Via scmagazineuk.com -
Details of a political website being hacked has been reported when a sensitive site was hit by a hacker who managed to gain access to the email database.
After two political websites were hit [by XSS] last week, the Pakistani National Response Center for Cyber Crimes, part of the Federal Investigation Authority, was also hit last week.
Rik Ferguson, senior security advisor at Trend Micro, said that the hacker ‘zombie_ksa' states on the defaced page: 'your whole database and emails are leaked …. I was really excited to read, see what the f__k is private in here lOl'.
The hacker then boasted in a forum posting about the hit, saying: “I was browsing Propakistani.pk, so I saw [a] post about how to register [a] complaint with [the] FIA cyber crime. So I feel to check [their] security, and I started [a] penetration test on their web server, unfortunately I got access! And they got Pwned! That sounds crazy! I got [the] whole database! And email backup! Everything!”
Ferguson said that zombie_ksa posted two screen shots, one of the hacked site and a second one demonstrating his access to their email database.
“So it seems that from an amateur penetration test, a hacker has access at least to the full email database and possibly the backups of a National Response Center for Cyber Crimes in a highly politically sensitive country,” said Ferguson.
“The forum post was made at four in the afternoon yesterday (Thursday 7th January) and the hack is still live at the time of writing. To say this hack has national security implications would not be overstating the matter.”
No comments:
Post a Comment