Tuesday, October 27, 11:25
Home security AKINCILAR: New hacking attack on the Ministry of Foreign Affairs (?) (Updated)

AKINCILAR: New hacking attack on the Ministry of Foreign Affairs (?) (Updated)

AKINCILAR: New (?) Hacking attack on the Ministry of Foreign Affairs New (;) hacking attack on the website of the Ministry of Foreign Affairs, catalogue.mfa.gr, took place one hour ago from Turkish hacking team AKINCILAR was carried out.

AKINCILAR: New hacking attack on the Ministry of Foreign Affairs
AKINCILAR: New hacking attack on the Ministry of Foreign Affairs

According to information published by the Turkish user @ynsmroztas on Twitter, AKINCILAR targeted the site of the contact list of Foreign Ministry officials using technique SQL injection, which in most cases is combined with data breach and data leaks.. See the feature screenshot:

AKINCILAR: New hacking attack on the Ministry of Foreign Affairs

The hackers stated that they apparently gained access to the website catalogue.mfa.gr taking advantage of SQL injection vulnerabilities and succeeded to obtain contact details of employees of the Ministry. In addition, they appear to have gained access to backend database via the phpmyadmin add-on for managing the website database. Here are some screenshots of the attack by the Turkish hacker:

AKINCILAR: New hacking attack on the Ministry of Foreign Affairs
AKINCILAR: New hacking attack on the Ministry of Foreign Affairs
AKINCILAR: New hacking attack on the Ministry of Foreign Affairs

But who is the Turkish team? AKINCILAR

The AKINCILAR hacking team, is said to be a small and flexible group (Akincilar Cyber ​​Warrior) directly related / motivated by the President of Turkey, Recep Tayyip Erdogan.

The Cyber ​​Warrior group, also known as the Akıncılar, is a group founded in 1999. The group hierarchy is similar to that of the army as the group is defined as a fraternity as can be seen in its conditions for the recruitment of new people.

The team quotes the following phrase to determine which new members will be accepted: "You must be committed to our religion, traditions and customs." Also members can not use slang when communicating with other team members. When someone swears at one of us he swears at all of us.

The Cyber ​​Warrior website claims that the group was active during the preparation of the Turkish Internet Law (No. 565196), which is probably evidence that they have contacts with Turkish decision-makers or the political elite.

The group says its task is to combat satanic and pornographic content that offends the country's faith and moral values ​​online. It also states that the following are excluded from its attacks:

  • The team will support non-profit institutions, websites and groups that share the same ideas as our mission
  • The group will not attack sites or groups that do not oppose the group values
  • In many online forums, the Cyber ​​Warriors they claim that not attacked into a none Turkish site. This behavior seems consistent with the claim that the group has connections with the Turkish police at different levels. The group appears to have attacked several websites in countries such as Israel, Egypt, Austria and Armenia. France also seems to be a frequent target of the team. All available evidence indicates that the group has strong links with the state and that its actions are motivated by Recep Tayyip Erdogan and his foreign policy. Of course, Greece is a frequent target of the group as the group's actions are guided by the political developments of the country's foreign policy. So far in Greece they have carried out attacks against high profile targets, which is why the team is particularly well known in our country.
Members of the hacker team AKINCILAR, a sub-group of Cyber ​​Warrior, have been praised by Turkish police for their attacks on RedHack and other entities that pose a threat to Turkish or Islamic ideals. Several AKINCILAR hackers are also part of the management team of Bilişim Güvenliği ve Bilişim Suçlarına Karşı Mücadele Derneği (Cybercrime Information Security and Anti-Crime System), which provides free information security support to domain names gov.tr. 
HP's Cyber ​​Security Research report released in 2015 described the group as state-funded based on the following data:
In April 2012, representatives of the Bilişim Güvenliği ve Bilişim Suçlarına Karşı Mücadele Derneği (Information Security and Counter Cyber ​​Crime Association), including the director of the group Gökhan Şanlı, attended a meeting on . Şanlı, who uses the pseudonym Doktoray, manages the Cyber ​​Warrior forum. Also Halit Uygur, who used the pseudonym Dogukan, was a key member of the Cyber ​​Warrior team and was also an important figure in the Turkish Ministry of Education.
But what is a SQL injection attack?

SQL injection is one code injection technique, which allows the attacker to "Run" SQL statements against a target server. A successful SQL injection attack allows execute any query on the target database, which also means possibility collection of important information, such as passwords, usernames, emails, credit card numbers etc.

These attacks are being exploited vulnerabilities in web applications, which communicate with backend servers, where databases are stored. The abbreviation SQL comes from the words Structured Query Language (Structured Query Language). it is about a programming language used for adding, handling and retrieval data in a SQL database. Attackers can easily find out, with a few simple commands, if a page is vulnerable to SQL injection vulnerability. If it is, then it will be able steal data, destroy it, and even become database server administrators.

