Global exclusivity on SecNews the interview of the Turkish hacking team Turkdef Ops, which consists of aspiring hackers with knowledge that allows them to carry out successful and powerful hacking attacks.
The Turkish hackers answer SecNews editorial team’s questions and they reveal interesting information about the group and its world-renowned action, which many security experts try to analyze.
Among others, the Turkish hackers refer to the compromised critical state infrastructure and services of Greece, the way they organize their campaigns, their goals, their opinion about Greek hackers and the cyber-security level of Greece.
One of their hacking victims was Hellenic Register of Internet Names .gr, which information systems were compromised in April 2019.
According to information that cannot be disputed (and cannot be disclosed), Turkdef Ops have gained unauthorized access to other gTLDs (Top level Registra) of European countries as well as those of the Middle East. This allows them under conditions as long as what is listed applies to redirect any domain they wish from the targeted countries to websites they wish !!!
Something similar had taken place against Greek targets in April 2019, with Ministry of Foreign Affairs, the Maximos Palace, the Ministry of Civil Protection and the National Intelligence Service being the main target. Not many data (since the attack lasted less than 24 hours) was intercepted (via DNS redirection) and mainly consisted of passwords of webmail services and e-mail.
Turkdef Ops openly expressed their opinion about Anonymous Greece!
The talented hackers give answers that will impress but also will upset the Greeks!
First, how would you like us to call you? Do you have nicknames?
We don't use our real names in public. If you're asking our nicknames: you are making this interview with LinuxLov3r, ZeroTolerance, Bozkurt34 and fl0ry. Although, you can refer to us by our group's name: Turkdef Ops
A lot of people do not know your group's history. When/How did everything start? Tell us your group’s story.
We actually began doing hacking attacks to escape from a monotonous lifestyle, to kill time and to entertain ourselves.
That is also how we met. We were already working together and there was no reason to not form a group of our own, that is how Turkdef was founded. Every member of Turkdefops complements each other, we became experts in defacement.
Besides doing hack, we have quite ordinary lives. School, family, girls, sports, friends, etc.
How easy/difficult is it to have a secure communication between members?
We communicate through WhatAppusually by sending voice messages.
Have you ever had any hacking attacks against your group?
Yes, some group members were victims of (amateur) hackers, twice victims of malwareHowever, these were never successful.
Do you operate at your own will or are you sponsored by any government or private body?
No, we work on our own and for ourselves. We gain bigger things than money and sponsor from the attacks we did.
What is the main goal of your group’s actions?
We're not kids trying to get attention from others. What we do is show how the world's biggest companies fail in security.
Have you targeted any other critical Greek infrastructure apart from ICS FORTH and Toyota Greece?
Yes, we hijack some Greek ministries in the past by attacking Greek DNS. They didn't veil the truth, they admitted being hacked by making a statement. Apparently, they are still not taking the essentials security measuresOur attack was talked a lot in the media.
Can you share us some details (non confidential) of how a successful large scale attack like the one you achieve in ICS FORTH is possible? Is there any sql injection vulnerabilities, XNUMXday exploits or some other ways to succeed on that kind of attacks?
There is a vulnerability in every system, sometimes you can just neglect it. But the fact that you don’t see it doesn’t mean there is no vulnerability. We are interested in details, we examine every little detail and analyze where we will be attacking. About ICS Forthwe exploited various vulnerabilities. Many kinds of bugs are used.
Our main goal was to attack Volkswagen.gr. When we couldn’t find any vulnerability in Volkswagen Greece, we went further and tried to access the domain from the Greek DNS panel.
In about two weeks, we accessed the possibility to modify the DNS and domain records of all .gr domains. Let us tell you a secret, we didn’t use it but there are still Command Injection and LFI vulnerabilities at ICS Forth. Don't you believe us? Let's look.
How would you describe Greece’s cybersecurity protection level? Is Greece an easy target?
The level of Greece is mediocre and is an easy target for a talented hacker. We would score with 5/10
Have you come across any Greek hacking group?
Their Anonymous GreeceThey’re pitiful. They have no skills in web hacking, only in TCP/UDP DDoS.
Even when challenging us, they had childish gestures. So we hacked Toyota Greece and in just one hour, we obtained information of 50.000 Greek citizens, and showed them how to do real hacking. Like a real man. Good job, right?
Is Greece your main target? What other targets according to your deep knowledge are targeted by your group?
No, we choose whatever will entertain us as a target. We do not have a specific country as target, our reason for organizing a cyber-attack against Greece was to teach who is the best to the children we mentioned in the answer above.
Can you share with us and our visitors some future attacks that you plan (not exactly attacks but categories like telecom companies, oil companies, shipping companies, ministries etc)?
