Enlace Hacktivista - User contributions [en]

User:Mango

2022-05-17T13:24:52Z

Mango: Created page with "Senior Cyber Intelligence Analyst at CyberCX"

Senior Cyber Intelligence Analyst at CyberCX

Nauru Police Force

2022-05-06T19:42:02Z

Mango: /* Media Coverage */

Hack of 285,635 emails from the Nauru Police Force, documenting conditions of the island and abuses endured by asylum-seekers and refugees at the immigration detention centre operated by the Australian government.

* [https://enlacehacktivista.org/nauru.txt Statement from the hackers]
* [https://enlacehacktivista.org/nauru.torrent Torrent]
* [https://nauru.enlacehacktivista.org/ Direct Download]

== Media Coverage ==

* https://www.crikey.com.au/2022/05/03/nauru-police-email-hack-australia-immigration-detention-offshore-processing/
* https://12ft.io/proxy?q=http://www.afr.com/policy/foreign-affairs/hacktivists-steal-300k-police-emails-to-protest-offshore-detention-20220503-p5ai1q
* https://www.crikey.com.au/2022/05/05/nauru-police-force-emails-refugees-asylum-seeker-self-harm-suicide/
* https://www.crikey.com.au/2022/05/06/nauru-police-email-leak-facebook-cybercrime/
* https://www.cyberscoop.com/australian-police-ask-website-pull-leak-data-nauru/

== Police Response ==

=== Nauru Police: ===
<blockquote>
Dear Secretary,

We are in contact with our network system provider from Australia Mr. Ashnil through our counterpart AFP, for an inquiry involving AFP Cyber crime unit to check whether our system has been hacked. We are waiting for confirmation from Mr. Ashnil to determined if its hacked or not from his platform, We are pretty confidence that our system integrity is secure.

The other second party who deals with our system here is Nauru ICT, we will also work with ICT to see if the hacker are able to access through that platform.

Once confirmation is received from Mr. Ashnil we will provide further update.

Crikey is online publication platform that can throw any story in the public arena, and we strongly believed that the intention is against the Australian government, to course damage for the upcoming general election with the offshore processing center here in Nauru.

Kind regards

ComPol
</blockquote>
=== Australian Police: ===
<blockquote>
My name is Jim Astley and I am a cybercrime investigator from the Australian Federal Police (AFP). We are currently investigating allegations that a hacktivist syndicate gained unauthorised access to Nauruan Police email servers, and posted the details on a website hosted by Flokinet.

More specifically, the website is hosted at:

enlacehacktivista[.]org – IP address 185.165.170.180

We’d be grateful if you could take the website down on the basis that material published on this website originated from unlawful activity (specifically unauthorised access to ICT platforms). I am aware that Icelandic laws protect anonymity, and we are not asking for any information to further this investigation. We also understand the need for whistle-blower protections and free media, which are supported under Icelandic (and Australian) law. However we believe that this website is enabling criminal activity, and therefore believe it is appropriate to take the website down. We’d be grateful if you took action to take down the website: enlacehacktivista[.]org hosted at IP address 185.165.170.180.

If you have any questions, please don’t hesitate to contact me.

Thanks,

Jim
</blockquote>
[[Category:Hacks]]

Nauru Police Force

2022-05-05T08:17:22Z

Mango: /* Media Coverage */

Hack of 285,635 emails from the Nauru Police Force, documenting conditions of the island and abuses endured by asylum-seekers and refugees at the immigration detention centre operated by the Australian government.

* [https://enlacehacktivista.org/nauru.txt Statement from the hackers]
* [https://enlacehacktivista.org/nauru.torrent Torrent]
* [https://nauru.enlacehacktivista.org/ Direct Download]

== Media Coverage ==

* https://www.crikey.com.au/2022/05/03/nauru-police-email-hack-australia-immigration-detention-offshore-processing/
* https://12ft.io/proxy?q=http://www.afr.com/policy/foreign-affairs/hacktivists-steal-300k-police-emails-to-protest-offshore-detention-20220503-p5ai1q
* https://www.crikey.com.au/2022/05/05/nauru-police-force-emails-refugees-asylum-seeker-self-harm-suicide/

== Police Response ==

=== Nauru Police: ===
<blockquote>
Dear Secretary,

We are in contact with our network system provider from Australia Mr. Ashnil through our counterpart AFP, for an inquiry involving AFP Cyber crime unit to check whether our system has been hacked. We are waiting for confirmation from Mr. Ashnil to determined if its hacked or not from his platform, We are pretty confidence that our system integrity is secure.

The other second party who deals with our system here is Nauru ICT, we will also work with ICT to see if the hacker are able to access through that platform.

Once confirmation is received from Mr. Ashnil we will provide further update.

Crikey is online publication platform that can throw any story in the public arena, and we strongly believed that the intention is against the Australian government, to course damage for the upcoming general election with the offshore processing center here in Nauru.

