Category: HACKER NEWS

Posted on in HACKER NEWS

Hacking to save forests in Nicaragua

On 09 May 2020, a Hacker by the Handle of Lorian Synaro disclosed that together with Nama Tikure they hacked the National Forest Institute of the Nicaraguan government.

As a result, emails, private documents, and information leaked.

The leak was analyzed by Twitter user Solidify. He could verify that INAFOR, the National Forest Registry Office, registered a 329-hectare plot of forest plantation in the name of OPERA S.A., which would consequentially sell it’s wood.

The finding was the result of a preliminary examination. The twitter user expressed there is much more to find due to the share volume of the leak.

The Hacker group attacked the National Forest Institute with a clear purpose to expose the wrongdoing of the government lead by President Daniel Ortega. This echos a deepening political and social crisis of Nicaragua. The crisis led to hundreds of protester deaths and more than 100.000 fleeing the country.

The Guardian recently published an article on the issue of illegal land grabs in indigenous territories in Nicaragua.

From the article

“The violence has increased in recent years, obscured first by the government’s crackdown on protests that began in April 2018 and more recently by the world’s attention being diverted by the coronavirus pandemic. “

Nicaragua is promoting illegal land grabs in indigenous territories – report, The Guardian.

In another article, the Guardian exposed that in the illegal land grabbings, indigenous people have been killed and other kidnapped.

An aerial photo from September 2015 shows land cleared by ‘settlers’ in Murubila, Nicaragua. Photograph: Esteban Félix/AP

Based on the articles, I wanted to verify how much the deforestation in the area of Murubila, Nicaragua is advancing.

To do that, I used the EO Browser that combines multiple satellite imagery into one handy tool. Satellite imagery can also be used to assess plant density and health. This because plants reflect near-infrared and green light while absorbing red. So the denser plant growth, the darker red will appear in the image.

Murubila area, Nicaragua February 2020
Murubila area, Nicaragua April 2020
Murubila area, Nicaragua May 2020

In one area close to Murubilia, there is a big difference between February and May.

Apart from the cloud shadows, one can note the appearing grey zones that might indicate deforestation.

The above proof is not confirmed. There is a need for a more in-depth investigation with people familiar with the issue and area.

At the same time, it gave me an indication that the Hacker Group is up to something bigger.
I usually observed that Hakctivist operations, mostly consists of taking down websites of governments for a certain amount of time to create disruption.

Yet this breach shows a clear intent of the hackers to expose a significant Government operation in logging The Bosawás Biosphere Reserve, renowned for its biodiversity.

I contacted Hacker Lorian Synaro to ask some questions.

Can you tell me what are the motives behind what you did?

We have been watching the Nicaraguan situation for a few weeks and have seen that the people were suffering from the oppression of their government. We have already made an OpNicaragua in 2018 so we know what type of government they have. They have killed a lot of innocent protesters. As Anonymous stands for freedom and against oppression, we have decided to act and target their government. So we try to hack their servers and expose their secrets and corruption. Like we did for the Inafor servers.
We are in a middle of a climate crisis where we are needing nature the most. But evil governments are still destroying nature.

The Hacker confirmed that more journalists are looking into the data dump.

As from how the hack happened, Lorian wrote:

We had access to their servers and mail servers. We made a few bruteforce attacks and got many of their logins.

We also talked about the duality and safety of being a Hacktivist, where I received an explanation that they do all that is necessary to secure their identity.

Both Hackers are not new to hacktivism as he participated in several operations in the last years.

Lorian Synaro Tweet activity analysed with the great Tweets analyzer tool
Namatikure Tweet activity activity analysed with the same tool.

Now Lorian Synaro is calling for additional action against the Nicaraguan government.

With the country high on the corruption index, journalists can use the leak to find proofs and hidden connections of the Nicaraguan government.

Accordingly to Transparency International report Nicaragua has a high degree of corruption, putting the Country on a 161 position of 180.

The findings if combined with OSINT tools like satellite image search can build a solid case against illegal logging and destruction of protected wildfire.

Posted on in HACKER NEWS

Aarogya Setu app vulnerabilities

Aarogya Setu GoI’s mobile application for contact tracing & dissemination COVID-19 in India is vulnerable to hacker attacks.

