Putnam County State Government Hacked by Ghost Squad Hackers

As if you need yet another reminder why our local elections and Government are not safe, earlier today, October 30th 2019, “M1rox” of Ghost Squad Hackers announced a hack of the Putnam County State Government of Ohio. Though no data was leaked in conjunction with today’s announcement, the defacement of the counties website indicates that hacker was able to gain full root access over the entire website itself – theoretically along with all of its data.

While the hacker may not necessarily have had any political motives, at least in terms of conducting espionage for other countries, the news comes within weeks of Mississippi’s warning that close to 75% of the states offices are not prepared to mitigate,deflect or handle a cyber attacks again them. Expectedly enough, upon analyzing the website myself, Putnam Counties home website lacks even an SSL. Regardless, as M1rox once again reminds us, our state and local Governments are far from safer as we continue to inch closer towards 1 year until elections.

Target: hxxp://putnamcountyohio.gov/
Deface: http://putnamcountyohio.gov/index.htm
Deface Mirror: https://defacer.id/archive/mirror/7291500


#OpHonduras: 48 Hours Into The Operation, Dozens of Government Owned Websites Have Been Hacked, Leaked, Defaced and/or DDos’ed Offline

A little less than 48 hours after news of “Operation Honduras” (#OpHonduras) broke on May 3rd 2019, nearly half a dozen offices/branches affiliated with the Honduran Government, and dozens of their subdomains, have been hacked, leaked, defaced and/or crashed online. For example, named in a list of hacks over the weekend were the Honduran Ministry of Foreign Affairs, Secretary of State, Office of The Presidency, Secretary of Agriculture, as well as the Secretary of Development and Social Inclusion. Perhaps more importantly, in addition to the hacking campaign, news of the operation itself has also begun attracting the attention of the international media, bringing global attention to the struggle of the people of Honduras – such as you can read via the press clippings below.

Learn More – #OpHonduras

Red Revolution Media: https://redrevolution.co.uk/2019/05/04/as-media-stands-silent-anonymous-stands-with-protestors-in-honduras/
Rogue Media Labs: https://roguemedia.co/2019/05/03/anonymous-launches-ophonduras-in-solidarity-w-protesters-around-honduras/

Tango Down’ed:

Ministry of Foreign Affairs of Honduras: hxxp://www.sre.gob.hn/
Secretary of State of the Presidency of Honduras: hxxp://www.sep.gob.hn/


Platform for Monitoring and Evaluation of the SAG (Secretaría de Agricultura y Ganadería): hxxp://sisem.sag.gob.hn/
Data Leak: https://anonfile.com/WfQ4Aem3nc/sisem.sag.gob.hn_zip
Defacement: http://sisem.sag.gob.hn/PSME/

Honduran Secretary of Development and Social Inclusion Mass Defaced:


Deface List:
Deface Mirror:

Screen Shot of Defaces:

Image may contain: text


Presidency International School of Bangladesh Hacked/Defaced by M1r0x of Ghost Squad Hackers

Late last night, during the early morning hours of May 5th 2019, “M1r0x” (@M1r0x_) of Ghost Squad Hackers announced the hack/defacement of the website belonging to The International School of the Presidency in Chattogram, Bangladesh. It’s not exactly known how M1r0x was able to compromise the site, all we know at this point is that they were able to edit the websites ‘About Us’ section with an advertisement for Ghost Squad and all of the groups members – an edit which is still visible to the public at the time of this article. In a message attached to the hack, M1r0x also stated that they ‘were back‘ – perhaps indicating that more hacks are on the way.

This is also M1r0x‘s 3rd such hack, deface and/or data theft of a South Eastern Asian institution within the last 3 months, adding to a hack of Bung Subdistrict Administrative Organization of Thailand last month, and a hack of Rahmatullah Model High School in Bangladesh a month before that. Prior to that, M1r0x had been making their presence felt in conjunction with the ongoing operations surrounding #OpSudan.

