Friday, January 15, 13:53
Home rapidshare Cyber ​​attack on hackers in Greek Ministry of Finance! Document Leak Unprecedented!

[EXCLUSIVE] Intruders hackers at the Greek Ministry of Finance! Document leakage unprecedented!

Cyber ​​attack with simultaneous leakage of classified and classified documents, hackers made at the Greek Ministry of Finance in accordance with EXCLUSIVE information brought to the attention of the SecNews editorial team in the early morning hours. The new strong cyber attack, one of the most important in our view in recent years against Greek government networks, had the main purpose of leaking documents and information about the state of the Greek economy (!). See below how <…>

the SecNews editorial team was informed and the shocking details that were made available to us!

The management team of the known and most reliable information site planet-greece, responded immediately (in spite of the late hour) and helped to immediately and thoroughly evaluate the documents that were exposed!

Anonymous update

SecNews was updated via an anonymous e-mail, in the feedback system of our site, by a nickname user "Guestanon"  about the existence of a hyperlink (url) on the known website Anonpaste (it is the website used by Anonymous worldwide for anonymous and secure exchange of underground information, something like the pastebin.com and pastie.org). This hyperlink has posted the hackers' message about the attack, which provides detailed information on how it was made and the full data on the leakage.

The message of the attack

SecNews presents (translated) the message posted by strangers regarding the attack:

"We greet the citizens of the world, We greet the citizens of Greece, We are the Anonymous.

The Greek government is ready to put to the House of Hellenes a new package of economic austerity measures of 13,5 billions of euros, which is expected
to prolong the recession in Greece. Under the austerity measures, retirees have seen a 60% drop in their pensions - meaning life savings are now less than half what they expected. The government, meanwhile, is considering more cuts, raising the retirement age and setting a ceiling on free healthcare at just € 1.500 per person per year.

Greece had one of the lowest suicide rates in the EU, but since 2010, the number of suicides has increased by 40%, with a large percentage of them being committed by older people. 68% of the population lives in Greece below the poverty line (ie, they have an income below 60% of the national average income). They spend 40% of their income on rent or to repay loans.

More than 439.000 underage children live below the poverty level in Greece due to the ongoing crisis, according to a UNICEF report published on 16 October as part of World Feed Day 2012 and International Day for the Eradication of Poverty. The popularity of the far-right parties, including the neo-Nazi Golden Dawn, has grown exponentially.

Your government will fail. Greek citizens, it is time to revolt. Do as much as you can. You have to resist. We are always by your side.

We have full access to the Greek Ministry of Finance. The IBM servers did not seem so safe now, are we?
We have new weapons in our arsenal. An excellent un-repaired weakness for SAP systems is in our hands and yes we will use it to bring hell.
Thanks to "IZL the dog" for this candy.

We obtained secret government data, codes, Citizens of Greece are paying Banks and international companies for managing high-risk funds. It's your own life. Rebellion before it is too late.

Austerity measures must not be passed. I have nothing more to say. "

The leakage of passwords

Hackers are then posting internal passwords from the Treasury and document links that can be downloaded by anyone.

See message as it is posted (Due to the secrecy of the data and information posted by SecNews, it does not publish the link and has selectively hide data and information in order not to expose important data from the Ministry of Finance).

We have hidden the links that Anonymous publishes and contain secret data from Ministries, Organizations and Financial Institutions.

The data released by hackers include user names and passwords possibly from an internal system of the Ministry. Impression is caused by the frequent use of memorable codes (even 123456) by a number of users highlighting the lack of adequate security policy even in the simplest, that is the choice of enhanced passwords!

The list of users is extensive along with passwords in unencrypted form.


How did the strongest cyber-attack attack take place:

According to what anonymous hackers Anonymous reported in their message, their access is made possible through weakness that affects the known SAP systems, which has not yet been repaired by the company (0day). In addition, they report that they have access to IBM servers while simple user passwords are supposed to be accessing internal systems and databases.