Among our future targets, there is a famous technology website, a country’s domain management system and a world-famous person. These targets may change. Follow closely. 😉
Have you ever been targeted by the authorities? If yes, which hacking attack(s) triggered them?
We once attacked the website of a Turkish political party that had many voters, we were XNUMX back then. With a SQL Injection Vulnerabilitywe reached many deputies’ phone numbers, and with our fake numbers we added them to Whatsapp group chats and made fun of them.
Because of the cyber-attack, the political party’s website was not accessible to the public for 4-5 days. Later, the Turkish police arrested us and interrogated us one by one, they examined our computers. As we were minors, they just told us not to do that again and let us finally go.
Apart from that, we had no other attacks that annoyed the authorities. By the way, a friend named Hasan was stealing credit cards with XNUMXdays he found on Deep web.He bought himself computers and phones with the stolen credit cards. Back then, it was worth 20 thousand Turkish Lira.
In an upcoming state of cyberwar, will Turkdef be a part of it? Do you think that your members are of very high knowledge?
Hacking is a wide area; we can’t claim to know everything. But we believe in ourselves, we specialize in every area of hacking. We are on the way to be the best.
What is the most dangerous hacking method these days according to your expertise?
According to us, the ransomware attacks are becoming more and more dangerous these days. We know some of the groups that use this method, we can tell which group it is by looking at the ransom paper they gave to the companies. It becomes especially difficult for big companies: giving the hacker the money or not being able to sell for a few days? It is about profit and loss.
Name us the XNUMX most important steps a user should follow in order to avoid a hacking attack.
We are not a search engine like GoogleWe’re not going to give you advice like everyone else does, “use difficult passwords, don’t give your passwords to anyone, blablabla”.
The average internet user thinks to be 100% safe with a few antivirus programs and by going to a security company. Security does not work, believe us. Nobody can be safe in three steps.
In the underground forums we are in, you can find millions of zombie computers with a virus to buy. You may find that accesses to NASA and Interpolare sold. The database of the American military is to sell. Most importantly, viruses that are capable of exploiting browsers are being sold. Have you ever heard what these are? As soon as you click on a link that seems normal, your computer is actually being hacked. Your antivirus program cannot block this. That is all we want to tell you.
Would you like to send any message to SecNews’s users or to Greek targets?
We want to send greetings to our brothers: intrusive, pasa, exiqor, seeul8er, Injector_pCa, alfa, Ulukurt, AgonGYS, l0ryz.
SecNews is an unbiased and objective Information website specializing in cyber attacks and information security and will always give voice to groups or personalities that interest our users. The views expressed in the interview EXCLUSIVELY reflect the views of Turkdef Ops.
Many thanks to LinuxLov3r, ZeroTolerance, Bozkurt34 and fl0ry for this interesting interview and their willingness to respond to the Greek public for their much-discussed attacks on critical state infrastructure and services in Greece.
[UPDATE] Regarding the Screenshots attached to the article and taken from the profile of the hackers [who are currently inactive immediately after publication], individual Turkish users / readers who contacted the editorial team report that they are fake screenshots and that the hackers altered the screenshots they posted. SecNews broadcasts the interview as-is without cuts to be evaluated by readers. The authorities have to confirm the so-called hackers and whether they are fake screenshots or real since these screenshots were uploaded to the public profile on Instagram and were available to the public. In addition, we mention that at the time of the update in this article the Turkdef Ops profiles are inactive.
Many of Turkdef Ops' attacks claim to have taken place as part of the Sea Turtle campaign, a global hacking campaign that has alarmed security experts and major media worldwide.
Sea Turtle campaign has been been out in the wild since January 2018, with key targets many public and private states. Its main hacking method is DNS hijacking attacks.
According to media, attacks are detected in about 40 organizations in 13 countries.
Attackers are highly organized and use sophisticated methods, which give them access to sensitive networks and systems. DNS hijacking attack redirects users to malicious websites by modifying DNS name records or server settings.
The campaign seems to target two victims categories. The first category includes national security organizations, foreign ministries, and energy related organizations. The second victim category includes DNS administrators, telecommunications companies, and internet service providers.
It is worth noting that the first target of the attackers is third parties (providers), which provide services to main targets (outsourcing).
Learn more about the SeaTurtle campaign here.
In April 2019, Registry of .gr and .el Domain Names was hacked. This attack is part of a bigger plan. The main goal was to negatively affect the operation of the Registry of .gr and .el Domain Names. The investigation did not reveal any information about data leaks.
As Registry of .gr and .el Domain Names was trying to ensure the integrity of its data and protect the recipients of the internet names, it immediately changed the domain name authorization [.gr ] and [.el].
Learn more about the attack here.
Other attacks on critical infrastructure in Greece: