RedHack, a Turkish collective of activists and hackers parallel to Anonymous (but they are not Anons themselves), has claimed responsibility for the discovery of authentication issues within the portal used by the Istanbul Special Provincial Administration (ioi.gov.tr).
In their original announcement via Twitter on Thursday, the group posted a link to the administration portal noting that it was “open to public hacking” as long as the username and password matched ‘ or ”=’ – a string commonly used to probe for basic SQL Injection attack vectors.
According to subsequent posts from the group on Twitter, the attack was successful, and they encouraged others to use it in order to edit records. Later, after some attention was given to what they’d done, RedHack noted that some of their followers were unable to delete their bills. Allegedly, the group did it for them, erasing financial obligations listed within the portal.
The domain was taken offline early Friday morning, but by that point the damage had already been done. As of 2:30 p.m. EST on Friday, the domain was still offline.
RedHack’s actions are due to the ongoing protests in Turkey’s capitol, Ankara. On Thursday, hundreds of protestors took to the streets to protest their government.
The protests themselves started out as non-violent in late May, but that didn’t last as law enforcement (at the behest of the government) started to engage the masses with extreme force.
In addition to severe beatings and teargas injuries affecting some 7,500 people, reports from the region have noted several deaths including one police officer.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- Comcast Wants a Slice of the Enterprise Cybersecurity Business
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
- New York Attorney General Fines Vendor for Illegally Promoting Spyware
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Cyber Insights 2023 | Zero Trust and Identity and Access Management
- Cyber Insights 2023 | The Coming of Web3
- European Police Arrest 42 After Cracking Covert App
