Security Experts:

Activist Group Targets Istanbul Admin Portal - Claims to Have Erased Debts

RedHack, a Turkish collective of activists and hackers parallel to Anonymous (but they are not Anons themselves), has claimed responsibility for the discovery of authentication issues within the portal used by the Istanbul Special Provincial Administration (ioi.gov.tr).

In their original announcement via Twitter on Thursday, the group posted a link to the administration portal noting that it was “open to public hacking” as long as the username and password matched ' or ''=' - a string commonly used to probe for basic SQL Injection attack vectors.

According to subsequent posts from the group on Twitter, the attack was successful, and they encouraged others to use it in order to edit records. Later, after some attention was given to what they’d done, RedHack noted that some of their followers were unable to delete their bills. Allegedly, the group did it for them, erasing financial obligations listed within the portal.

The domain was taken offline early Friday morning, but by that point the damage had already been done. As of 2:30 p.m. EST on Friday, the domain was still offline.

RedHack’s actions are due to the ongoing protests in Turkey’s capitol, Ankara. On Thursday, hundreds of protestors took to the streets to protest their government.

The protests themselves started out as non-violent in late May, but that didn’t last as law enforcement (at the behest of the government) started to engage the masses with extreme force.

In addition to severe beatings and teargas injuries affecting some 7,500 people, reports from the region have noted several deaths including one police officer.

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.