Cyber attack with simultaneous leakage of classified and classified documents, hackers made at the Greek Ministry of Finance in accordance with EXCLUSIVE information brought to the attention of the SecNews editorial team in the early morning hours. The new strong cyber attack, one of the most important in our view in recent years against Greek government networks, had the main purpose of leaking documents and information about the state of the Greek economy (!). See below how <…>
the SecNews editorial team was informed and the shocking details that were made available to us!
The management team of the known and most reliable information site planet-greece, responded immediately (in spite of the late hour) and helped to immediately and thoroughly evaluate the documents that were exposed!
SecNews was updated via an anonymous e-mail, in the feedback system of our site, by a nickname user "Guestanon" about the existence of a hyperlink (url) on the known website Anonpaste (it is the website used by Anonymous worldwide for anonymous and secure exchange of underground information, something like the pastebin.com and pastie.org). This hyperlink has posted the hackers' message about the attack, which provides detailed information on how it was made and the full data on the leakage.
The message of the attack
SecNews presents (translated) the message posted by strangers regarding the attack:
"We greet the citizens of the world, We greet the citizens of Greece, We are the Anonymous.
The Greek government is ready to put to the House of Hellenes a new package of economic austerity measures of 13,5 billions of euros, which is expected
to prolong the recession in Greece. Under the austerity measures, retirees have seen a 60% drop in their pensions - meaning life savings are now less than half what they expected. The government, meanwhile, is considering more cuts, raising the retirement age and setting a ceiling on free healthcare at just € 1.500 per person per year.
Greece had one of the lowest suicide rates in the EU, but since 2010, the number of suicides has increased by 40%, with a large percentage of them being committed by older people. 68% of the population lives in Greece below the poverty line (ie, they have an income below 60% of the national average income). They spend 40% of their income on rent or to repay loans.
More than 439.000 underage children live below the poverty level in Greece due to the ongoing crisis, according to a UNICEF report published on 16 October as part of World Feed Day 2012 and International Day for the Eradication of Poverty. The popularity of the far-right parties, including the neo-Nazi Golden Dawn, has grown exponentially.
Your government will fail. Greek citizens, it is time to revolt. Do as much as you can. You have to resist. We are always by your side.
We have full access to the Greek Ministry of Finance. The IBM servers did not seem so safe now, are we?
We have new weapons in our arsenal. An excellent un-repaired weakness for SAP systems is in our hands and yes we will use it to bring hell.
Thanks to "IZL the dog" for this candy.
We obtained secret government data, codes, Citizens of Greece are paying Banks and international companies for managing high-risk funds. It's your own life. Rebellion before it is too late.
Austerity measures must not be passed. I have nothing more to say. "
The leakage of passwords
Hackers are then posting internal passwords from the Treasury and document links that can be downloaded by anyone.
See message as it is posted (Due to the secrecy of the data and information posted by SecNews, it does not publish the link and has selectively hide data and information in order not to expose important data from the Ministry of Finance).
We have hidden the links that Anonymous publishes and contain secret data from Ministries, Organizations and Financial Institutions.
The data released by hackers include user names and passwords possibly from an internal system of the Ministry. Impression is caused by the frequent use of memorable codes (even 123456) by a number of users highlighting the lack of adequate security policy even in the simplest, that is the choice of enhanced passwords!
The list of users is extensive along with passwords in unencrypted form.
How did the strongest cyber-attack attack take place:
According to what anonymous hackers Anonymous reported in their message, their access is made possible through weakness that affects the known SAP systems, which has not yet been repaired by the company (0day). In addition, they report that they have access to IBM servers while simple user passwords are supposed to be accessing internal systems and databases.
According to an analysis we made with the help of its authors planet-greece , We assume that the hackers gained access to the document management system of the Ministry of Finance and specifically to the Public Debt Management Organization (ODDIH). It has not been clarified by the hackers so far, who exactly have unauthorized access, but from the type of documents posted it is ascertained that it concerns a number of services of the Ministry of Finance. At this point we must recall that in April 2012 an attack (much smaller, of course) was carried out in the State Treasury while a little later feeling had been arrested for the leak of a document by a Chief of Staff of the State Treasury.
What are the documents that are undermined:
The extreme worrying is that the documents posted as a spy product are documents from June of 2012 until up until a few days ago (October 22). This clearly suggests that hackers, even at this time, seem to have illegal access to the infrastructure of the Ministry and its specific services.
The documents presented are enormously scattered and include documents: from the Public Debt Organization, from the Ministry of Finance, from almost all the known Greek Banks, from the Ministry of Transport, from the Hellenic Railways Organization, from foreign financial institutions, from the Ministry of Education, from the General Directorate of Taxation, from the General State Accounting Office, by the State Legal Council, by the Bank of Greece, by the National Bank, by the Ministry of Labor & Social Security, by the Department of Custody & Securities Management, by the OASA, by the General Directorate of Treasury and Budget many many more. It is noteworthy that, among other things, two crypto-telegrams are also included in the Ministry of Foreign Affairs (!). We include a section of the list of documents available to hackers:
Its analysis Planet-Greece:
According to an analysis he made the extremely reliable Planet-Greece, the documents begin in June. It was at the time of the elections and at the time when cash was gone. Then we had to take the mammoth dose of 55 bits. We took 18,5, they are giving us 5 more than last September and the measures we are voting for are the other 31,5 bits that we should have taken.
This money, then, would go to repay bonds that were NOT cut and expired (we have cut bonds that expire in 2013 - 2015), for state payments to third parties - mainly VAT - and for the recapitalization of banks, which in simple terms translates as mitigation of the hassle from the flight of deposits abroad, but also from the haircut.
Documents accurately include these strenuous attempts at what generation, since the dose was in the air. These papers describe the entire history of the monumental years. How much we got, how much we gave, how much we owe from the beginning of the memorandum up to 6 about days!
Sample selection of documents that discourages the seriousness of cybercrime
SecNews due to the estimated seriousness of the documents exposed by the hackers Anonymous, decided to DO NOT notify all of these, so that there is no further leakage of highly confidential data, which under particular circumstances may affect the country's profile. We chose a fraction of them in part and we have masked up important data and data. See the following documents that suggest (in our humble opinion) one of the biggest online cyber attacks that has taken place in recent years in Greece with the aim of one of the most important ministries (especially at this time), the Ministry of Finance:
The identity and profile of the Hackers who carried out the extensive data leakage of the Ministry:
The identity of the perpetrators so far has not been clarified. Impression is caused by the extensive leakage of documents and fixed access over a long period of time, as evidenced by the documents, which has not been observed in the past by other hackers in Greece. The methodology of action, profile, know-how, and massive mining of documents reminiscent of espionage attacks by governments and organized cybercriminals. One can simulate the elements of the attack with the methodology Advanced Persistent Threat (APT) which was successfully used in similar attacks on White House, The Google and RSA by Chinese government hackers.
According to reliable information, Greek promoters of Anonymous #OpGreece were not aware of this attack, and as all the evidence (even from the jargon of the manifesto-announcement) the assault was carried out by members participating in the Anonymous global community outside Greece.
5 questions with political extensions who request immediate aEverythingin from those responsible
With today's revelation brought to light by SecNews, strong questions are raised about the two aforementioned incidents, which took place in April 2012 and beyond. It is clear that if hackers have access to the Ministry's infrastructure to date, they could create "false" facts and incidents (such as the leak of the document by the department head) without the knowledge of those involved in order to mislead the public and authorities. This has happened many times in attacks against government networks in the US and elsewhere, with a complete disorientation of the authorities with methods of spying and altering the identity of unsuspecting victims (!)
By having access codes for a large number of users, it is extremely easy to identify someone else's identity with disastrous results. The questions to be answered by the competent authorities of the Ministry are:
- Additional measures were taken by the security services of the Ministry following the attack of last April critical infrastructure; Why did these measures prove inadequate?
- How do you explain the use of simple passwords in key document and mail management systems? What is the data and information security policy imposed by the Hellenic Republic?
- The data posted (so far) by hackers are data related to the economic situation of the country. What do you foresee in case of mass leakage of personal data of Greek citizens and what measures have been taken to deal with such a case? Why did the hackers choose October 28 to make the incident public? Symbolism or something else?
- Are senior Ministry officials, the Minister and the Undersecretaries aware of the dangers posed by the lack of information security measures and the improper use of the internet by Ministry officials? Do they know that foreign governments can know in advance by cyber espionage methods the moves being prepared by the government's financial staff?
- What do you plan to ensure the critical infrastructure of the National Intelligence Service, the National CERT (Computer Emergency and Response Team) and the country's security authorities? How can it be justified that foreign governments, cyber-spies, hacktivists or hostile countries manage to have PERMANENT and UNLOCABLE access to the neuralgic systems of the state machine and not be noticed, except in case of publication of an incident?
SecNews remains at the disposal of the press office of the Ministry to post a relevant Press Release if it is desirable.
SecNews thanks the anonymous sender of the message for timely and valid update.