Kind regards

ComPol
</blockquote>
=== Australian Police: ===
<blockquote>
My name is Jim Astley and I am a cybercrime investigator from the Australian Federal Police (AFP). We are currently investigating allegations that a hacktivist syndicate gained unauthorised access to Nauruan Police email servers, and posted the details on a website hosted by Flokinet.

More specifically, the website is hosted at:

enlacehacktivista[.]org – IP address 185.165.170.180

We’d be grateful if you could take the website down on the basis that material published on this website originated from unlawful activity (specifically unauthorised access to ICT platforms). I am aware that Icelandic laws protect anonymity, and we are not asking for any information to further this investigation. We also understand the need for whistle-blower protections and free media, which are supported under Icelandic (and Australian) law. However we believe that this website is enabling criminal activity, and therefore believe it is appropriate to take the website down. We’d be grateful if you took action to take down the website: enlacehacktivista[.]org hosted at IP address 185.165.170.180.

If you have any questions, please don’t hesitate to contact me.

Thanks,

Jim
</blockquote>
[[Category:Hacks]]

Nauru Police Force

2022-05-03T08:42:22Z

Mango:

Hacker History

2022-05-03T08:41:50Z

Mango: /* 2022 */

==2008==
* [[Sarah Palin emails]]

== 2010 ==
* [[SRS Electronic Declaration System]]
* [[Operation Payback]]

== 2011 ==
* [[Chinga la Migra]]
* [[CorruptBrazil]]
* [[Fuck FBI Friday]]
* [[HBGary]]
* [[LeakyMails]]
* [[Shooting Sheriffs Saturday]]
* [[Sownage]]
* [[Stratfor]]

== 2012 ==
* [[Apple UDIDs]]
* [[CSLEA]]
* [[Norton AntiVirus]]
* [[Syria emails]]
* [[Bureau Of Justice]]

== 2013 ==
* [[Project AIG]]

== 2014 ==
* [[LulzSecPeru]]
* [[Gamma Group]]
* [[Russian Interior Ministry]]

== 2015 ==
* [[wikipedia:Football Leaks]]
* [[Hacking Team]]

== 2016 ==
* [[Berat Albayrak Emails]]
* [[Panama Papers]]
* [[Surkov Leaks]]

== 2017 ==
* [[Bob Otto emails]]
* [[Cellebrite]]
* [[Flexispy]]
* [[Freedom Hosting II]]

== 2018 ==
* [[Salvini emails]]
* [[Doxxing-Adventskalender]]

== 2019 ==
* [[GorraLeaks]]
* [[Paco Leaks]]
* [[Milico Leaks]]
* [[Capital One]]
* [[Perceptics]]
* [[Cayman National Bank and Trust (Isle of Man)]]
* [[Iron March]]
* [[Varela Leaks]]

== 2020 ==
* [[Luanda Leaks]]
* [[BlueLeaks]]
* [[Intel exconfidential Lake]]

== 2021 ==
* [[Gab]]
* [[Myanmar Investments]]
* [[American Patriots Three Percent‎]]
* [[Verkada]]
* [[Sons of Confederate Veterans]]
* [[MagaCoin]]
* [[Electronic Arts]]
* [[Tea Party Patriots]]
* [[Cyber Partisans]]
* [[HART]]
* [[Policía Nacional Civil de El Salvador]]
* [[Epik]]
* [[Oath Keepers]]
* [[America's Frontline Doctors]]
* [[Twitch]]
* [[Attila Hildmann‎]]
* [[Metropolitan Police Department D.C.]]
* [[Academy of Public Administration (Belarus)]]
* [[AnibalLeaks]]

== 2022 ==
* [[Patriot Front]]
* [[Belarusian Railway]]
* [[Pronico]]
* [[Roskomnadzor]]
* [[OpRussia]]
* [[Nauru Police Force]]

Nauru Police Force

2022-05-03T08:41:23Z

Mango: Created page with "Hack of 285,635 emails from the Nauru Police Force, documenting conditions of the island and abuses endured by asylum-seekers and refugees at the immigration detention centre operated by the Australian government. * [https://enlacehacktivista.org/nauru.txt Statement from the hackers] * [https://enlacehacktivista.org/nauru.torrent Torrent] * [https://nauru.enlacehacktivista.org/ Direct Download] == Media Coverage == * https://www.crikey.com.au/2022/05/03/nauru-police-e..."

OpRussia

2022-04-27T20:58:03Z

Mango:

A lot of Russian based companies have been having their servers blown wide open and emails flying out all over the place for the world to read. Leaks nearing ten MILLION files and continuing. The hacks have followed the Russia's invasion in Ukraine and the targets have included banks, government institutions, investment firms, power generation infrastructure, oil and mining companies, a weapons manufacturer in Belarus, as well as the Russian Orthodox Church.

