RootAyyildiz Turkish Defacer, the "Father of Turkish hackers" as they call him, strikes again! According to exclusive information of SecNews, from reliable internet sources, it will completely attack the critical infrastructure of Cyprus, mainly banking institutions and government services!
RootAyyildiz Turkish Defacer, the "Father of Turkish hackers" as he is called, is one of the most recognizable hackers globally carrying out high-profile attacks on government targets. He has certainly caught the eye of many law enforcement agencies with his actions, due to his successful hacking attacks. For the hackers, he is a strong opponent who, with each successful attack, raises the bar even higher, while for his victims / targets, his name causes terror and anxiety.
The target of the would-be hacker (according to his statement of Turkish origin) was Cyprus and specific information systems of the Ministry of National Defense of Cyprus (www.mod.gov.cy) according to exclusive information available to SecNews.
The Ministry of Defense is responsible for the implementation of the Government Policy regarding the security and territorial integrity of Cyprus. As part of this policy, the Ministry of Defense has promoted and continues to promote a series of measures aimed at strengthening the defense of the Republic to prevent any foreign intrusion and, consequently, to strengthen the bargaining power. With consistency and a high sense of responsibility, the Ministry of Defense promotes the implementation of this policy. The Minister is Mr. Charalambos Petridis from June 29, 2020.
RootAyyildiz Turkish Defacer, as evidenced in the screenshots below which were brought to SecNews by anonymous email and communication via social media, managed to gain unauthorized access via SQL injection attack to the servers of the Ministry of National Defense of Cyprus. The Turkish hacker through his attack, he holds emails in his hands and admin passwords accounts who manage the databases of the Ministry that support the website but also related internet services of the Ministry.
SecNews lists the relevant material in the hands of the Turkish hacker (s.s. what has been notified to SecNews). The assessment of the editorial team is that the Turkish Father of Hackers (RootAyyildiz) has further access, since from the data reported he has gained administrator access to a specific central server (server) using vulnerability SQL Injection. In fact the Turkish hacker chose as the date of notification of the attack, one day before March 25 (National Holiday in Greece) where in fact symbolic movements were also made to commemorate the 200th anniversary of the Greek Revolution.
The reported material has been used to hide sensitive data for reasons of protection of society and the passwords of persons (administrators and officers of the armed forces) allegedly obtained by the Turkish hacker.
The following are the relevant screenshots:
The mentioned screenshots without the relevant concealment that we have made for the protection of society as a whole are available at the Ministry of National Defense of Cyprus from SecNews.gr, if requested, in order to determine the ways of access and the files that are allegedly intercepted. The relevant proofs are distributed through a secure application / group chat that the Turkish hacker has and has been checked by the editorial team of SecNews regarding its reliability.
Security News: Counter.Social The safest social network!
We do not know the time when the Turkish hacker gained access to the servers. The only thing that is certain is that the legal administrators do not seem to have located the attack yet, so they are in the hands of the hacker. From the evaluation of the data brought to our attention, we find that the Turkish hacker RootAyyldiz has the ability to corrupt data on the server, add / remove web pages or distribute malware to unsuspecting users using the website of the Ministry of National Defense of Cyprus. In addition, it is not clear from the screenshots that have been quoted regarding the type of personal data that have been extracted and are located on the targeted server.
In questions that the editorial team asked Root Ayyldiz after being informed about the attack on the Ministry of National Defense of Cyprus, he told us that the access he has gained is based on a SQL Injection attack. What is worrying, of course, is that, as he states, he has targeted Cyprus and is preparing attacks on other critical infrastructures as well. Characteristics stated "Very difficult days await for Cyprus, There is too much data to be analyzed and leaked, RootAyyldiz wants to destroy Cyprus and will target banking and military systems"
Unauthorized access to the high-profile websites of Cyprus and especially the threat of attack on the banking sector has as a logical consequence the estimated immediate risk of theft of personal accounts of hundreds of users with all the negatives that this entails! Authorities should take immediate action following a warning from Turkish hacker RootAyyldiz.
At stake are personal data from critical databases belonging to Cypriot banks and the state service, while at the same time there is a fear of a second more sophisticated and orchestrated attack that will jeopardize banking app and banking information systems with the ultimate goal of stealing money.
Who is ο RootAyyildiz Turkish Defacer;
In hacking circuits it is called "The father of Turkish hackers”Given his knowledge and hacking skills but also his successful hacking attacks. Among his successful attacks are the critical Greek infrastructure. The Ministry of Foreign Affairs, the Ministry of Interior, the Ministry of Labor and many high-profile targets in Greece have been cyber-attacked by this hacker.
Learn more about him RootAyyildiz Turkish Defacer in his exclusive interview with SecNews.
What is a SQL injection attack?
SQL injection is a code injection technique that allows an attacker to "run" SQL statements against a target server. A successful SQL injection attack allows the execution of any query on the target database, which means the ability to collect important information, such as passwords, usernames, emails, credit card numbers, etc.
These attacks take advantage of vulnerabilities in web applications that communicate with backend servers, where databases are stored. The abbreviation SQL comes from the words Structured Query Language (Structured Query Language). It is a programming language used to add, manipulate and retrieve data in a SQL database. Attackers can easily find out, with a few simple commands, if a page is vulnerable to SQL injection vulnerability. If they are, then they will be able to steal data, destroy it, and even become database server administrators.
According to research, SQL injection vulnerabilities are one of the most common application errors in recent years. The first discussions about this attack started in 1998. From 2007 to 2010, SQL injection was one of the top 10 vulnerabilities in web applications. From 2005 to 2011, SQL attacks accounted for 83% of all (known) data breaches.
There are four subcategories of SQL injection attack:
- Classic SQL injection
- Blind SQL injection
- SQL injection based on the Database Management System
- Advanced SQL injection (SQL injection + inadequate authentication, SQL injection + DDoS attacks, SQL injection + DNS hijacking, SQL injection + XSS).
SQL injection attack is a relatively simple type of attack, as it does not require special tools to carry it out. An experienced attacker can gain access to the entire system and not just the database. Therefore, companies and organizations should take it seriously, as after so many years of this attack, everyone should be much more prepared.
- The most important precaution, perhaps, is proper design, good construction and constant monitoring of the database, so that it is not vulnerable to this attack.
- Restricting server configuration data: Restricting access to the wrong parameters can reduce the likelihood of an attack on the target server. Although it does not offer 100% security, it is a first step security around databases.
- Good knowledge of all SQL Servers on the network by administrators: First, administrators need to know how many SQL servers are on the network. This process may not be as simple as it seems, as most servers run on dynamic TCP ports and usually these servers only work when the user "needs" them. Therefore, some servers may not be active. SQL Ping, SQL scan and more specialized software could be used to find all SQL Servers.
- Continuous updates. Software companies often release updates to fix potential vulnerabilities. Therefore, organizations must take care to update the applications, software and generally the systems they use, in order to stay safe.
- Blocking access to specific server ports by unknown users: It does not offer absolute security, especially in SQL injection attacks, but it is an important security measure for the entire network of a company or organization. For example, closing UDP Port 1434 [this port is used to map Microsoft SQL databases] and all the TCP ports that SQL Server "listens to" can enhance security.
- Adoption of strong admin-passwords. Using a strong password can prevent brute force, SQL injection and many other attacks. It is also suggested to change them frequently.
SecNews continues to investigate the incident and will keep you informed of anything new. The administrators should immediately download the website and conduct a forensics analysis of the attack data to determine if additional information systems of the Ministry have been affected, using as a jump point the said server that is affected!