Turkish hacker Jegand has hacked attacks on three European Universities recently, including Technical University of Dortmund (Technical University of Dortmund) on Wednesday 09.04.2021 gaining unauthorized access to sensitive personal information of teachers and students.
Lately, there seems to be an underground cyber war in Europe, with Turkey in an aggressive stance. Turkish hackers and hacking groups open fire on public and private infrastructure in various European countries.
According to recent revealing investigations by SecNews, Cyprus is in their sights, which they are attacking at every opportunity. In addition, they did not fail to mock in their own way the Prime Minister of Greece, Kyriakos Mitsotakis, through a defacement attack on the website of the Libyan Ministry of Finance.
Turkish hacker Jegand attacked via Blind SQL Injection to the information systems of the Technical University of Turkmenistan, Technical University of Dortmund, one of the largest Universities in Germany and the University of Cologne, according to exclusive information provided to SecNews. During the specific attacks, emails and passwords of the admin accounts were stolen, giving unimpeded access to databases with sensitive personal data of teachers and students.
More specifically, as the hacker claims (without being confirmed by SecNews so far) among the data that were violated we find emails, names, contact details, passwords, student grades, conversations and correspondence via email of teachers-students.
Below you will find the relevant screenshots that prove the validity of the attack. The snapshots are about the hacking attack on the Dortmund University of Technology.
Through the above screenshots we find out that the Turkish hacker carried out the successful attack on Wednesday 09.04.2021 and has the ability to alter data on the server, add / remove websites or distribute malware to unsuspecting users using the University website! In addition, it is not clear from the screenshots that have been quoted regarding the type of personal data that have been extracted and are located on the targeted server.
His identity remains unknown to this day, but he is an aspiring hacker. The Turkish hacker maintains a social media account and specifically on Instagram.
A derogatory statement to SecNews states:
«… I used Blind SQL Injection in these attacks. When I say “in these attacks”, I mean attack on the Technical University of Turkmenistan, attack on the Technical University of Dortmund, one of the largest universities in Germany, and attack on the University of Cologne, one of the largest world-famous German universities. I detect the vulnerabilities manually. As you can see, all I target is a university. I specifically targeted universities in the attacks. Now I'm planning bigger attacks, like government agencies or famous brands…. »
". I used Blind SQL Injection in these attacks. By "these attacks" I mean the attack on the Technical University of Turkmenistan, the attack on the Technical University of Dortmund, one of the largest universities in Germany, and the attack on the University of Cologne, one of the largest world-renowned universities in Germany. I detected the vulnerabilities manually. As you can see, I'm just aiming for a university. In general, I focus on hacking attacks on Universities. Now I plan bigger attacks, such as on government agencies or branded brands… "
TU Dortmund (Technical University of Dortmund)
The Technical University of Dortmund (Technische Universität Dortmund) is a university with over 20.000 students, and over 3.000 staff. Dortmund TU is one of the most well-known technical universities in Europe, well known for its research activities in the departments of physics, chemistry, economics and electrical engineering. It is located just outside the city center and is divided into north and south. It was founded in 1968 and has since played an important role in the scientific community.
SQL injection is a code injection technique that allows an attacker to "run" SQL statements against a target server. A successful SQL injection attack allows the execution of any query on the target database, which means the ability to collect important information, such as passwords, usernames, emails, credit card numbers, etc.
These attacks take advantage of vulnerabilities in web applications that communicate with backend servers, where databases are stored. The abbreviation SQL comes from the words Structured Query Language (Structured Query Language). It is a programming language used to add, manipulate and retrieve data in a SQL database. Attackers can easily find out, with a few simple commands, if a page is vulnerable to SQL injection vulnerability. If they are, then they will be able to steal data, destroy it, and even become database server administrators.
- The most important precaution, perhaps, is proper design, good construction and constant monitoring of the database, so that it is not vulnerable to this attack.
- Restricting server configuration data: Restricting access to the wrong parameters can reduce the likelihood of an attack on the target server. Although it does not offer 100% security, it is a first step security around databases.
- Good knowledge of all SQL Servers on the network by administrators: First, administrators need to know how many SQL servers are on the network. This process may not be as simple as it seems, as most servers run on dynamic TCP ports and usually these servers only work when the user "needs" them. Therefore, some servers may not be active. SQL Ping, SQL scan and more specialized software could be used to find all SQL Servers.
- Continuous updates. Software companies often release updates to fix potential vulnerabilities. Therefore, organizations must take care to update the applications, software and generally the systems they use, in order to stay safe.
- Blocking access to specific server ports by unknown users: It does not offer absolute security, especially in SQL injection attacks, but it is an important security measure for the entire network of a company or organization. For example, closing UDP Port 1434 [this port is used to map Microsoft SQL databases] and all the TCP ports that SQL Server "listens to" can enhance security.
- Adoption of strong admin-passwords. Using a strong password can prevent brute force, SQL injection and many other attacks. It is also suggested to change them frequently.