Read More: https://roguemedia.co/?s=%22M1r0x%22&x=0&y=0

Hack of Presidency International School 5/5/2019

Website: hxxps://presidencybd.edu.bd/web/index.php
Deface: https://presidencybd.edu.bd/web/mpage_principal.php
Deface Mirror: https://mirror-h.org/zone/2112005/

Image may contain: text



Sc0rpi0n Gh0s7 Hacks, Leaks & Defaces Several Government Websites Across Ecuador In Protest of Julian Assange’s Incarceration

Earlier today, April 25th 2019, an old friend of mine from Ethiopia going by the name of “Sc0rpi0nGh0s7” of “Shad0w Security” released a massive leak on behalf of #OpJulian – a spinoff the international hacking operations known as #OpEcuador and #OpAssange, all launched in protest of the arrest of Julian Assange two weeks ago. This was also their second such major hacking event of the last week, following a separate hack, leak and defacement of Geographic Management System of Ecuador on April 22nd. While the leak that day was taken down within hours of its initial release before anyone could back it up, fortunately, Rogue Media Labs has backup today’s release before anyone could touch it.

The database itself is large, featuring a 514 Megabyte zip file of various text files stolen from the servers of various Ecuadorian websites. Honestly, it’s too much data to all summarize here. So, if you you are interested in learning more, you are invited to download either of the files located below – both certified safe to the browsing public.

Target 04/22/2019: hxxp://catastro.archidona.gob.ec/WebAppCatastro/
Deface: http://catastro.archidona.gob.ec/WebAppCatastro/index.html

Data Leak 04/25/2019: https://megaupload.nz/M1M4Gbi8n3/ecu1_tar
Data Leak Backup: https://roguemedia.co/wp-content/uploads/2019/04/ecu1.tar

#FreeAssange: Attacks Against Ecuadorian Infrastructure Carry On Into The Weekend

No photo description available.

On April 12th 2019, in what would go on to become one of my most read articles in weeks, Rogue Media Labs documented a string of ongoing cyber attacks targeting the Government of Ecuador and Ecuadorian infrastructure worldwide. However, as it would turn out, these attacks weren’t just limited to the 11th and 12th, but have instead evolved into something greater – with even larger and more pronounced attacks occurring throughout the course of the weekend. The attacks themselves are now being carried out under the banners of “Operation Ecuador” (#OpEcuador) and “Operation Assange” (#OpAssange), with promises to continue the attacks well into the foreseeable future.

I’ve done my best to document most of them, but I am certain I did not catch them all. If you would like to learn more, you are invited to follow the operations hashtags on Twitter as they are featured above.

Learn More About Last Weeks Attacks: https://roguemedia.co/2019/04/12/hacktivists-team-up-to-hack-deface-leak-or-crash-39-ecuadorian-websites-within-first-24-hours-after-assanges-arrest/


CYB3R C0V3N S3CURITY (@Cyb3rC0v3nSec):

Superior Educational Consultants: hxxp://caces.gob.ec/ (Tango Down’d)
Ecuadorian Consulate of Los Angels: hxxp://losangeles.consulado.gob.ec/ (Tango Down’d)
Ecuadorian Consulate of Chicago: hxxp://chicago.consulado.gob.ec/ (Tango Down’d)
Ecuadorian Embassy of Malaysia: hxxp://malasia.embajada.gob.ec/ (Tango Down’d)
Ecuadorian Consulate of Houston: hxxp://houston.consulado.gob.ec/ (Tango Downd)
Ecuadorian Embassy of Venezuela: hxxp://venezuela.embajada.gob.ec/ (Tango Down’d)

Iznaye Cyber Team (@Iznaye):

Secretary of Environment: hxxp://www.quitoambiente.gob.ec/ (Tango Down’d)
Ecuadorian Council of The Judiciary: hxxp://www.funcionjudicial.gob.ec/ (Tango Down’d)
Municipal GAD of Latacunga: hxxp://latacunga.gob.ec/ (Tango Down’d)
Colegio Jimirwin: hxxp://colegiojimirwin.edu.ec/ (Hacked)
Ombudsman of Ecuador: hxxp://consulta.dpe.gob.ec/ (Hacked/Leaked)
Universidad Técnica del Norte: hxxp://eduvirtual.utn.edu.ec/ (Hacked/Leaked)

Tapi Combat Educational Unit: hxxp://www.uecombatientesdetapi.edu.ec/
Data Leak: https://ghostbin.com/paste/osohr

