UAE Ministry of Presidential Affairs, Ministry of The Prime Minister, Airports, Oil Companies & Over A Half Dozen More Federal Agencies Exposed in Data Breach

I swear, the universe has such an interesting way of working itself out. A couple weeks ago I learned of a controversial new project being undertaken by US cyber-mercenaries on behalf of the United Arab Emirates, solely designed to spy on other Arab nations, news outlets, activists and journalists abroad. More specifically, their work is/was officially code-named “Project Raven,” an operation designed to spy on UAE counterparts in countries such as Qatar, including Qatari media outlets such as Al-Jazeera news.

Learn More – Project Raven: https://www.reuters.com/investigates/special-report/usa-spying-raven/

However, over the course of the last few weeks/months since news of Project Raven first became public, it appears as though the United Arab Emirates has now made itself a target as a result. I say this because last night I came across an interesting cache of documents left exposed online, all stolen from various offices and organizations throughout the UAE dating back to March 2019. Together with the help of PopTart from Pryzraky, Rogue Media Labs was able to extract, compress and back up each the files to be released to the browsing public here today. The leak in its entirety contains records stolen from 11 businesses, offices, agencies and organizations across the UAE – including information such as site webmail passes, user passes, web shells and much more.

Named In The Leaked Doc’s Below:

Abu Dhabi Airports
Abu Dhabi Statistics Center
CDHQ
Emirates Federal Competitiveness and Statistics Authority
Emirates Ministry of Presidential Affairs
Emirates National Oil Company
Emirates National Media Company
Emirates Policy Center
Emirates Prime Ministers Office
Etihad Airways
Lamprel Energy Limited

Download Full File Here: https://roguemedia.co/wp-content/uploads/2019/04/UAE_Dump.zip

Pryzraky Hackers Responsible for 39 International Hacks, Leaks & DDoS Attacks Over The Last 4 Days

Dating back to the weekend, “Pryzraky” hackers have been extremely active in a number of hacks, leaks and DDoS attacks targeting Government institutions in and around Europe, United States, United Kingdom and South America. However, while their hacks have primarily been carried out under the banners of #OpAssange, #OpEcuador and #OpUK, Pryzraky is doing as much as possible to distance themselves from the Anonymous hacker collective, whom been extremely active in publicizing these operations online.

All told, group members “Mecz1nho Markov” (@Mecz1nho), “Alne3737” (@Al1ne3737) and “PopTart” are responsible for a 39 cyber attacks over the last 4 days, including attacks targeting the Association of Police Investigators (Brasil), International Police (France), Department of Defense (USA) and National Police Association of the United Kingdom – with some attack bringing websites down for days at a time. A full list of their attacks is chronicled below.

Hacked/Leaked:

Association of Civilian Police Investigators: hxxp://sinpol-assinpol.com.br/
Faculdade Integrada Tiradentes: hxxp://fits.edu.br/
Data Download: https://anonfile.com/fem19fd4n9/PryzrakyLeaks_-_14.04.2019_zip

[Target]: hxxps://www.correosdelecuador.gob.ec/
[Database]: https://pastebin.com/raw/KQXRbqCQ

DDoS Attacks:

International Police (INTERPOL) – hxxp://interpol.int/ (Tango Down’d)
US Department of Defense (DoD) – hxxp://defense.gov/ (Tango Down’d)
UK National Police – hxxp://police.uk/ (Tango Down’d)
Supreme Court of The United Kingdom – hxxp://supremecourt.uk/ (Tango Down’d)

SQLi Injection Vulnerabilities:

hxxp://bedale-tc.gov.uk/
hxxp://www.exning-pc.gov.uk/
hxxp://www.rosstc-herefordshire.gov.uk/

.GOV
hxxp://www.wraysburyparishcouncil.gov.uk/cllr-profile.php?id=24%27
hxxp://www.localplan.charnwood.gov.uk/content/index.php?id=1%27

