Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Activist Group Targets Istanbul Admin Portal – Claims to Have Erased Debts

RedHack, a Turkish collective of activists and hackers parallel to Anonymous (but they are not Anons themselves), has claimed responsibility for the discovery of authentication issues within the portal used by the Istanbul Special Provincial Administration (ioi.gov.tr).

RedHack, a Turkish collective of activists and hackers parallel to Anonymous (but they are not Anons themselves), has claimed responsibility for the discovery of authentication issues within the portal used by the Istanbul Special Provincial Administration (ioi.gov.tr).

In their original announcement via Twitter on Thursday, the group posted a link to the administration portal noting that it was “open to public hacking” as long as the username and password matched ‘ or ”=’ – a string commonly used to probe for basic SQL Injection attack vectors.

According to subsequent posts from the group on Twitter, the attack was successful, and they encouraged others to use it in order to edit records. Later, after some attention was given to what they’d done, RedHack noted that some of their followers were unable to delete their bills. Allegedly, the group did it for them, erasing financial obligations listed within the portal.

The domain was taken offline early Friday morning, but by that point the damage had already been done. As of 2:30 p.m. EST on Friday, the domain was still offline.

RedHack’s actions are due to the ongoing protests in Turkey’s capitol, Ankara. On Thursday, hundreds of protestors took to the streets to protest their government.

The protests themselves started out as non-violent in late May, but that didn’t last as law enforcement (at the behest of the government) started to engage the masses with extreme force.

In addition to severe beatings and teargas injuries affecting some 7,500 people, reports from the region have noted several deaths including one police officer.

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.