The Panhellenic School Network SCH.GR was hacked by them Pøwerful Greek Army. In a period of pandemic and while the transfer of the country to Internet is being implemented at a very fast pace with excellent results so far, it seems that specific services of the Greek State are not prepared for such a big change. A typical example is the Panhellenic School Network SCH.GR, which they managed, without much difficulty, to violate Greek hackers, according to anonymous information sent via email to SecNews.
Distance education due to quarantine for him Coronation is a saving solution for all educational institutions in Greece with the aim of not losing this school year. Primary, High Schools, Lyceums, Universities and educational seminars have transferred to "online rooms" with students attending their classes through various platforms such as Zoom, Webex Cisco, Skype etc.
Circumstances therefore require it e-learning and telework. However, it seems that the Panhellenic School Network was not prepared for this big change. Like other Greek state internet infrastructures (thankfully not many), so too sch.gr had not carried out the required information regarding the internet and the online security.
The fight to secure data and privacy on the Internet is ongoing and tedious, as there are millions of malicious users waiting for bugs / exploit software to invade systems without being detected and stealing sensitive ones. personal information users. In this particular case, as SecNews is able to know, data from teachers, students, administrators and users in general who were registered in the database of sch.gr.
The Greek hacking group by name Pøwerful Greek Army contacted the editorial team of SecNews via an anonymous email where, after informing the authors of the data available to them, they stated the reasons why they decided to penetrate the Panhellenic School Network, violating them. security systems, wanting to send their own message. We were told that:
"We invaded the Panhellenic School Network to warn them! The level of internet security of sch.gr is unacceptable. We try to point out to them the shortcomings and the security gaps in order to comply and prevent some dangerous hacking attack of malicious users. Greek online systems now have to build a wall against cyber threats! Sensitive information of Greek citizens is at stake! "
According to EXCLUSIVE information sent by the hacking group under the name Pøwerful Greek Army, after being evaluated by the editorial team of SecNews, the acquisition of unauthorized access has been confirmed to sensitive servers (servers) belonging to the infrastructure of the Panhellenic School Network of the Ministry of Education, Lifelong Learning and Religions. Pøwerful Greek Army is a group that has been busy in the past (already since 2016) with its beats as you can see [here] and [here]
The Panhellenic School Network SCH.GR
The Panhellenic School Network SCH.GR is a larger public network that connects all schools, teachers and a number of administrative services and supervised bodies of the Ministry. It also supports the administrative work of Education, as it has for use e-government applications for the management of education, such as e.g. for the collection of data of the student and educational potential, for the planning and the implementation of the recruitments of the teachers and their payroll, for the distribution of the books, etc.
Τι είναι το SQL Injection;
SQL injection is a code infusion technique, used for attacks on data-driven applications in which malicious SQL commands are entered in an input field for execution. SQL injection exploits security vulnerabilities in a software application. SQL injection is commonly known as a means attack site, but can be used to attack any type of database.
SQL injection attacks allow hackers to violate websites, stealing user and administrator authentication data, infringing existing data, causing issues in any kind of transaction, allowing full disclosure of all stored data within an information system, destroying data or making it available administrator rights in database server.
According to the analysis of the data provided to the editorial team of SecNews (and which we publish distorted to protect the infrastructure from possible attacks by other hackers), it was found that the attack took place using SQL Injection vulnerabilities that led to additional data and data extraction. The data and data obtained include personal data such as usernames, passwords, country of residence, home address, telephone number and other sensitive information stored on the system.SecNews, in order to protect the leaked personal data, hides with a relevant black box data that can be used by malicious hackers.
Indicative photos that have been properly altered for personal data protection purposes are listed below:
The details were announced anonymously to SecNews with regard to the attack are available to the competent services, if requested.
From the analysis of the SecNews technical team: In the data sent and evaluated by our technical team, it was found that there are a number of weaknesses in multiple parameters of websites that have not been repaired, which makes these areas of the website accessible to anyone with an average or low level of knowledge and use of publicly available tools, which anyone can locate and use at Internet! Indeed, the data obtained is said to be a lot of data mb, with usernames / passwords / addresses and telephone numbers.
The competent managers of the Panhellenic School Network SCH.GR must IMMEDIATELY check the targeted websites and take immediate action to repair and modify all administrator codes as well as repair SQL Injection vulnerabilities that can be detected.
In addition, the extent to which personal data of teachers and professors of the Panhellenic School Network have been adequately investigated must be properly investigated, as the exact type of data obtained and the exact depth of the hackers' attack are not clear. Pøwerful Greek Army.
The activation of the relevant Web Application firewalls in combination with Intrusion Detection & Prevention Systems perhaps it could be a first step in repelling such attacks.
Finally, the Privacy Authority since the leak has affected a large number of citizens, whose details were unknowingly exposed to the hackers.
From the SecNews Editorial Team:
We understand that there is a concern among parents as to whether children should continue to use the SCH.GR digital education platform. His technical team SecNews considers that the use of the platform should not be discontinued, However, students should be more careful following the following tips:
- Do not use the parent's email to use the platform but create their own personal email. Use of email is a must always be personal whether done by an adult or a minor. Parents are more likely to use their email in services and online bank accounts that may be compromised by careless use of the email.
- Strengthen their password. As we have mentioned many times in the past, a strong password is the first line of defense against hackers. Therefore, it is necessary -especially after the invasion- to change your password to someone more powerful (special characters, uppercase and lowercase letters, numbers, etc.). Please note that the same password should NOT be used in any other service. We use separate codes for each online service.
- Do not stay connected to the online learning platform after the completion of the teaching. It is always necessary to log out of online accounts after their use is over.
- Do not share passwords with friends and especially through networking pages (Facebook, Instagram, Twitter, etc.).
· Parents -especially for young students- to keep their child's access details (email and password) for security reasons.
· Parents It would be good to use parental control both at home and on devices. This action will help them discreetly control their children's activities in order to ensure their safety.
Thanks to the anonymous Pøwerful Greek Army for timely and valid information.
SecNews provides objective and impartial information to its readers. Below you will find the updates that have emerged regarding the news.
UPDATE 1 - 16.04.2020: According to a reader of SecNews, it is reported that:
"In recent days, reports have been circulating on the Internet about violations of the systems of the Panhellenic School Network (PSD) and the leakage of data that it maintains. We would like to inform you that this is not the case.
From our investigation so far, it appears that the data referred to in an article concerning the attack do not come from the system of users of the PSD, nor from the Databases of its services.
They come from the implementation of the educational community, which is hosted in the PSD, in the context of hosting websites provided by the PSD. The leaked data is old (from 2010-11).
The administrators of the application were informed about the matter in order to act in accordance with the provisions provided.
The Panhellenic School Network assures its members that in the framework of the General Data Protection Regulation, which it implements, it follows all the appropriate measures, in order to preserve the data it maintains.
By the way, we remind you to apply the good safety and protection practices proposed by the Panhellenic School Network to its members, as mentioned on the page https://www.sch.gr/security ”