According to an analysis we made with the help of its authors planet-greece , We assume that the hackers gained access to the document management system of the Ministry of Finance and specifically to the Public Debt Management Organization (ODDIH). It has not been clarified by the hackers so far, who exactly have unauthorized access, but from the type of documents posted it is ascertained that it concerns a number of services of the Ministry of Finance. At this point we must recall that in April 2012 an attack (much smaller, of course) was carried out in the State Treasury while a little later feeling had been arrested for the leak of a document by a Chief of Staff of the State Treasury.

What are the documents that are undermined:

The extreme worrying is that the documents posted as a spy product are documents from June of 2012 until up until a few days ago (October 22). This clearly suggests that hackers, even at this time, seem to have illegal access to the infrastructure of the Ministry and its specific services.

The documents presented are enormously scattered and include documents: from the Public Debt Organization, from the Ministry of Finance, from almost all the known Greek Banks, from the Ministry of Transport, from the Hellenic Railways Organization, from foreign financial institutions, from the Ministry of Education, from the General Directorate of Taxation, from the General State Accounting Office, by the State Legal Council, by the Bank of Greece, by the National Bank, by the Ministry of Labor & Social Security, by the Department of Custody & Securities Management, by the OASA, by the General Directorate of Treasury and Budget many many more. It is noteworthy that, among other things, two crypto-telegrams are also included in the Ministry of Foreign Affairs (!).  We include a section of the list of documents available to hackers:

Its analysis Planet-Greece:

According to an analysis he made the extremely reliable  Planet-Greece, the documents begin in June. It was at the time of the elections and at the time when cash was gone. Then we had to take the mammoth dose of 55 bits. We took 18,5, they are giving us 5 more than last September and the measures we are voting for are the other 31,5 bits that we should have taken.

This money, then, would go to repay bonds that were NOT cut and expired (we have cut bonds that expire in 2013 - 2015), for state payments to third parties - mainly VAT - and for the recapitalization of banks, which in simple terms translates as mitigation of the hassle from the flight of deposits abroad, but also from the haircut.

Documents accurately include these strenuous attempts at what generation, since the dose was in the air. These papers describe the entire history of the monumental years. How much we got, how much we gave, how much we owe from the beginning of the memorandum up to 6 about days!

Sample selection of documents that discourages the seriousness of cybercrime

SecNews due to the estimated seriousness of the documents exposed by the hackers Anonymous, decided to DO NOT notify all of these, so that there is no further leakage of highly confidential data, which under particular circumstances may affect the country's profile. We chose a fraction of them in part and we have masked up important data and data. See the following documents that suggest (in our humble opinion) one of the biggest online cyber attacks that has taken place in recent years in Greece with the aim of one of the most important ministries (especially at this time), the Ministry of Finance:

 

 

 

 

 

 

The identity and profile of the Hackers who carried out the extensive data leakage of the Ministry:

The identity of the perpetrators so far has not been clarified. Impression is caused by the extensive leakage of documents and fixed access over a long period of time, as evidenced by the documents, which has not been observed in the past by other hackers in Greece. The methodology of action, profile, know-how, and massive mining of documents reminiscent of espionage attacks by governments and organized cybercriminals. One can simulate the elements of the attack with the methodology Advanced Persistent Threat (APT) which was successfully used in similar attacks on White House, The  Google and RSA by Chinese government hackers.

According to reliable information, Greek promoters of Anonymous #OpGreece were not aware of this attack, and as all the evidence (even from the jargon of the manifesto-announcement) the assault was carried out by members participating in the Anonymous global community outside Greece.

5 questions with political extensions who request immediate aEverythingin from those responsible

With today's revelation brought to light by SecNews, strong questions are raised about the two aforementioned incidents, which took place in April 2012 and beyond. It is clear that if hackers have access to the Ministry's infrastructure to date, they could create "false" facts and incidents (such as the leak of the document by the department head) without the knowledge of those involved in order to mislead the public and authorities. This has happened many times in attacks against government networks in the US and elsewhere, with a complete disorientation of the authorities with methods of spying and altering the identity of unsuspecting victims (!)