A French security researcher known as Elliot Alderson has discovered multiple vulnerabilities in the app.

On April the third, he showed how an attacker was able to get the content of any internal file of the app, the local database included.

Additionally as per 06.06.20 the security researcher discovered that an attacker would be able to know who is infected, unwell or made a self-assessment in the area of his choice.

This means that it is possible for him to check if someone was sick at the PMO office or the Indian parliament. Or even if a person was ill in a specific house.

Elliot Alderson disclosed he could verify that:

  • 5 people felt unwell at the PMO office
  • 2 sick at the Indian Army Headquarters
  • 1 infected people at the Indian parliament
  • 3 infected at the Home Office

After tweeting about the vulnerability, the security researcher, was contacted by the Indian Computer Emergency Response Team @IndianCERT and National Informatics Centre (NIC) of India @NICMeity.

The Team of Aarogya Setu Team came back with a statement that downplayed the findings.

Elliot Alderson, as a response, published the details of his findings in a blog post. Additionally, he announced that even though the issues where dismissed, the bugs are now fixed.

Covid-19 tracing apps have the potential to use technology for a useful purpose. If done right and used by a big part of the population of a country, they can help in the fight in reducing the spread of the virus.

At the same time, they can also be a privacy nightmare if they do not provide sufficient security controls and transparency.

Edited on 07.05.2020 to add Elliot Anderson blog post and response.

Posted on in HACKER NEWS

Your Tik Tok account can be hacked

TikTok is a short-video sharing app and social network platform. It’s headquarters are in Greater Los Angeles Area, West Coast, US is owned by ByteDance, an internet technology company legally known as Beijing Bytedance Technology Co., Ltd. from China.

The social media platform increased popularity in the US saw more intense scrutiny and privacy concernsns. But how about security? Is the app safe, and can it be hacked?

There is no such thing as unhackable, yet how difficult it is, it also depends on the company’s efforts to keep it secure.

Tik Tok has no 2 step verification, and security recommendations itself are shallow:

A few tips:

  1. Never trust any 3rd-party websites that promise to give away free likes, fans, crowns, coins, or other incentives as they may be able to take your login info.
  2. Select a secure password that contains at least one number and special character.

With no second verification taking over, an account depends on the user’s relaxed approach to security or by the company’s efforts and investment in the protection of the application.

Researchers at Check Point discovered multiple vulnerabilities within the TikTok application.

They managed to:

  • Get a hold of TikTok accounts and manipulate their content
  • Delete videos
  • Upload unauthorized videos
  • Make private “hidden” videos public
  • Reveal personal information saved on the account such as private email addresses

From the research conclusion:

TikTok videos are entertaining. They’ve created a significant trend, a style, even a musical genre. Many of us use the TikTok app to share enjoyable moments and snip bits of fun memories in the form of a short video clips. But as some have experienced, there is often a fine line between fun clips to private, even intimate assets being compromised while trusting to be under the protection from the apps we use.

Researchers at Check Point 

Some users are sharing their experiences of Tik Tok hacked accounts on twitter:

Number of tweets containing “My Tik Tok hacked” between January 2019 and April 2020

https://twitter.com/milkoflavender/status/1253904856114434048?s=20

The above tweets show that some of the hacks happen due to credential stuffing, where leaked credentials are used to try to log in to other platforms. This attack succeeds as users continue to use the same password for several accounts.

With this tweet, you might understand better what can go wrong if your account is hacked. If you saved personal videos as a draft, then the attacker will now have access to them.

Password hacking happens in many different ways, as exposed in a previous blog post.

You should start by having those three password best practices:

  • Password Manager: it is the best security measure for your passwords. Takes away the complexity of managing the all and will create unique and robust passwords automatically for any given account.
  • Strong passwords: a password hard to crack, best if managed by the password manager
  • Unique passwords: Creating one password that is specific for each account, again much better if handled by the password manager.

If your Tik Tok is hacked then, for now, there is no other way than going through the step officially described in the safety center:

What to do if your account has been hacked

  1. Change your password: Changing your password will log out all other users who may have accessed your account. If you can’t change your password, contact the Support Team by going to your Profile tab, tapping on the Settings icon, and selecting Privacy and Settings > Send Feedback.
  2. Check your account info: Go to your Profile tab, tap on the Settings icon, and tap Manage My Account to verify if the information in your account is correct.