Fiscomisional Educational Unit of San Jose: hxxp://www.calasanz-saraguro.edu.ec/
Data Leak: https://ghostbin.com/paste/qkofa

Educational University of Hispanic Americans: hxxp://www.institutohispanoamerica-riobamba.edu.ec/
Data Leak: https://ghostbin.com/paste/xsyv7

Municipal del Cantón Sucúa: hxxp://sucua.gob.ec/
Deface Mirror: http://www.zone-h.org/mirror/id/32335260?hz=1

Target: hxxp://www.bomberosvalencia.gob.ec/
BombersValencia Leak: http://cryptb.in/M3Cp14FR9q
Archive: http://archive.fo/6lmty

Target: hxxp://sageslaut.democrat/
Leak: http://cryptb.in/WaYCs784
Archive: http://archive.fo/uY2PC

Pryzraky (@Pryzraky):

Ecuadorian Embassy of The United Kingdom: hxxp://reinounido.embajada.gob.ec/ (Tango Down’d)

Ecuadorian Military Intelligence: hxxps://www.inteligencia.mil.ec/
Ecuadorian Internal Revenue Service: hxxp://descargas.sri.gob.ec/
Cooperative CREA: hxxp://virtual.crea.fin.ec:9192/
Infos/Vul: https://pastebin.com/raw/r5K4DFJM

Empresa Eléctrica Regional del Sur: hxxps://www.eerssa.gob.ec/
Database Leak: https://pastebin.com/raw/uiLZjraE


Ecuadorian National Police: hxxp://policiaecuador.gob.ec/ (Deface)
Ecuadorian Embassy of Ukraine: hxxp://bce.fin.ec/ (Defaced)
Central Bank of Ecuador: hxxp://bce.fin.ec/ (Tango Down’d)

FBI Mail Servers:
CF-RAY: 4c751ebe4e98a875-CDG

Broadcast IP’s : (Leaked)

Liceo Military: hxxp://liceonaval.mil.ec/ (Defaced)

Ecuadorian University Leaks: https://ghostbin.com/paste/wx8rh

Ecuador’s School of the Judicial Function: hxxps://escuela.funcionjudicial.gob.ec/
Data Leak: https://ghostbin.com/paste/r4by3
Leak Backup: https://pastebin.com/GHcbk12n

#OpEcuador Hit List: https://hastebin.com/yavudususu.rb


And perhaps most importantly of all, I know it’s the burning question on everyone’s mind, but have no fears, Julian Assange’s cat is indeed safe!

Hacktivists Team Up To Hack, Deface, Leak or Crash 39 Ecuadorian Websites Within First 24 Hours After Assange’s Arrest

At this point it should go without saying, but yesterday morning the Ecuadorian Embassy  in London decided against continuing Julian Assange’s protection/asylum and he is now going to be extradited to stand trial in the United States – where he faces life in prison. While every news outlet between here and the moon has already done their own spinoff story on these developments, what I haven’t seen anyone else covering is the response from at least some of the hacking/cyber security community – so this is what I will attempt to do here today.

First off, the very reason why Wikileaks founder was arrested yesterday was most likely for his open support for a number of leaked documents implicating Ecuador’s President recently – likely leaked for his decision to put so much pressure on Julian Assange in the first place over recent weeks. The leaked cache of documents in question is officially referred to as the INA Papers – which you can browse in their entirety below.

Browse INA Papers Leak: http://inapapers.org/

With that established, within the first 24 hours of Assange’s arrest different hackers from all around the world appear to have teamed up together to launch a massive and coordinated series of cyber attacks against the Ecuadorian Government and its infrastructure. While it would be impossible to find them all, here is everything I was able to research – 39 different targets of hacks, leaks, defaces and/or DDoS attacks April 11th-12th 2019. Among the participants were Anonymous, LulzSec, Pryzraky, CYB3R C0V3N and many more.


