walla!

An anonymous hacker going by the name of AnonSabre has managed to breach the servers of the popular Israeli web portal Walla. As a result of the security breach, hackers dumped around 600,000 email accounts and passwords. The hack was done as part of the operation called "#OpIsrael".

The hacker first uploaded the compromised data in 93 separate pastebin posts( The links in question are dead at the time of writing.

The leaked credentials were first found by PwnedList, a service that helps users figure out if their account credentials were stolen as part of a hack.

“The data leak included 583,083 credentials. The passwords were hashed and salted, but the salts were leaked as well.” PwnedList .

Walla has confirmed the breach, but the representatives say that the leaked data is useless because the passwords leaked by the hacker are encrypted.

#OpLastResort: Anonymous leaks 4000 U.S. Bank executive details in hacked Alabama Govt Site

Anonymous hackers has leaked login and private information of more than 4000 U.S Bank executives , under their latest Operation Last Resort (#OpLastResort).

Hackers usually choose the pastebin or Anonpaste site for leaking the compromised data. Interestingly, hackers chose a government website for publishing the data. They hacked into the Alabama Criminal Justice Information Center ( and published the data.

"Now we have your attention America: Anonymous's Superbowl Commercial 4k banker d0x via the FED … #opLastResort #Anonymous" Hacker announced the attack in Twitter.

The data published by Anonymous contains Addresses, Business Phone numbers, Email addresses, Fax numbers, names, institutions, Login IDs, hashed passwords and titles.

Based on the titles provided in the leak, the data are allegedly belong to Information Systems/Security Officer, EVP & Chief Financial Officer, President, Vice President, Managing Officer, CFO, Asst. Vice President and Cashier, CEO, Vice Chairman, Senior Vice President, BRANCH MANAGER and others.

#OpEgypt: Egyptian government websites under Cyber attack by Anonymous

Anonymous hacktivist launched cyber attack against the Egypt Government websites under the operation called '#OpEgypt'.

The cyber attack comes after naked Egyptian man being dragged across a street and beaten by at least eight riot policemen during a protest in Cairo on Friday.

The hacktivist DDoSed the several Government websites including Egyptian Cabinet(, official website of Egyptian Ministry of Culture( and NREA site(

Few more affected websites are Egypt's Information Portal(, Center for Information and Decision Support Cabinet(, The Ministry of Planning and International Cooperation(, Ministry of Interior( and Official website of the Ministry of Information(

At the time of writing, those websites are still down and being attacked by the Anonymous hackers.

Self Proclaimed Ethical Hacker Trishneet Arora website hacked by Team Cyber-Rog

Last night, Self Proclaimed Ethical Hacker Trishneet Arora official website( has breached and defaced by the hacker group called "Team Cyber-Rog ".

Trishneet is the author of a book "The Hacking Era". And claims himself to be awarded as India's best ethical hacker, Punjab's No.1 Cyber Crime Consultant and World's 2nd Youngest Author of Ethical Hacking Books.Trishneet has been known on the internet as founder of TAC Security Solutions, a cyber security company.

As far as Wikipedia is concerned they deleted his own made page ( 3 times in the past for the following reasons:

"12:29, 20 October 2012 Bwilkins (talk | contribs) deleted page Trishneet Arora (G4: Recreation of a page that was deleted per a deletion discussion (CSDH))
18:01, 18 October 2012 MBisanz (talk | contribs) deleted page Trishneet Arora (Wikipedia:Articles for deletion/Trishneet Arora)
13:13, 2 September 2012 Boing! said Zebedee (talk | contribs) deleted page Trishneet Arora (G11: Unambiguous advertising or promotion)"

After Numerous restore tries by him , the deface page is still up ,Exposing his true face.  Trishneet as claimed by hackers conducts so called ethical hacking workshops around the country.  A lot of people have informed us that this guy has absolute 0 knowledge in this field and yet goes around acting as a "professional it security expert". All his websites are under free hosting and last night another one of his domain was hacked .

"You have dissapointed us, we will continue to own and expose people like Trishneet . Learn to secure yourself before you teach others . Trishneet ,stop making fake account of girls and and conducting fake workshops for money/profit. We are watching you ,Expect Us!" the message from the Cyber-Rog team. "oh and good luck with your book sales now :P"

The defaced page:

We come to know about this hack when a security researcher Vedachala reported a XSS security flaw in the Trishneet website.

The POC code provided by Vedachala for the Reflected XSS:';alert(String.fromCharCode(80,79,79,82,32,78,48,111,98,44,40,86,51,68,64,67,72,52,76,65,32,72,51,114,101,41,46,32,83,51,99,117,114,101,32,121,111,117,114,32,97,36,36,32,102,105,114,115,116,46,46))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(80,79,79,82,32,78,48,111,98,44,40,86,51,68,64,67,72,52,76,65,32,72,51,114,101,41,46,32,83,51,99,117,114,101,32,121,111,117,114,32,97,36,36,32,102,105,114,115,116,46,46))//";alert(String.fromCharCode(80,79,79,82,32,78,48,111,98,44,40,86,51,68,64,67,72,52,76,65,32,72,51,114,101,41,46,32,83,51,99,117,114,101,32,121,111,117,114,32,97,36,36,32,102,105,114,115,116,46,46))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(80,79,79,82,32,78,48,111,98,44,86,51,68,64,67,72,52,76,65,32,72,51,114,101,46,32,83,51,99,117,114,101,32,121,111,117,32,97,36,36,32,102,105,114,115,116,46,46))</SCRIPT>

*Note: This is guest post submitted by one of the Reader.