RedHack, a Turkish collective of activists and hackers parallel to Anonymous (but they are not Anons themselves), has claimed responsibility for the discovery of authentication issues within the portal used by the Istanbul Special Provincial Administration (ioi.gov.tr).
In their original announcement via Twitter on Thursday, the group posted a link to the administration portal noting that it was “open to public hacking” as long as the username and password matched ‘ or ”=’ – a string commonly used to probe for basic SQL Injection attack vectors.
According to subsequent posts from the group on Twitter, the attack was successful, and they encouraged others to use it in order to edit records. Later, after some attention was given to what they’d done, RedHack noted that some of their followers were unable to delete their bills. Allegedly, the group did it for them, erasing financial obligations listed within the portal.
The domain was taken offline early Friday morning, but by that point the damage had already been done. As of 2:30 p.m. EST on Friday, the domain was still offline.
RedHack’s actions are due to the ongoing protests in Turkey’s capitol, Ankara. On Thursday, hundreds of protestors took to the streets to protest their government.
The protests themselves started out as non-violent in late May, but that didn’t last as law enforcement (at the behest of the government) started to engage the masses with extreme force.
In addition to severe beatings and teargas injuries affecting some 7,500 people, reports from the region have noted several deaths including one police officer.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
- Tenable Launches $25 Million Early-Stage Venture Fund
- 820k Impacted by Data Breach at Zacks Investment Research
- Mapping Threat Intelligence to the NIST Compliance Framework Part 2
- Hive Ransomware Operation Shut Down by Law Enforcement
- US Government Agencies Warn of Malicious Use of Remote Management Software
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