According to research, SQL injection vulnerabilities are among the most common application errors recent years. The first discussions about this attack started in 1998. From 2007 to 2010, SQL injection was one of the top 10 vulnerabilities in web applications. From 2005 to 2011, SQL attacks accounted for 83% of all (known) data breaches.

There are four subcategories of SQL injection attack:

  • Classic SQL injection
  • Blind SQL injection
  • SQL injection based on the Database Management System
  • Advanced SQL injection (SQL injection + inadequate authentication, SQL injection + DDoS attacks, SQL injection + DNS hijacking, SQL injection + XSS).

Attacking via SQL injection is a relatively simple type of attack as well no special tools are needed to make it happen. An experienced attacker can gain access to the entire system and not just the database. Therefore, companies and organizations should take it seriously, as after so many years of this attack, everyone should have been very more prepared.

AKINCILAR: New hacking attack on the Ministry of Foreign Affairs
AKINCILAR: New hacking attack on the Ministry of Foreign Affairs

Preventive measures

  • The most basic, perhaps, prevention measure is Proper design, good construction and constant monitoring of the database, so that it is not vulnerable to this attack.   
  • Restriction of server configuration elements: Restricting access to the wrong parameters can reduce the chance of attacking the target server. Although it does not offer 100% security, it is a first step towards security around databases.
  • Good knowledge of all SQL Servers on the network by administrators: First, managers need to know how many SQL servers are there on the network. This process may not be as simple as it seems, as most servers run on dynamic TCP ports and usually these servers only work when the user "needs" them. Therefore, some servers may not be active. To find all SQL Servers could be used SQL ping, SQL scan and more specialized software.
  • Continuous updates. Software companies often release updates to fix potential vulnerabilities. Therefore, organizations must take care to update the applications, software and generally the systems they use, in order to remain safe.
  • Prohibit access to specific ports of servers by unknown users: It does not offer absolute security, especially in SQL injection attacks, but it is an important security measure for the entire network of a company or organization. For example, closing UDP Port 1434 [this port is used to map Microsoft SQL databases] and all the TCP ports that SQL Server "listens to" can enhance security.
  • Adoption of strong admin-passwords. Using a strong password can prevent brute force, SQL injection and many other attacks. It is also recommended to change them frequently.

SecNews continues to investigate the incident and will keep you informed of anything new. The administrators should immediately download the website and conduct a forensics analysis of the attack data to determine if additional information systems of the Ministry have been affected, using as a jump point the said server that is affected!

[Updated- 23Sep2020: 23: 54] For optimal and reliable information, we publish the remark / note of a friend of the website. As a friend of our website mentioned on social media (his name is available to us), Notes that the dates shown in the video posted by the Turkish hackers are earlierς. This may mean:

a) that the attack took place at an earlier time (2018) and the screenshots were released today for reasons of impression (the opinion of the friend of the website)

b) that the attack took place at an earlier time where the relevant backdoors were placed but was used at a later time (the last days) to extract the data.

In any case, the notification of this post fully serves the information of those in charge to investigate which of the two scenarios applies.

Thanks to the friend of the website for the remark regarding the improvement of this article.

Stay tuned for more information and related events!

1 COMMENT

LEAVE ANSWER

Please enter your comment!
Please enter your name here

LIVE NEWS

Play Store: 21 Android apps with adware found

Google removed 15 Android apps from the Play Store over the weekend, according to a report from ...

The new KashmirBlack botnet has infected hundreds of thousands of websites

The new KashmirBlack botnet is believed to have infected hundreds of thousands of websites since November 2019.

FBI: Supports US Cyber ​​Camp for IT training and cybersecurity

The USSR and the FBI are working together to support the US Cyber ​​Camp. This...
00:01:52

US: Sanctions on a Russian institute for the development of Triton malware!

The US Treasury Department announced at the end of last week sanctions for a Russian research institute, which is allegedly involved ...

How to customize notifications for specific emails in Outlook

Your inbox may be flooded with junk emails. Sometimes, though, you really need to know when a particular message will arrive ...

Biomedical cyber attack: Hackers send phishing emails

Biomedical cyber attack: Hackers send phishing emails A cyber attack is underway that targets corporate users from many companies in Greece, with emails ...

How to control the brightness of your iPhone lens

It is probably no surprise to any iPhone owner that they can use the LED flash on the back of your iPhone as ...

Check for Windows 10 updates with these settings

Microsoft has added new settings that allow users to gain more control over how Windows Update ...

Microsoft did a survey and got angry with its results

Microsoft recently commissioned research firm YouGov to conduct a survey of 5.000 users - the questions were about the most general and ...

Popular children's apps are removed from the Play Store

The extremely popular applications Number Coloring, Princess Salon and Cats & Cosplay have been removed from the Play Store, after research by ...