For such a big company, it is alarming to see that it is not doing much to protect and recover the accounts of its users.

Posted on in HACKER NEWS

Keksec on Billboard security

On the 8 of September, Keksec a Hacker group collective disclosed a guide on how to control digital billboards running Prismview software.

Keksec made the headlines in 2018 when they Hacked billboards to display John’s Mc Afee tweets. But accordingly, to the group twitter feed, they are active since 2017.

The group mostly posted or retweeted pictures of those billboards and went silent after 2018 hacks.

https://twitter.com/DemolitionDevon/status/1080209605978873857

Now they are back with a message directed to the company Prismview formerly known as Yeasco that created and owns the PrismView software used to display advertisements on the electronic billboards.

Ah, there you are! Our faithful friend! Our fantastic follower! We're
    very sorry for being gone for so long. Sadly, as with all things, we
    have weened and waned in and out of existence. Heat has come and gone.
    Boxes, shells, and exploits too have seen the light of day only to be
    snuffed out by zealous whitehats. Somehow, despite the religious fervor
    of the whitehat, our billboard vulns haven't been killed. You shitters
    really dropped the ball. No, YESCO, telling customers to move boards
    behind a VPN is *not* a patch. In this file we're dropping the deetz on
    YESCO's (and now Samsung's) Prismview billboard software.

    Public Disclosure Timeline:
     Found: maliciously
     Contacted vendor: technically
     Disclosed publicly: affirmatively

From the message, it seems that the Hacker Group is in disbelieve that after all the media attention, the billboards running Prismview are still an easy target.

It should also be remembered that the Prismview team was immensely disorganized in creating the Prismview software.

There is even a reference to Brian Krebs, an Investigative Journalist known for writing about Cyber Crime.

<UserName>bkrebs</UserName> <Password>god</Password ... You can then authenticate with the server $ curl -H'User: bkrebs' -H'Password: god' http://LAME/PRISMVIEWLOGIN001 OK Password

Accordingly to the company official website, Prismview is a US-based company. It has its roots in the ’90s and now is responsible both for the production, software, and installation of billboards. They installed them in many famous locations like New York Time Square, Piccadilly Circus, and several locations in Las Vegas.

Most interesting, the company has expanded it’s business in the sports area and was acquired by Samsung.

From the website: “In 2002, we installed our first LED digital billboard display for the outdoor advertising industry. We have grown to become one the world’s largest digital outdoor display manufacturers with over 2,000 installations throughout North America and Western Europe and as far away as Melbourne, Australia.”


The website enlists many positive aspects of their product, yet there is no reference to security.

The only security information refers exclusively to hardware durability and not software security.

Billboard Hacks is nothing new and is not as popular as other forms of Hacking. Probably because they are evident, do not give any financial benefits, and can lead to prison sentences.

Billboard Hacking came a long way since the non-led display Hacks.

A notable example of paper billboards hacks is of a group called the Advertising guerrilla act that changed billboards in Santa Cruz in the 80′.

Property of Truth in advertising
Property of Truth in advertising
Property of Truth in advertising

What is fascinating about the group was the number of preparations that they needed to do before executing the hack. You can read the full process here.

In the last years, billboard Hackers gained attention, mostly when they displayed porn videos. There are two familiar examples, one in Russia and the other one in Indonesia. Even if the motives were “just for fun”, in both cases, it led to prison terms.
Indonesia is a majority Muslim country where pornography is banned, therefore making the sentence and treatment of the Hacker harsher.

SAR the suspects of a porn Videotron case in Prapanca, Jakarta Metropolitan Police, Jakarta. (Liputan6.com/Immanuel Antonius)

There are fewer examples of billboards hacks with a happy end.
In 2013, college students from Belgrade played Space invaders on a billboard, displayed the message HACK4FUN and contacted the billboard company to inform about the vulnerability. After the stunt, they were praised by the company and rewarded with an iPad.

Keksec hacks involve funny images that might make some people laugh and raise some eyebrows in others.

