Rootayyıldız, the Turkish hacker and one of the administrators of the forum of the Turkish hacking group hacktivizm.org, broke into the τουlysée Palace (French Presidential Palace) database, received sensitive data and left a message on the Presidency website.
The "Father of Turkish hackers" as he is called, seems to have started a marathon of hacking attacks against neighboring countries, after only a few days seem to have passed since his successful attack on Larnaca Hermes Airport from where he extracted secret databases ( ?) -according to his statement- details of his employees and customers. HermesAirports has taken over the management and control of Larnaca and Paphos International Airports.
Remarkable for the Greek public was his attack through defacement at https://finance.gov.ly, the website of the Libyan Ministry of Finance. Rootayyıldız chose to leave his own personal message to the Prime Minister of Greece, in a mocking and not at all flattering way, as you can see in the photo below.
This time, according to information from SecNews from a communication forum of active Turkish hackers, he carried out a successful attack via SQL injection on the information systems of Élysée Palace (https://www.elysee.fr/en/). RootAyyildiz Turkish Defacer, who has a particular weakness in using SQL Injection vulnerabilities, has managed to gain unauthorized access to the servers of τουlysée Palace, the official residence of the President of the French Republic.
During the specific attack, emails and passwords of the admin accounts were stolen, while according to the information published in a hacking forum, it seems that he had access to the τουlysée Palace databases that support the website and related internet services.
Below you will find screenshots with the message left by the Turkish hacker on the website from where he extracted the database:
The information provided by the hacker in its entirety, can be found here, especially the names and associations (table names) of the database that supports the website.
"As far as can be deduced from the information presented, the attack was carried out against the website."https://boutique.elysee.fr/en/”That is, the E-shop of the French Presidency. It is not clear whether credit card numbers or personal data have been leaked, nor has it been clarified whether further systems of the Presidency have been affected.
However, the fact that hackers more easily gain access to government systems with methods such as SQL Injection (a very common method) makes an impression and questions. It is really curious why such government agencies and organizations have not activated Web Application Firewall protection systems and if they have activated them because they have not achieved proper configuration!
The Élysée Palace is the official residence of the President of the French Republic. Completed in 1722, it was originally built for Louis Henri de La Tour d'Auvergne. It was first used as the office of the French President in 1848. The present building contains the office of the President and the residence, and the meeting place of the Council of Ministers, the weekly meeting of the French Government chaired by the President of the Republic. Located near the Champs-Élysées in the 8th arrondissement of Paris, the name Élysée comes from the Elysian Fields, the site of the blessed dead in Greek mythology.
Rootayyıldız Turkish hacker
In hacking circuits he is called "The father of Turkish hackers" given his knowledge and hacking skills but also his successful hacking attacks. Among his successful attacks are the critical Greek infrastructure. The Ministry of Foreign Affairs, the Ministry of Interior, the Ministry of Labor and many high-profile targets in Greece have been cyber-attacked by this hacker.
SQL injection attack
SQL injection is a code injection technique that allows an attacker to "run" SQL statements against a target server. A successful SQL injection attack allows the execution of any query on the target database, which means the ability to collect important information, such as passwords, usernames, emails, credit card numbers, etc.
These attacks take advantage of vulnerabilities in web applications that communicate with backend servers, where databases are stored. The abbreviation SQL comes from the words Structured Query Language (Structured Query Language). It is a programming language used to add, manipulate and retrieve data in a SQL database. Attackers can easily find out, with a few simple commands, if a page is vulnerable to SQL injection vulnerability. If they are, then they will be able to steal data, destroy it, and even become database server administrators.
- The most important precaution, perhaps, is proper design, good construction and constant monitoring of the database, so that it is not vulnerable to this attack.
- Restricting server configuration data: Restricting access to the wrong parameters can reduce the likelihood of an attack on the target server. Although it does not offer 100% security, it is a first step security around databases.
- Good knowledge of all SQL Servers on the network by administrators: First, administrators need to know how many SQL servers are on the network. This process may not be as simple as it seems, as most servers run on dynamic TCP ports and usually these servers only work when the user "needs" them. Therefore, some servers may not be active. SQL Ping, SQL scan and more specialized software could be used to find all SQL Servers.
- Continuous updates. Software companies often release updates to fix potential vulnerabilities. Therefore, organizations must take care to update the applications, software and generally the systems they use, in order to stay safe.
- Blocking access to specific server ports by unknown users: It does not offer absolute security, especially in SQL injection attacks, but it is an important security measure for the entire network of a company or organization. For example, closing UDP Port 1434 [this port is used to map Microsoft SQL databases] and all the TCP ports that SQL Server "listens to" can enhance security.
- Adoption of strong admin-passwords. Using a strong password can prevent brute force, SQL injection and many other attacks. It is also suggested to change them frequently.