As if you need yet another reminder why our local elections and Government are not safe, earlier today, October 30th 2019, “M1rox” of Ghost Squad Hackers announced a hack of the Putnam County State Government of Ohio. Though no data was leaked in conjunction with today’s announcement, the defacement of the counties website indicates that hacker was able to gain full root access over the entire website itself – theoretically along with all of its data.
While the hacker may not necessarily have had any political motives, at least in terms of conducting espionage for other countries, the news comes within weeks of Mississippi’s warning that close to 75% of the states offices are not prepared to mitigate,deflect or handle a cyber attacks again them. Expectedly enough, upon analyzing the website myself, Putnam Counties home website lacks even an SSL. Regardless, as M1rox once again reminds us, our state and local Governments are far from safer as we continue to inch closer towards 1 year until elections.
Deface Mirror: https://defacer.id/archive/mirror/7291500
Last night, February 8th 2019, “M1r0x” of Ghost Squad Hackers shared a hack and defacement of Rahmatullah Model High School in the capitol city of Dhaka, Bangladesh. In a brief statement to Rogue Media Labs, M1r0x explained that, outside of the fact that they were just bored and it was easy for them to pull off, there was no real motivation behind this particular hack. Presumably, the school was hijacked/targeted because they claim to specialize in the technological development and training of its students, yet operate with an unsecured website and web server.
M1r0x also stated they they were not after, nor did they steal, download or leak any data/files from the website. Rather, they just changed some small things about it – such as the sites cover photo and the content/headlines of various articles featured on its landing page. For example, when you click on any of the websites featured articles, you are re-direct to a message reading “GSH : M1r0x – s1ege – Anonxoxtn – d4rkstat1c – h4x str0ke – Neckros – 3Turr – G4mm4 – Scode404” – listing off all the members of Ghost Squad Hackers. As of the evening hours of February 9th 2019, the website still remains in its defaced condition – perhaps indicating that M1r0x was able to lock out site administrators or that the school remains unaware of the incident.
M1r0x also took the hack as an opportunity to explain that 2019 will mark the end of ISIS, and that the group will be heavily targeting the Islamic State’s remaining online presence throughout the course of the year ahead.
Deface Mirror: http://www.zone-h.org/mirror/id/32189267
Screen Shot of Main Defacement:
What Happens When You Click On A Hacked Link:
Over the course of the last 24 hours or so, a hacker going by the name of “S1ster” aka “0x1st3r” of the Brasilian based hacking group known as Pryzraky has claimed credit for a prolonged DDoS attack targeting Sudan’s Ministry of Defense. The attacks started somewhere around 4:00 pm Eastern Standard Time January 30th 2019, lasting up until anywhere between 3:00-4:00 pm January 31st 2019 – at least this is the last time anyone could confirm the site was no longer accessible to the international public. At the time of this article, roughly 4:10 pm on January 31st, the website is back up and running in its original condition.
The web attack itself was launched in conjunction with #OpSudan, an ongoing onslaught of cyber attacks against the Government of Sudan for their continued oppression of their own people. This is also the 2nd such prolonged/sustained DDoS attack against this particular website/agency over the course of the last month, adding to a separate DDoS attack launched by “M1rox” of Ghost Squad Hackers on December 27th 2018. Not only this, but a day after the DDoS attack on December 29th, another group of hackers going by the name the “Sudan Cyber Army” managed to hack the sites databases and leak approximately 53.3 Megabytes of data from it.
As for this newest attack, in statements made available to Rogue Media Labs, S1ster explained how she was able to launch the DDoS attack via a new botnet built by “Ergo Hacker” and “Zoord” – also members of Pryzraky. Unveiled to the public for the first time on January 29th 2019 and officially dubbed the Poseidon Botnet, S1ster explains how she was able to utilize the botnets API to carry out a udp flood style DDoS attack against Sudan’s Ministry of Defense – suspected to have been pulling around 10 gbps of traffic to crash the site over the period of the attack.
Just a few hours ago, December 28th 2018, the Sudan Cyber Army announced a hack of the Sudan Ministry of National Defense, managing to hack the site, steal administrator credentials and download the contents of its databases offline – 53.3 MB of data to be exact. While not much is known about the group, what we do know is that their their actions were carried out on behalf of #OpSudan, an international protest of Omar al-Bashir’s Government following his decision to restrict national internet access and block social media applications to deter protests from growing larger last week, December 19th 2018.
In a message attached to the leak, hackers stated that “The Sudanese Hackers’ Army calls for an urgent response to the appeal of the Sudanese Mujahideen Rally for the Intifada on December 31st at 1:00 pm in the Arab market (Chinese Qandul). Kono is on time. The country is waiting for you there.” Jokingly adding “From Sudan with Love, Keyboards Instead of Guns, Shellcode Instead of Bullets.“
At this time it remains unclear if the hackers worked in conjunction with “M1rox” of Ghost Squad Hackers, whom announced a prolonged DDoS attack against the Ministries website yesterday, December 27th 2018. Though if I had to guess, I would assume both were separate instances.
Interestingly enough, browsing through the identities of some of the Ministry’s website administrators leaked online revealed several .ru domains from Russia – indicating that Russian actors are involved within the framework of the Sudanese Defense Ministry on some level – though the exact extent to which remains unknown. Rogue Media Labs has reached out to the group for interview, but as of Friday evening have yet to hear back.
Website Hit: hxxp://mod.gov.sd
Raw Leak: https://hastebin.com/nasakigani.pl
Database Download (53.3 MB): https://mega.nz/#!xxFF2ABQ!DuDpFFnBgWmtI8fU-1YYFKfErUCD7Pi4IPLRFk7Cmgg