When contacted, Keksec clarified that they chose to disclose the security issues in such a way as it is more convenient and fun. They do not see Prismview as a professional company since the code is messy and when customers get pwned, they ask them to move the board to a private subnet without solving the vulnerability.

When asked if they have a beef with white hats, they shared that they do not like them. The reason is that they tend to act for the bullshit notion of the “good of infosec”, accordingly to their words, while Keksec does it for themselves and fun.

When asked if they want to share more about themselves or leave a message, they answered:

Hack the planet!

A famous quote from Hacker movie of 1995, called Hackers.

Prismview was also contacted to yield their view on the disclosure. It remained without response.

If there is any information you want to share on the story you can contact me in different ways.

Your guide trough The Cyber
@PiotrSec

Posted on in HACKER NEWS

Bharatiya Janata Party (BJP) website Hacked

The Bharatiya Janata Party is one of the two major political parties in India.

The party has seen high political success in 2014 winning many seats and achieving an outright majority in the Indian Parliament. In 2019 the BJP won the general election increasing its majority.

Elliot Alderson, a French Security researcher, shared different pictures of the Hack.

From the picture, it is clear that Shadow_Vip3r behind the attack, although, after first research, there is no Twitter account or other social media account to be reached for further comment.

What is striking of the Hack is what has been deliberately changed by the Hacker.

Usually, Hackers replace the whole website with one page to display not only the name of the attackers but also a message.

Such posts are also a common practice of Hacktivists, yet in this, there is no clear message.

Since the Hacker is not reachable for comment, there are some speculations that one can make.

The website had its pages replaced with pages with beef recipes, beef pictures and the world beef associated to Indian Politics.

Such action can be a protest against the rise of Hindu Nationalism in India, that have been legitimised and helped by Modi and the BJP.

Posted on in HACKER NEWS

Cartoon Network Hacked

On April 27 Ethan Nunn a Youtuber that goes with the handle of ENunn, tweeted about Cartoon Network co.uk site being hacked.

The Twitter thread shows additional examples of other Cartoon Network domains being compromised.

https://twitter.com/EthanNunn/status/1122335419746721793
ATTENTION! This video may be NSFW!

The company in UK acknowledged the issue and released this information.

https://twitter.com/CNUKTweets/status/1122506277224157184

Two hackers, sudorealistic and danilao are possibly behind the hack.
Edit 02.05: it appears that sudoreall has deleted his profile.

https://twitter.com/sudoreall/status/1122449472213135361
Although it looks like the site was taken down by CN IT department to solve the issue.

Edit 05.02: all tweets have been deleted, so here is the original tweet:

Sudorealistic claims that the hack was intended to show how vulnerable CN is, yet from the timeline there is no indication that the hackers tried to contact the company to fix the vulnerability before the attack.

According to this google doc, it looks like Sudorealistic has a history in downloading, streaming or consuming CN content.
There is also a hint that the Turner Media admin panel may have been used to perform the hack.

I tried to reach out to the Hacker for more clarification, but the request remained answered.

If you see any errors, want to send an update to feel free to contact me via twitter or key base.

Posted on in HACKER NEWS

Hacking for Julian Assange

Far from the turmoil of new Facebook data breaches and APT threats, hackers are fighting for Julian Assange or maybe just attention.

Look up #OpAssange, #OpUK, #OpEcuador and you will find DDoS, hacks, alleged hacks, small leaks, and big ambitions.

Some of the attacks are targeting small sites with lousy security that didn’t do anything wrong other than have an Ecuador domain.

https://twitter.com/your_anon_net/status/1116794914128314369

Accordingly to @your_anon_net, this is a severe leak.
https://ghostbin.com/paste/wx8rh

Hacking the agricultural university of Ecuador is for sure not something of significant concern for the Ecuadorian government.

Another targeted school was Ecuador’s School of the Judicial Function website https://escuela.funcionjudicial.gob.ec/ .

Personal data of teachers and facilitators (650+ people) https://pastebin.com/GHcbk12n

Yet the full list of attacked Ecuador sites sites is quite long and it comprehends many Ecuadorian Consulates, public and private institutions.

The government of Ecuador disclosed that they have been attacked more than 40 million times since the arrest of Assange, but again the true extent and forms of those attacks were not disclosed in more details.

But not only Ecuador is the target, as the UK is also on the list.

Allegedly websites like the National archive or the national crime agency went down, yet if they even were unavailable than for a short amount of time or it never happened. But at the same time I could verify that police.uk was down for a longer period of time.

https://twitter.com/AFT3RNOON_000/status/1117922353651048449
Accordingly to isitdownrightnow.com The NAtional Archive wasn’t affected or for a very short period of time
Police.uk was taken down

Who is behind those attacks?


At #OpUK, the operation to disrupt the United Kingdom, that the most prominent group is called @Pryzraky that formed by different Hackers. In this case, @Mecz1nho and @al1ne3737 are the ones that claim most of the attacks.

In addition to that two anonymous groups are taking part in the operation called @your_anon_net and @An0nym0us_Esp.

Although @Pryzraky group member claim that many of their hacks are being stolen by new Anonymous groups.

https://twitter.com/al1ne3737/status/1118368617219928064


Also, @CyberGhost404 seems to have joined the efforts. This Hacker is also part of another hacker collective called Philippines Cyber Eagles.

At #OpEcuador @your_anon_net is again active in the movement, together with @ArksKaiser, @cyb3rc0v3nsec and @Karamujo18.

Most of the attacks are DDoS, SQL Injections, and few data leaks.

Netscout has a live Cyber Threat horizon DDoS map.
Although such maps are only an indication of such traffic and should always be taken with a pinch of salt, it is interesting to compare the attacks of #OpEcuador in time.
The arrest of Julian Assange was on the 12 of April, and you can see a clear indication of DDoS to the country, the time #OpEcuador was in effect.

Netscout Cyber Threat horizon 14 of April 2019

One month before you have similar if not higher traffic.

Netscout Cyber Threat horizon 13 of March 2019


In comparison, December 7, 2018, had much lower traffic.

Netscout Cyber Threat horizon 11 of December 2018

Netscout also has summary reports, and if you look into the statistics it looks like the March attacks had higher frequency and volumes than April.

The question is, who was attacking Equador before? Was it Nation State Hacking Groups? Did they have or wanted to gather intelligence on the arrest of Julian Assange before it happened?
It is a possibility that could not be verified.

If you see any errors or you want to contact me say hello on twitter or keybase.

Posted on in HACKER NEWS

Hacking billboards

It’s been a while since I’ve seen any hacking activity that is just plain funny. 

I also believe that it is an excellent example to raise awareness of how insecure things really are in our digital age.

Yes, even billboards can be hacked, and to be perfectly honest I would rather watch those messages then they ones that are thrown at us every day by advertisers.

The text seems is specializing in hacking billboards with entertaining content. Of course, humor is always personal.

In those times we continuously hear about breaches, nation-state hacking, ransoms, that is quite refreshing to see this type of hacking.

Enjoy the gallery.
If you like the work, you absolutely must follow @le_keksek on Twitter.

Posted on in HACKER NEWS

I wanna be Hackerz!

 

It looks like that in our times it’s neat to be a hacker.

There is a lot of interest but at the same time a lot of misinformation and high expectations that are nowhere close to reality. One of them is that it is easy to be a Hacker and you just need some tips and tricks from other Hackers.

If you are a security researcher, for example, you will be constantly bombarded by such requests like:

– teach me how to hack
– I want to hack
– what should I do to start to hack

It is quite interesting that many of those aspiring hackers use their personal Facebook or Twitter profiles to ask for such tips.

Now, here comes the truth: being a hacker, a good one, it’s a pretty damn tough.

That’s why if you really want to go in that direction at least do it right.

This example shows a perfect illustration of Hacking done wrong.

@nullcoockies , a fisher of Phishers, easily traced from a fake Ransomware that pops up in your browser to it’s Creator or pseudo Hacker.

OPSEC, how does it work? pic.twitter.com/4NU91uNpu4— nullxmascookies (@nullcookies) September 28, 2018

@nullcookies now deleted Tweet

Follow @nullcoockies for other cool fish of phishers stuff!

  • 1 Oh no a Ransomware… Or?
  • Let’s have a look at the code…
  • Hello Oussema!