== Explanation of the Hack ==

For Russia we realised that a lot of companies and organisations haven't yet fully patched their exchange servers and many are still vulnerable to proxyshell! We then went out and tried to find as many high profile targets who were vulnerable as possible and then leak their emails to ddosecrets [1].

For a lot (not all) of the Russian email leaks the recon process was:

* 1. Shodan dorks: country:"RU", http.title:"outlook", http.title:"OWA", http.title:"Autodiscovery", http.title:"Microsoft Exchange" and then download the results (You may also search for the CVE).
* 2. Parse out the IP's from the list: grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" file1 > file2
* 3. Then parse out vulnerable to non-vulnerable, exploitable to non-exploitable: nmap --script http-vuln-exchange-proxyshell.nse -iL file2 -oA file3 -p 443 [2]

From here we then used [3] to exploit the vulnerable servers and proceed with downloading as many if not all the emails as possible. The leaks will continue to be published until Russia has completely
pulled out of Ukraine!

* [1] https://ddosecrets.com/wiki/Category:Russia
* [2] https://github.com/GossiTheDog/scanning/blob/main/http-vuln-exchange-proxyshell.nse
* [3] https://github.com/horizon3ai/proxyshell

== Media Coverage ==

* https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/
* https://meduza.io/en/feature/2022/04/13/the-hunt-for-antimilitarism
* https://www.pravda.com.ua/eng/news/2022/04/24/7341811/
* https://www.theverge.com/2022/4/22/23036079/russian-emails-leaked-ddosecrets
* https://www.ibtimes.com/anonymous-affiliate-nb65-hacks-russian-state-network-leaks-900000-emails-3461648
* https://securityaffairs.co/wordpress/129576/hacktivism/anonymous-huge-data-dump.html
* https://www.ibtimes.com/anonymous-starts-huge-data-dump-will-blow-russia-away-leaks-rostproekt-emails-3452789
* https://www.dailymail.co.uk/news/article-10692617/Anonymous-leaks-nearly-MILLION-Russian-state-media-emails.html

== Partners ==
* https://twitter.com/xxNB65
* https://twitter.com/DepaixPorteur
* https://twitter.com/B00daMooda
* https://twitter.com/wh1t3sh4d0w0x90

[[Category:Hacks]]
[[Category:Cyberwar]]

OpRussia

2022-04-27T20:55:46Z

Mango:

A lot of Russian based companies have been having their servers blown wide open and emails flying out all over the place for the world to read. Leaks nearing ten MILLION files and continuing. The hacks have followed the Russia's invasion in Ukraine and the targets have included banks, government institutions, investment firms, power generation infrastructure, oil and mining companies, a weapons manufacturer in Belarus, as well as the Russian Orthodox Church.

== Explanation of the Hack ==

For Russia we realised that a lot of companies and organisations haven't yet fully patched their exchange servers and many are still vulnerable to proxyshell! We then went out and tried to find as many high profile targets who were vulnerable as possible and then leak their emails to ddosecrets [1].

For a lot (not all) of the Russian email leaks the recon process was:

* 1. Shodan dorks: country:"RU", http.title:"outlook", http.title:"OWA", http.title:"Autodiscovery", http.title:"Microsoft Exchange" and then download the results (You may also search for the CVE).
* 2. Parse out the IP's from the list: grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" file1 > file2
* 3. Then parse out vulnerable to non-vulnerable, exploitable to non-exploitable: nmap --script http-vuln-exchange-proxyshell.nse -iL file2 -oA file3 -p 443 [2]

From here we then used [3] to exploit the vulnerable servers and proceed with downloading as many if not all the emails as possible. The leaks will continue to be published until Russia has completely
pulled out of Ukraine!

* [1] https://ddosecrets.com/wiki/Category:Russia
* [2] https://github.com/GossiTheDog/scanning/blob/main/http-vuln-exchange-proxyshell.nse
* [3] https://github.com/horizon3ai/proxyshell

== Media Coverage ==

* https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/?utm_medium=social&utm_campaign=theintercept&utm_source=twitter
* https://www.theverge.com/2022/4/22/23036079/russian-emails-leaked-ddosecrets
* https://www.ibtimes.com/anonymous-affiliate-nb65-hacks-russian-state-network-leaks-900000-emails-3461648
* https://securityaffairs.co/wordpress/129576/hacktivism/anonymous-huge-data-dump.html
* https://www.ibtimes.com/anonymous-starts-huge-data-dump-will-blow-russia-away-leaks-rostproekt-emails-3452789
* https://www.dailymail.co.uk/news/article-10692617/Anonymous-leaks-nearly-MILLION-Russian-state-media-emails.html

== Partners ==

* https://twitter.com/DepaixPorteur
* https://twitter.com/B00daMooda
* https://twitter.com/wh1t3sh4d0w0x90

[[Category:Hacks]]
[[Category:Cyberwar]]