.CO
hxxp://www.thelexington.co.uk/event.php?id=311%27
hxxp://chatterboxvoices.co.uk/profile.php?id=351%27
hxxp://www.mexicolore.co.uk/can.php?id=1%27
hxxp://fieh.co.uk/index.php?Id=51%27
hxxp://www.facetpublishing.co.uk/title.php?id=301829%27#.XLPCxuhKjIU
hxxps://www.ileswastesystems.co.uk/index.php?id=1%27
hxxp://www.mcstone.co.uk/kitchens.php?id=11%27
hxxp://www.elmslie.co.uk/project.php?id=61%27
hxxp://www.sequoia.co.uk/news.php?id=134%27
hxxp://www.mwnuk.co.uk/resourcesDetail.php?id=97%27
hxxp://www.windowfrance.co.uk/about_infos.php?id=1%27
hxxp://emjplastics.co.uk/project.php?id=14%27
hxxp://dementiabuddy.co.uk/event.php?id=162%27
hxxps://www.fusionworcs.co.uk/news/article.php?id=579%27
hxxps://www.nottspeed.co.uk/news_item.php?ID=243%27
hxxp://www.falkirklocalhistorysociety.co.uk/home/index.php?id=124%27
hxxps://www.trinitycollege.com/news/viewarticle.php?id=502%27
hxxps://www.restons.co.uk/index.php?id=79%27

.ORG
hxxps://www.pysc.org.uk/new/article.php?id=426%27
hxxp://www.bicga.org.uk/hub.php?ID=41%27
hxxps://www.lmc.org.uk/page.php?id=17%27
hxxp://www.linksparkct.org.uk/course.php?id=47%27
hxxp://www.gracechurchgreenwich.org.uk/churchbuilder/medialib.php?id=384
hxxps://garyhall.org.uk/maths-resource.php?id=80
hxxps://www.outward.org.uk/vacancy.php?id=104%27

https://twitter.com/al1ne3737/status/1117578169496866816

Rogue Security Labs Crashed by PopTart of Pryzraky

The parent company of Rogue Media Labs is called Rogue Security Labs for a reason, because I would like to fancy myself a sort of “savant” when it comes to cybersecurity. In fact, throughout the past, groups such of Ghost Squad Hackers have literally demonstrated attacks which have taken down ProtonMail servers, yet which just harmlessly deflected off me. Over the course of the last 5 months I have literally absorbed thousands of Web Application Attacks from all around the world on both my websites, and haven’t had a single one of the websites I’ve built or protected hacked or crashed since July 2017 – all without unnecessary 3rd party services such as Cloudflare, Radware or Sucuri mind you.

However, that all changed this past weekend when a hacker known as “PopTart” of Pryzraky crashed Rogue Security Labs with a Layer 7 DDoS Attack the likes of which I have never seen before. And I say this because, just a couple weeks ago, I deflected a Layer 7 Attack DDoS Attack from PopTart seamlessly without an ounce of down time. But after some research and a bunch of custom additions, including his own programming, PopTart appears to have finally pulled it off. For this reason, I dare say that PopTart is the most dangerous ‘doser’ in the world right now – at least that I have seen.

For some perspective on this, PopTart originally crashed my site while I was away, on a hike through town – so I asked them to try and replicate while I was back home in front of my computer. I kid you not, even with all Tor nodes blocked, VPN traffic blocked, Proxy traffic blocked and all IPv2 Addresses from China, Indonesia, Brasil and the Netherlands blocked, on top of all my existing security measures in place, PopTart was still able to crash my site – there was nothing I could do. He is the first and only person in history to crash a Rogue Security Labs protected site, and believe me there have been plenty of suitors – not all of them enemies, either.

In an interview with Rogue Media Labs, PopTart claims to have hijacked a majority of the devices in his botnet off the ClearNet – almost none of them having anything whatsoever to do with the Internet of Things (IoT). For this reason, all of the traffic from his botnet registers as legitimate. For example, his botnet passed my bot blacklist rules, passed my hidden recaptcha challenge, and even operates through https as well as http/2. None of my security settings flagged his devices, because they all accessed the website as legitimate, non malicious connections. Only when they were on the website site was the malicious amplification delivered, a truly unique creation the likes of which I have never seen before. Consequentially enough, which is why I’m writing this article here today – to give credit where credit is due.

