Posts Tagged Hacked
The Pakistani websites of Google, Microsoft, Yahoo, Apple, Visa, HSBC, Coca Cola, Blogspot, Sony, HP, eBay and PayPal have been hacked and defaced.
According to The Hackers Media, the sites have been defaced by a group of Turkish hackers.
On their defacement page, the Pakistani hackers reveal not only their reasons for breaching the sites, but also the vulnerability they exploited.
“Why we have wasted our time to hack Pakistani Sites? Just because let us convey our message. We warned you and we were willing to fix your vulnerability but you think we are jokers and you guys took it as a joke? Yes it’s time to bang you guys!!” the hackers wrote.
The Hackers Media reveals that the one “warned” is actually PKNIC, a registrar for Pakistani .pk domains. A security hole in the registrar’s systems allowed the cybercriminals to easily alter the homepages of the affected sites.
The Pakistani hackers utilized the same method to deface several high-profile Israeli sites a few days ago.
BOSTON: Yahoo Inc reported the theft of some 400,000 user names and passwords to access websites including its own, saying that hackers had taken advantage of a security vulnerability in its computer systems.
The security firm Rapid7 said a data file published on the Web contained logins and cleartext passwords for Yahoo as well as several other Internet services, including Google Inc’s
Gmail and AOL as well as Microsoft Corp’s Hotmail, MSN and Live sites.
“It’s way bigger than Yahoo,” said Rapid7 researcher Marcus Carey. “We can assume that tens of thousands of people on services outside of Yahoo could be compromised.”
Yahoo apologized for the breach in a written statement, responding to the latest piece of bad news for a company that has lost two chief executives in a year and is struggling to revive stalled revenue growth.
Chairman Alfred Amoroso acknowledged that Yahoo had experienced a “tumultuous” year at its annual shareholder meeting on Thursday morning. Interim CEO Ross Levinsohn told attendees he was optimistic about the company’s progress.
Yahoo spokeswoman Dana Lengkeek did not respond to a request asking her to identify the companies whose credentials were stolen. Officials with Google, AOL and Microsoft could not immediately be reached for comment.
Yahoo did not disclose how many passwords were valid or say how many of the stolen logins were for Yahoo’s sites.
Lengkeek said “an older file” had been stolen from Yahoo Contributor Network, an Internet publishing service that Yahoo purchased about two years ago. It helps writers, photographers and videographers to sell their work over the Web.
“We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised,” she said.
The theft follows a breach reported last month by the business networking service LinkedIn, which resulted in the release of some 6.4 million member passwords.
LulzSec Reborn, the so-called redux of disbanded hacker group LulzSec, leaked around 10,000 Twitter usernames and passwords of members who used TweetGif, an animated Gif-sharing application.
The file contained an unusually detailed trove of information on each member: usernames, passwords, real names, locations, bios, avatars, secret tokens used to authenticate TweetGif to pull Twitter data, and even their last tweet. The hackers’ motivations are unclear at this point; an announcement posted on Pastebin merely linked to a destination for people to download the .SQL file.
TweetGif lets users post and share animated Gif cliparts, but users have to log in through Twitter. It appears to be a relatively small application with less than 75,000 visitors globally, according to its Flag Counter stats, and only 690 followers of its Twitter account @TweetGif.
As we covered recently in “How to Use Twitter Safely,” not all third-party Twitter applications use best practices to secure user data. An Imperva report said around three-quarters of Web applications may be vulnerable to remote file inclusion attacks because they include insecure tools that allow users to upload user-generated content, such as images and videos.
In March, LulzSec Reborn introduced itself to the Interwebs by claiming to be a resurrected version of the infamous LulzSec hacker coalition. The original LulzSec ceased operations almost a year ago after spending almost six weeks attacking companies, governments, and law enforcement agencies. In March, the FBI arrested core members using intelligence gained by interrogating Sabu, the group’s nominal leader.
However many security researchers, such as F-Secure’s Sean Sullivan and Naked Security’s Graham Cluley, have cast doubts that original LulzSec members are part of the “new” LulzSec. LulzSec Reborn has been pretty quiet since it launched, claiming only one major attack so far on Militarysingles.com, a dating site.
Anonymous accounts tweeted about an attack on a Euro 2012 Web site to protest mass killings of dogs ahead of the soccer championship in Ukraine.
Anonymous accounts tweeted about an attack on a Euro 2012 Web site to protest mass killings of dogs ahead of the soccer championship in Ukraine.
Online activists with Anonymous said they took out a site associated with the Euro 2012 games in Ukraine to protest the country’s rounding up and slaughter of stray dogs in advance of the soccer championship that started there today.
The account for YourAnonNews tweeted: “#OpUkraine?: Revenge for your Animal Holocaust: http://www.kieveuro2012.org ==>> TANGO DOWN!! | ?#Euro2012? via @AnonOpsLegion| ?#Anonymous? ?#Ukraine?”
However, the site appeared to be back up as of midday Pacific Time. Distributed denial-of-service attacks that shut down Web sites are Anonymous’ tool of choice in its ops, or operations. The activists have targeted a host of companies and governments over issues ranging from human rights to online privacy and civil rights.
The Ukraine government has been criticized for conducting mass killings of dogs found in the streets in an attempt to clean up the city ahead of the soccer event, over the past year or more. Ukraine officials said last November that they would stop the killings, but recent photos and video appear to show that the slaughter has not stopped.
Tens of thousand of dogs, including some wearing collars indicating they are pets, reportedly have been poisoned, shot or thrown into incinerators alive.
TelecomTiger received a letter from the Anonymous Group which is believed to be behind the attack on MTNL website on Wednesday. We are publishing it as it is.
Dear India Press
The recent attack on the Freedom of Speech and expression in India was done by misuse of Madras High Court order which required blocking of certain content.
The HC Madras never issued any list of websites to be blocked, the DoT never issued a list of websites to be censored. Why is that ISPs are forced to block file sharing websites? Why is that instead of blocking few links the whole domain was blocked? The blocking of these websites is wrong and unjustified.”
“Torrents are widely used to distribute open source and free software such as Linux distributions, and many other books and publications that are in the public domain. Video hosting sites like Vimeo are used by millions of people every day. You no longer have access to this content even though it is perfectly legal.”
We are against this Internet Censorship in disguise.
Our objective is to repeal the ban on entire websites, where only a section of the content infringes on copyrights, and to contest the ‘intermediary guideline rules that have been effect since April 2011, besides annulment of section 69 of the amended Information Technology Act, 2008.
The April 2011 rules, an update to India”s Information Technology Act (IT Act) of 2000 (amended in 2008), popularly known as the “intermediary guidelines,” instruct online “intermediaries” — companies that provide Internet access, host online content, websites, or search services — to remove, within 36 hours, any material deemed to be “grossly harmful, harassing, blasphemous,” “ethnically objectionable,” or “disparaging” by any Internet user who submits a formal objection letter to that intermediary. Under the guidelines, any resident of India can compel Google, at the risk of criminal and/or civil liability, to remove content from its site that the resident finds politically, religiously, or otherwise “objectionable.”
Hence GOI, with certain individuals misuse this act, can access any content, seek it’s removal and invade into privacy of citizens. This IT Act is taking away citizen’s legitimate right to privacy and freedom of speech and expression. Speech censorship is illegal and contradicts freedom of speech guaranteed by Constitution of India.
We are organizing a peaceful protest on Saturday June 9, 2012 between 1600 hrs and 1900 hrs at Jantar Mantar, Delhi to express our opposition to Internet Censorship and invasion of our Privacy by Government.
We seek removal of blocks on websites and call for amendment of Information Technology Act so as to protect privacy of Indian citizens.
We do not have a country, name or face. Our cause is our only identity. We are ANONYMOUS.
ncidents that occurred through the past year have markedly changed the way in which we have been perceiving the Internet, all this while. Those of us who thought of it as a place to ink down our thoughts, be it happy, sad or even a platform to vent out anger, were made to think otherwise. Hacking, which was once a foreign word, extending concerns against threat from other nations or malicious minds trying to steal some critical information government/military info or making malicious ways to make money online by targeting leading companies. 2012 dawned and we received another blow as we got ourselves, for the first time, acquainted to the phenomenon of blocking of websites. Soon enough, hacktivists had no choice, but to turn their attention to the ongoing scene, in a bid to combat those who are trying to restrict/limit our freedom on the Internet. Here are the 5 most recent hacks by Anonymous to protest against Internet censorship.
The year 2012 brought in a wave of combat against ISPs who have been blocking file hosting websites and Reliance Communications was hit with the first blow. Reliance Entertainment had acquired John Doe orders for its films, which had prompted many ISPs to block file hosting sites. A John Doe order means a court order, which is against a party whose true identity is not known. Websites, like The Pirate Bay and Vimeo (we wonder why?) were blocked, which left many perturbed. A hacker, who called himself Isac and his friend hackthis29 were irked by this move and attacked the major Internet service provider, Reliance. He claimed to have hacked Reliance’s ‘very very vulnerable’ netsweeper panel in about 5 minutes. Reliance passed the order last month for its upcoming film, and is believed to have acquired such John Doe orders earlier, too.
It was around the mid of last month when ISPs starting blocking sites, like Vimeo, The Pirate Bay and many others, as per orders by the DoT. It was not only Reliance, who had acquired the John Doe order, but also Copyright Labs, a Chennai based firm, who had acquired these orders for movies – Dhammu and 3. This miffed the keepers of global Internet freedom, Anonymous, and the Supreme Court and Congress websites ended up being victims of a hack. Websites, like http://supremecourtofindia.nic.in, dot.gov.in and aicc.org.in were rendered inaccessible. The attacks were carried out by OpIndia (Operations in India) and they, in a series of tweets revealed on micro-blogging site, Twitter that – “#Government must understand. #INTERNET belongs to us! #TANGODOWN –> http://supremecourtofindia.nic.in & http://aicc.org.in”, and in another tweet stated – “@Anon_Central Another #TANGODOWN –>> http://www.dot.gov.in Department of telecom, You should’ve expected us! ~ #opindia.”
As ISPs continue to block websites, Anonymous seems to be in no mood to spare anyone. The next in our list and the most recent target by Anonymous is MTNL. The MTNL website was taken down by the hacktivist group yesterday. Although MTNL’s Internet services weren’t affected, the MTNL website (mtnl.net/in) was rendered inaccessible. The site serves as a gateway for a number of services for MTNL, which include bill payment and schemes on their services. Anonymous hasn’t damaged any data on site, except for the main home page from the look of things. So, it’s clear, that it is just a protest against Internet censorship. MTNL is one of the ISPs that’s been blocking torrent and other file sharing sites.
Andhra Pradesh Power Development Company
Last year, unidentified hackers attempted to break into different websites of the Andhra Pradesh government, even as a security audit was being conducted at the State Data Centre. This time, however, it was the Andhra Pradesh Power Development company’s site that was under attack, not by some unidentified name, but Anonymous. The reason for the previous attacks may have been unclear, but Anonymous was quite clear, and did leave a message behind. The URL to the website would route users to another site that was defaced with the famous Anonymous messages – “We are anonymous. We are legion. We do not forgive. We do not forget. You should have expected us!” So, if the government plans to block other websites, Anonymous shows its protest by hacking government websites.
Even by the end of the last month, ISPs continued to block websites and Anonymous, this time targeted a political party. It defaced the website of one of the most prominent parties of the nation. The BJP website was reportedly hacked for not protesting against their opposition party, Congress on the topic of Internet censorship. On their Twitter account (@opindia_back), the hacktivist group made this public in a series of tweets; some reading – “Young guns of #India —> We owned http://mumbaibjp.org/anonymous.html to display a message to you all. So kindly read it. #opindia”, among others in succession. Further posts on Twitter that serve as a probable explanation to the hacks, read – “BJP are the opposition they should have f****n stopped this or should have organised a protest they didn’t do any.”
Moreover Anonymous, on its Facebook page has asked users to vote for either of the two ISPs – Reliance and Airtel. The group have asked their Facebook followers to Like the post, if they are in favour of Reliance’s website/services being hacked or Share the post if their choice is Airtel.
Image Credit: Getty Images