Target: hxxps://www.utpl.edu.ec/
Deface: https://www.utpl.edu.ec/salas/view_entry.php?id=103164

Target: hxxp://www.esmena.edu.ec/
Deface Mirror: http://www.zone-h.org/mirror/id/32332771?hz=1

Target: hxxp://reinounido.embajada.gob.ec/
Deface: pic.twitter.com/2cSkC3Zndy

Tango Downed:

Ecuadorian Embassy of the United Kingdom: hxxp://reinounido.embajada.gob.ec/
Ecuadorian Consulate of Chicago: hxxp://chicago.consulado.gob.ec/
Official Guide of Protocols & Procedures of the State of Ecuador: hxxp://gob.ec/
National Institute of Investigation: hxxp://inigemm.gob.ec/


Targets w/ SQLi Vulnerabilities:




Press Releases:

Pryzraky: https://hastebin.com/zecicifade.coffeescript
Anonymous: https://hastebin.com/yavudususu.rb

More Information:







Highlights of Days Festivities from Friday’s Attack on The Government of Sudan

On April 6th 2019 I published a press release revolving around an internationally coordinated hacking operation due to take place that day, flying under the banner of “Operation Sudan” (#OpSudan). Therefore, it only feels right to do a full recap of the days events here today. Among a shortlist of those whom made highlights from this past Friday were NewSecGroup, Lorian Synaro, CYB3R C0V3N, Willenium and LulzSec Kurdistan – among many others, I am sure. A brief recap of the days festivities is chronicled below – enjoy!

Learn More – #OpSudan Press Release 4/06/2019: https://roguemedia.co/2019/04/06/opsudan-hacktivists-around-the-world-prepare-for-massive-cyber-attacks-against-the-government-of-sudan/

Hacks, Leaks & Defaces from 4/06/2019:

Obied Oil Refinery: hxxp://ord.sd/
Data Leak: https://www.hastebin.com/leriniqito.http
Leak Backup: https://pastebin.com/gb8XuUTf

Open University of Sudan: hxxps://www.ous.edu.sd/
Data Dump 1: https://pastebin.com/4pKrivLF
Data Dump 2 (15k users & Passwords): https://pastebin.com/raw/4pKrivLF

Al-Sharq Al-Ahlia University: hxxp://alhia.edu.bh/
Data Leak: https://hastebin.com/zucogarivo.rb


Omdurman National Bank: hxxp://www.onb-sd.com/
Bank of Khartoum: hxxp://bankofkhartoum.com/
Organization of Sudan Affairs: hxxps://sswa-sd.com/



Sudanese Ministry of Finance: hxxp://finance.gov.sd/
National Council for Medical Specialties: hxxp://smsb.gov.sd/

Screen Shots of Defaces:

Image may contain: text

No photo description available.




Bung Subdistrict Administrative Organization of Thailand Hacked by M1r0x of Ghost Squad Hackers

Earlier today, March 4th 2019, “M1r0x” of Ghost Squad Hackers made a brief return to the hacking scene with a hack/defacement of the Bung Subdistrict Administrative Organization of Thailand, a national organization tasked with developing community projects around the country – such as educational programs, appointing leadership roles, as well as localized infrastructure investment. It was M1rox‘s first hack/deface in nearly a month and half, dating back to a February 9th 2019 hack of Rahmatullah Techincal High School in the capitol city of Dhaka, Bangladesh.

While Ghost Squad Hackers as a whole have been a little more underground than normal the last couple months, it doesn’t mean the group has been inactive either. For example, S1ege’s ISIS data dump this past February literally made global headlines, resulting in countless arrests around the world. Hax Stroke has been active hacking and defacing websites around Brasil, as well as building his own custom Botnets to launch against NGO’s and Governmental organizations alike – such as Github and the Government of Sudan. Similarly, 0x20k has also been active in a number of hacks/defacement’s over recent weeks just as well.

Target: hxxp://bung.go.th/
Deface: http://bung.go.th/download/index.html
Deface Mirror: https://mirror-h.org/zone/2085620/

Screen Shot of Deface:

No photo description available.

Follow Up: Highlights from First Annual April Lulz Day 2019

On March 31st 2019, I published an article advertising “April Lulz Day 2019,”  an international hacking operation to be launched on April 1st 2019 on behalf of international LulzSec affiliates worldwide. Therefore, it only seems right to do a follow up article here today, chronicling all of the “festivities” associated with the operation – you’re welcome @TheInternet. While I’m certain I did not uncover them all, below is a list of hacks, leaks and defaces from April 1st – at least that I was able to find.

