Pakistani National Response Center for Cyber Crimes… Hacked!

It seems to be the season for defacements and hacktivity. The week began with the Cross Site Scripting attack on the Spanish EU website and the defacement hack of Iranian President Ahmadinejad’s Official site and it closes with a high profile hack of the Pakistani National Response Center for Cyber Crimes, part of the Federal Investigation Authority.

The web site was compromised and defaced as below

Click for larger image

 Unfortunately for the Pakistani FIA though this attack appears to go beyond a simple defacement. The hacker “zombie_ksa” also states on the defaced page

your whole database and e-mails are leaked …. i was really excited to read, see what the f__k is private in here lOl

 At first glance this could well seem like idle l33t H4x0r bragging so I did a bit of digging to see if the boast could be substantiated. In a forum posting, zombie_ksa said

“I was Browsing! today Propakistani.pk So i saw post about” how to register complaint with fia cyber crime”! so i feel to check there Security, and i started Penetration Test On there Webserver, unfortunately I GOT access!! And they got Pwned!! !! thats Sounds crazy ! I got whole database! and e-mail Backup! everything!”

 

The hacker then posted two screen shots, one of the hacked site and second one, below demonstrating his access to their email database (I have sanitised the email addresses here)

Screen shot posted by the hacker

Screen shot posted by the hacker

So it seems that from an amateur penetration test a hacker has access at least to the full email database and possibly the backups, of a National Response Center for Cyber Crimes in a highly politically sensitive country. The forum post was made at 4 in the afternoon yesterday and the hack is still live at the time of writing. To say this hack has national security implications would not be overstating the matter.

Any organisation holding material this sensitive should, as a priority, make sure all Internet facing servers are hardened and fully patched, the servers should also be regularly audited, preferably daily to look for evidence of new vulnerabilities as they arise. Web application firewalls should be used to look for evidence of and block anomalous or malicious behaviour.

But perhaps most importantly emails dealing with matters this sensitive should not be connected with, or stored on your public web server and they should always be stored in a secure encrypted format.

5 thoughts on “Pakistani National Response Center for Cyber Crimes… Hacked!

  1. pakibugs-looser

    zombie_ksa is such a looser his own id got hacked check this out on his own forum

    http://www.pakbugs.com/spam-hell/17386-zombie_ksa-email-hacked.html

    and his forum pakbugs also got hacked back days

    http://wellcometoshareknowledge.blogspot.com/2010/02/web-forum-called-www.html

    FIA HAS ARRESTED PAKBUGS CREW MEMBER AND YET THEY ARE ASKING FOR MORE LOL KIDS ZOMBIE IS IN SAUDIA ARABIA SITTING THERE AND SAYING about FIA u cant do anything tell him to come in pak then talk :)

    Reply
  2. Paktech.Pk

    Hi Ferguson!

    I think you mean of this post to say the hack has national security implications would not be overstating the matter and public web servers should always be stored in a secure encrypted format. Hmmm…. I am agreed.

    Thanks for update.
    http://www.paktech.pk/

    Reply
  3. Pingback: Anti-Virus & Anti-Malware website. » Iranian “Cyber Army” Strikes at China’s Search Engine Giant, Chinese Hackers Retaliate

  4. Pingback: Tweets that mention Pakistani National Response Center for Cyber Crimes… Hacked! » CounterMeasures -- Topsy.com

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>