By having access codes for a large number of users, it is extremely easy to identify someone else's identity with disastrous results. The questions to be answered by the competent authorities of the Ministry are:

- Additional measures were taken by the security services of the Ministry following the attack of last April critical infrastructure; Why did these measures prove inadequate?

- How do you explain the use of simple passwords in key document and mail management systems? What is the data and information security policy imposed by the Hellenic Republic?

- The data posted (so far) by hackers are data related to the economic situation of the country. What do you foresee in case of mass leakage of personal data of Greek citizens and what measures have been taken to deal with such a case? Why did the hackers choose October 28 to make the incident public? Symbolism or something else?

- Are senior Ministry officials, the Minister and the Undersecretaries aware of the dangers posed by the lack of information security measures and the improper use of the internet by Ministry officials? Do they know that foreign governments can know in advance by cyber espionage methods the moves being prepared by the government's financial staff?

- What do you plan to ensure the critical infrastructure of the National Intelligence Service, the National CERT (Computer Emergency and Response Team) and the country's security authorities? How can it be justified that foreign governments, cyber-spies, hacktivists or hostile countries manage to have PERMANENT and UNLOCABLE access to the neuralgic systems of the state machine and not be noticed, except in case of publication of an incident?

SecNews remains at the disposal of the press office of the Ministry to post a relevant Press Release if it is desirable.

SecNews thanks the anonymous sender of the message for timely and valid update.

40 COMMENTS

  1. I can not understand why the links are not communicated, since when you are exclusive as always, you have to announce the links. Why do you keep this data for your delivery? Unacceptable, inform the people.

  2. DIMOSIOGRAPHY SIMENI OTI GRAFI O DIMOS? DILADI O KOSMOS? DILADI DISKOLEBESTE ON GRAPSETE PRAGMATA GIA TON KOSMO? DILADI I DIMOSIOGRAPHY EINAI TO ANAPARAGOUME MONO GEGONOTA POU MAS LENE ALOI? AFTA DOU BRISKETE ESIS TA ANADIMOSIEBETE MEXRI ENOS SIMOU? KSERO APLA TI AKRIBOS DOULIA KANI ENAS DIMOSIOGRAFOS GIATI AND EINAI APLA PAPAGALOS NA PARO KANA DIO KAI NA PAPSO NA BLEPO BLOG RADIO A TV.

  3. KAI KATI AKOMA… .. TO DIMOSIO XREOS DEN EINAI KAI DIKO MOU XREOS? DILADI DEN THA MOU TO ZITISOUN NA TO PLIROSO? EINAI DIKEOMA MOU KAI IPOXREOSI SAS OPOS EGO ASKO STO EPAKRO TA KATHIKONTA MOU OS LITOURGOS NA TA ASKITE KAI ESIS… AN PAPSOUME NA EIMASTE STO KABOUKI MAS KAI NA KRIBOMASTE DAS K OI NA KRIBOMASTE DAS.

  4. you can use the password to save the password for the users you are using to encrypt and the poly dyskolo on the tape. gnorizo ​​apo sap kai aytos poy vrike ta mallon apo kapoio xls arxeio tha ta vrike. exaloy apo tin laipoyn oi standard sap users. day amfisvito to arthro apla leo !!!

  5. If you have the facts, you owe it to the Greek Citizen to make them public. The last 3 years have become points and monsters with the Greek economy and the slightest that could help to find out its reality is your need to make it public. You are not legally responsible because you do not post the material simply indicate where it is.

  6. Watermarkings why did you put them? Do not you eat the news other sites? And what is the news just like their favorite code is 123456? If you do not download the data for download, censorship and watermarking, you are no better than Greek TV.

  7. Ask your legal team as soon as possible to tell you if you can publicize the data. My opinion is that you HAVE the need to make them public even if your legal team tells you no. Well or badly you dropped the ball.
     
    You do not have the right to hide the information. You have not captured the data. They have leaked and are now public. Even if criminal responsibility arises for you, these will be small compared to the size and importance of information.
    Ande we wait

  8. Vaxevanis did not hesitate to appear on the list; even if he was a journalist who worked for big channels in the past, he was bullied. If the announcements are hidden behind the theft of data, it is your obligation to provide the links. If justice has its guts and there in the Cybercrime Prosecution they are not noumads..let them go to catch them.If the interception was done by anonymous and you do not give a complete article with relevant links etc. I'm sure they will be published elsewhere and you will lose the exclusivity;

    • Dear ArisApoToSaliaris already the links make the round of the internet and we have identified the links in social media and on various websites. Regarding your deceptive comments, they are respected and we accept your good or malicious criticism.

  9. If you go to the Athens indymedia page (not facebook) in the right column in the local news you will see the relevant article "Leakage of documents from the Greek Ministry of Finance" with Link with the full list of codes and more. You can easily find Athens Indymedia if you search on google.

  10. Lamia of the system hides the amounts they paid in the international houses .. It does not come out tpt in the light you just chased the advertisement and the projection .. Whoever is looking for the cyber time can find the link… He is right or he is left first he is in the list of the people

  11. And you hide news according to your own criteria. Impartiality?? Faith in journalistic ethics ?? Respect to your audience ?? How do you say this abortion ??? What I understood from this site is that if I want a reliable source of information, I should look anywhere other than here. This is not news. It is a news report. And in the end, if you had a little chip, you would not take it out at all since you are afraid to do your job and really perform a function by informing. On the other hand, this presupposes something that is playing and that you have never heard of as an arrest. It is a concept known to many people as DIGNITY…

  12. You are not telling me, lads… how did the anonymous servers that do NOT see the Internet hack ???? Another "success" of the anonymous but Harry Potter. We did not hear such nonsense there either… Come on.

  13. In your article of 31/10/2012 entitled "Who finally carried out the cyber attack on YPOIK?" (https://www.secnews.gr/archives/52929) typically states that "the sources confirm that there was no digital interception and that" the reference to the x-activists Anonymous was made out of malice and to disorient the authorities ". If I remember correctly in another article which I did not find at the moment you mention that the authorities diagnosed that these systems were not connected to the internet, so documents were leaked from the inside stating that “The information confirms the essence of the issue we raised this morning with the mass leak of documents from the Ministry without confirming the commission of an electronic attack. ” (http://δηλαδή that the guru wants to be shown and passed, you also see that there are serious distances from what is being diagnosed and from what is valid. I therefore draw the following conclusion. For their INSTITUTIONS I am sure. To play the show for their benefit too (because it's going to be when you tell the minister that the specialized officers I've been looking for and found that it was done from inside, so let's all find out and I'll find out who did it. they are not going to find them, but no malicious employee is easy to blame for him, consumables are like the GHS kidney). For their political games, however, I have some reservations, but as I see in the particular police office where the political wind blows, we go.
    Goes on

LEAVE ANSWER

Please enter your comment!
Please enter your name here

LIVE NEWS

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...

Facebook: Sues Chrome extensions developers for data theft

Facebook has filed a lawsuit against two Portuguese nationals for developing Chrome extensions that collected data from Facebook users.

Cisco does not fix 74 bugs in RV routers that have reached their EOL

Cisco said yesterday that it will not release firmware updates to fix 74 vulnerabilities that have been reported in ...

Hacker commits new crimes while waiting for his release!

A Kosovo hacker was pardoned after his conviction. The hacker provided personally identifiable information over 1.000 ...

Nintendo rules out Game & Watch video hacking

Two copyright claims against a YouTuber have been filed by Nintendo, for a video showing hacking of Super Mario ...

The number of reported CVEs increased by 6%!

According to a new analysis released on the level and volume of vulnerabilities in 2020, the total number of CVEs ...

Google: Removed 164 apps that featured out-of-context ads

Google removed 164 Android applications from the official Play Store, after security researchers discovered that the specific apps were bombarding them ...

Britain: Loss of 150.000 police records from a database

Some 150.000 police records have been deleted from its database as a result of a technical problem, according to the British government.