So, what were the highlights you ask!? Ohh, I don’t know, nothing major, “only” about 16 websites were crashed via DDoS attack, 5 websites had their databases hacked and leaked online, 28 websites were defaced, at least 500 Twitter accounts were closed and over 1,000 Facebook accounts were hacked – 😏. Below you can see the full run down, attributed to the sources behind them. All sites marked with “hxxp” are websites crashed via DDoS attacks.

LulzSec Argentina (@LulzSeguridad):


Quilmes Encendido Oeste Wifi Passwords Leak: https://pastebin.com/raw/UNk0E21u

LulzSec Kurdistan (@LulzSecKu):

List of 27 Websites Defaced 4/01/2019: https://pastebin.com/JfHwAT02
Deface Mirror of 27 Websites Hacked/Defaced: https://mirror-h.org/search/hacker/30891/

Target: hxxp://borde.com.tr/
Deface: http://borde.com.tr/lulzsecku/

List of 500 Twitter Accounts Taken Down: https://pastebin.com/GbA1fjTM

Pinoy LulzSec (@PinoyLulzSec__):


Target: hxxp://bookhub.ph/
Database Leak: https://ghostbin.com/paste/5jqzn

+250 Hacked Facebook Account Logins: https://pastebin.com/gX7809Ag
Additional Facebook Leaks Part 1: https://textuploader.com/15y98
Additional Facebook Leaks Part 2: https://textuploader.com/15y0a

Polytech University of Phillipines: hxxps://www.pup.edu.ph/taguig/
Database Download: https://anonfiles.com/p6NaR2W4me/PUPTAGUIG_SQL
Download Backup: https://www.datafilehost.com/d/c7d4716e

Confidential Doc Stolen from Philippines Army: https://uploadfiles.io/82mtc

Lorian Synaro (@LorianSynaro):



750 Facebook Accounts Hijacked – ClownSec: https://pastebin.com/raw/peCbG4Wf

Target: hxxp://presidencia.gob.sv/
Deface: http://multimedia.presidencia.gob.sv/files/backup/index.html

LulzSecKurdistan Hacks/Defaces 4 Websites Across Turkey & Iran

Last night, March 29th 2019, a new group of hackers going by the name of “LulzSec Kurdistan” (@LulzSecKu) claimed responsibility for hack and defacement of 4 websites across Turkey and Iran. While the group is new to social media as of March 2019 and the hacks below represent their first couple postings to the service, according to the groups website, the hackers appears to have been very active over the course of the last two weeks – hacking/defacing 150 websites around the world dating back to March 14th 2019.

LulzSecKurdistan’s Portfolio: https://mirror-h.org/search/hacker/30891/pages/5

Browsing through their archives, it appears as though the group is primarily interested in targets in the United States, Israel, the Netherlands, South Africa, Turkey and Iran, targeting various local businesses, organizations and/or gaming websites hosted inside these countries. The group also appears to be political active as well, hacking some websites and replacing them with a message reading “Stop Killing Muslims.

Hacked Iran:

Target: hxxp://hamedhamidi.ir/lulzKurd.htm/
Defacement: http://hamedhamidi.ir/lulzKurd.htm
Mirror: https://mirror-h.org/zone/2082022/

Target: hxxp://tptm.ir/lulzsecku/
Defacement: http://tptm.ir/lulzsecku/
Mirror: https://mirror-h.org/zone/2082020/

Hacked Turkey:

Target: hxxp://borde.com.tr/lulzsecku/
Defacement: http://borde.com.tr/lulzsecku/
Mirror: https://mirror-h.org/zone/2082021/

Target: hxxps://myth.com.tr/
Mirror: https://mirror-h.org/zone/2082019/

Screen Shot of Defacements:

No photo description available.

Image may contain: text


#OpSudan: International Hackers Continue Onslaught Against al-Bashir & Government of Sudan

Largely led by the efforts “Lorian Synaro,” hackers from all across the world continue to come together to launch onslaught after onslaught against Omar al-Bashir and the Government of Sudan, this time crashing, hacking, defacing and/or leaking the contents of 24 websites across Sudan – all within the course of the last week alone, that I am even aware of! Their efforts all come in conjunction with “Operation Sudan” (#OpSudan), perhaps one of the single largest and most successful international cyber operations of the last decade.