The whole ordeal serves as a reminder that security is a myth; security is only an illusion. No matter how good your security is,  one day it will become outdated. Apparently the shelf life of my custom mitigations was 21 months. In the words of the great Arnold Schwarzenegger, “No matter how hard you are working, theres always someone out there somewhere working harder. No matter how smart you are, there’s someone out there smarter than you. And remember, every time you are resting, there is someone out there putting in hard work.” In that spirit, perhaps I too have gotten complacent.

#OpVenezuela: International Hackers Team Up As The Onslaught Against Maduro’s Government Continues Into The Weekend

Over the course of the last 24 hours or so different hackers and hacking groups from all around the world appear to have come together in a coordinated effort to launch a massive round of cyber attacks against the Venezuelan Government. The attacks themselves are being carried out under the banner of “Operation Venezuela” (#OpVenezuela), an international hacking campaign largely attributed to the Anonymous Hacker Collective, originally launched in retaliation for Venezuelan President Maduro’s abysmal human rights record and brutal treatment of students and protesters alike throughout the recent past.

Ergo

Starting on the night of March 1st 2019, “Ergo” of the Brasilian based hacking group known as “Pryzraky” began launching a series of DDoS attacks against the Bolivarian Army of the Bolivarian Republic of Venezuela and Bolivarian Agency for Space Activities, attached to the Ministry of Popular Power for University Education, Science and Technology. The attacks themselves were carried out using Ergo‘s very own custom made botnet code-named “Poseidon,” which is quickly becoming infamous for taking down various website worldwide ever since first being introduced to the public just a few weeks ago.

In a message attached to the attack, Ergo left behind a message for the Bolivarian Army reading “F*ck You! You failed with this nation, we are on the population side. Pryzraky is here to help Venezuelans.
Site’s #TangoDown’d:

Ejército Bolivariano de la República Bolivariana: hxxp://ejercito.mil.ve/
Agencia Bolivariana para Actividades Espaciales: hxxp://abae.gob.ve/

Al1ne3737

Al1ne3737” on the other hand, another member of Pryzraky, managed to hack the websites of 3 South American television stations and networks, dumping the contents of their databases and/or vulnerabilities online. For example, through the leaked information provided below you can find the login credentials of 8 administrators belonging to TV NaGaragem, the names, user names, email addresses, telephone numbers and passwords of 255 registered users of TV Caiçara, as well as the SQL Injection vulnerabilities effecting the website of Sky TV.

Folha de Alphaville: hxxp://sk.tv.br/
NaGaragemTV: hxxp://nagaragem.tv.br/
TV Caicara – Audiovisual Brasileiro Independente: hxxp://tvcaicara.tv.br/

Raw Data Leak: https://pastebin.com/raw/WZqEvHC0
Data Download 54.15 KB): https://anonfile.com/Y4u8A7v1b4/hackeddates_txt

PopTart

Another member of Pryzraky, “PopTart” has claimed responsibility for a DDoS attack effecting the Ministry of People’s Power of the Office of the President – presumably via Layer 7 DDos Attack, their primary attack style of choice. While the attack was originally launched close to 24 hours ago at the time of the release of this article, March 3rd 2019, though the site is back online, it’s still functioning abnormally slow.

Ministerio del Poder Popular del Despacho de la Presidencia: hxxp://presidencia.gob.ve/

Prince

Prince” on the other hand is an independent hacker working under the general umbrella of Anonymous, claiming an attack on the website of Venezuela’s Book of Opportunities for Studies – which was still down at the time of this article. This is also the second such hack/leak effecting this website over the course of the last week alone, adding to an entirely separate data leak released to the public on February 28th 2019.

Libro de Oportunidades de Estudios: hxxp://loeu.opsu.gob.ve/

Original Leak: https://ghostbin.com/paste/2z6j4
Leak Backup: https://pastebin.com/raw/TEtFCQ3K

https://twitter.com/oprince_wood/status/1101614066538303495