Learn More – #OpSudan: https://roguemedia.co/?s=%23OpSudan&x=0&y=0

As for all of hackers behind this weeks attacks, there are many. Including, but perhaps not limited to DemonSad, Tiosan and Angel Cracking of “NewSec Group,D3xter, Al1ne3737, Ergo Hacker and Mecz1nho Markov of “Pryzraky,Lorian Synaro and System D of “Anonymous,” as well as an independant hacker known as _W4rl0ck. My apologies to anyone whom may have been left off the list! Until next time 😉


Mashreq University: hxxp://mashreq.edu.sd/
Leak: https://www.hastebin.com/vujumifozo.cs/
Leak Backup: https://pastebin.com/raw/n1Yj9YJE

Sudan Specialized Medical Insurance Company: hxxp://mmi.sd/
Leak: https://www.hastebin.com/atideheyeg.md
Leak Backup: https://pastebin.com/bGZVCgNu

Sudania 24 Television: hxxp://sudania24.tv/
Leak: https://pastebin.com/raw/R5Vzzbzm
Data Download: https://anonfile.com/J1O1z4Tbm7/sudania24.tv_al1ne3737_txt

جامعة القضارف : hxxp://gaduniv.edu.sd/
Elrazi University: hxxp://elrazi.edu.sd/
File Download: https://anonfile.com/Hby0nbTem9/sudansqli_rar

Tango Down’ed via DDoS:

The Bank Of Khartoum: hxxp://bankofkhartoum.com/
Khartoum Police: hxxp://ksp.gov.sd/
Khartoum International Airport: hxxp://krtairport.gov.sd/
Sudan Council of Ministers: hxxp://sudan.gov.sd/
Military Industry Corporation of Sudan: hxxp://mid.sd/
National Medicinal Plant Board: hxxp://www.nmpb.gov.sd/
Ashorooq News: hxxp://ashorooq.net/
Almeghar News: hxxp://almeghar.com/
Presidency of Sudan: hxxp://presidency.gov.sd/

Target Reconnaissance via JTSec:



The Murtada Maaz Consultancy – Contractor for NCC and Government Buildings.

Website: hxxp://murtadamaaz.com/


Image may contain: outdoor and text

Sudanese Ministry of Investment, Industry and Tourism.

Website: hxxp://northinvestment.gov.sd/


Image may contain: text

Elobeid Refinery Company (ORC)

Website: hxxp://ord.sd/


Image may contain: text




#OpCatalonia: 10 Websites Across Spain Hacked, Defaced and/or Leaked by Al1ne3737 of Pryzraky

In solidaridad with #OpCatalonia and the ongoing Supreme Court trials of political dissidents being held at the hands of Spanish authorities, “Al1ne3737” of “Pryzraky” unleashed a massive round of hacks, leaks and defaces targeting various businesses and organizations around Spain. More specifically, Al1ne3737 announced a data leak effecting FAIN Elevators in Spain, along with the websites of Astigarraga Kit Line, a high end Spanish furniture retailer, Flins & Piniculas, a online digital media retailer, as well as Dragados S.A., an international business conglomerate basing their operations out of Spain. Al1ne3737 also released the SQLi points of failure of 6 additional websites, offering to give the website owners consultation to patch their vulnerabilities with the release – lulz.

Stepping a bit outside their norm, Al1ne3737 also defaced several of the websites and released a message in Indonesian attached to the leaks reading: “A child will be born today and grow old with no conception of privacy. They will never know what it means to have a private moment to themselves, or thoughts which aren’t registered and analyzed. And this is a problem because privacy is important; privacy and peace of mind is what we all need to determine who we are and who we want to be.

Targets via Data Breach:

FAIN FRANCE: hxxps://fain.es/
Astigarraga kit line: http://astikitline.es/
Flins y Piniculas: hxxp://flinsypiniculas.com/
Dragados S.A: hxxps://dragados.es/

Deface Mirror: http://www.zone-h.org/mirror/id/32273657?hz=1
Leak: https://www.hastebin.com/avasimehek.nginx
Leak Backup: https://pastebin.com/36Wa6J6g

Screen Shot of Deface:

No photo description available.

Additional SQLi Target Locations: