Cyber attack with simultaneous leakage of classified and classified documents, hackers made at the Greek Ministry of Finance in accordance with EXCLUSIVE information brought to the attention of the SecNews editorial team in the early morning hours. The new strong cyber attack, one of the most important in our view in recent years against Greek government networks, had the main purpose of leaking documents and information about the state of the Greek economy (!). See below how <…>
the SecNews editorial team was informed and the shocking details that were made available to us!
The management team of the known and most reliable information site planet-greece, responded immediately (in spite of the late hour) and helped to immediately and thoroughly evaluate the documents that were exposed!
Anonymous update
SecNews was updated via an anonymous e-mail, in the feedback system of our site, by a nickname user "Guestanon" about the existence of a hyperlink (url) on the known website Anonpaste (it is the website used by Anonymous worldwide for anonymous and secure exchange of underground information, something like the pastebin.com and pastie.org). This hyperlink has posted the hackers' message about the attack, which provides detailed information on how it was made and the full data on the leakage.
The message of the attack
SecNews presents (translated) the message posted by strangers regarding the attack:
"We greet the citizens of the world, We greet the citizens of Greece, We are the Anonymous.
The Greek government is ready to put to the House of Hellenes a new package of economic austerity measures of 13,5 billions of euros, which is expected
to prolong the recession in Greece. Under the austerity measures, retirees have seen a 60% drop in their pensions - meaning life savings are now less than half what they expected. The government, meanwhile, is considering more cuts, raising the retirement age and setting a ceiling on free healthcare at just € 1.500 per person per year.
Greece had one of the lowest suicide rates in the EU, but since 2010, the number of suicides has increased by 40%, with a large percentage of them being committed by older people. 68% of the population lives in Greece below the poverty line (ie, they have an income below 60% of the national average income). They spend 40% of their income on rent or to repay loans.
More than 439.000 underage children live below the poverty level in Greece due to the ongoing crisis, according to a UNICEF report published on 16 October as part of World Feed Day 2012 and International Day for the Eradication of Poverty. The popularity of the far-right parties, including the neo-Nazi Golden Dawn, has grown exponentially.
Your government will fail. Greek citizens, it is time to revolt. Do as much as you can. You have to resist. We are always by your side.
We have full access to the Greek Ministry of Finance. The IBM servers did not seem so safe now, are we?
We have new weapons in our arsenal. An excellent un-repaired weakness for SAP systems is in our hands and yes we will use it to bring hell.
Thanks to "IZL the dog" for this candy.
We obtained secret government data, codes, Citizens of Greece are paying Banks and international companies for managing high-risk funds. It's your own life. Rebellion before it is too late.
Austerity measures must not be passed. I have nothing more to say. "
The leakage of passwords
Hackers are then posting internal passwords from the Treasury and document links that can be downloaded by anyone.
See message as it is posted (Due to the secrecy of the data and information posted by SecNews, it does not publish the link and has selectively hide data and information in order not to expose important data from the Ministry of Finance).
We have hidden the links that Anonymous publishes and contain secret data from Ministries, Organizations and Financial Institutions.
The data released by hackers include user names and passwords possibly from an internal system of the Ministry. Impression is caused by the frequent use of memorable codes (even 123456) by a number of users highlighting the lack of adequate security policy even in the simplest, that is the choice of enhanced passwords!
The list of users is extensive along with passwords in unencrypted form.
How did the strongest cyber-attack attack take place:
According to what anonymous hackers Anonymous reported in their message, their access is made possible through weakness that affects the known SAP systems, which has not yet been repaired by the company (0day). In addition, they report that they have access to IBM servers while simple user passwords are supposed to be accessing internal systems and databases.
According to an analysis we made with the help of its authors planet-greece , We assume that the hackers gained access to the document management system of the Ministry of Finance and specifically to the Public Debt Management Organization (ODDIH). It has not been clarified by the hackers so far, who exactly have unauthorized access, but from the type of documents posted it is ascertained that it concerns a number of services of the Ministry of Finance. At this point we must recall that in April 2012 an attack (much smaller, of course) was carried out in the State Treasury while a little later feeling had been arrested for the leak of a document by a Chief of Staff of the State Treasury.
What are the documents that are undermined:
The extreme worrying is that the documents posted as a spy product are documents from June of 2012 until up until a few days ago (October 22). This clearly suggests that hackers, even at this time, seem to have illegal access to the infrastructure of the Ministry and its specific services.
The documents presented are enormously scattered and include documents: from the Public Debt Organization, from the Ministry of Finance, from almost all the known Greek Banks, from the Ministry of Transport, from the Hellenic Railways Organization, from foreign financial institutions, from the Ministry of Education, from the General Directorate of Taxation, from the General State Accounting Office, by the State Legal Council, by the Bank of Greece, by the National Bank, by the Ministry of Labor & Social Security, by the Department of Custody & Securities Management, by the OASA, by the General Directorate of Treasury and Budget many many more. It is noteworthy that, among other things, two crypto-telegrams are also included in the Ministry of Foreign Affairs (!). We include a section of the list of documents available to hackers:
Its analysis Planet-Greece:
According to an analysis he made the extremely reliable Planet-Greece, the documents begin in June. It was at the time of the elections and at the time when cash was gone. Then we had to take the mammoth dose of 55 bits. We took 18,5, they are giving us 5 more than last September and the measures we are voting for are the other 31,5 bits that we should have taken.
This money, then, would go to repay bonds that were NOT cut and expired (we have cut bonds that expire in 2013 - 2015), for state payments to third parties - mainly VAT - and for the recapitalization of banks, which in simple terms translates as mitigation of the hassle from the flight of deposits abroad, but also from the haircut.
Documents accurately include these strenuous attempts at what generation, since the dose was in the air. These papers describe the entire history of the monumental years. How much we got, how much we gave, how much we owe from the beginning of the memorandum up to 6 about days!
Sample selection of documents that discourages the seriousness of cybercrime
SecNews due to the estimated seriousness of the documents exposed by the hackers Anonymous, decided to DO NOT notify all of these, so that there is no further leakage of highly confidential data, which under particular circumstances may affect the country's profile. We chose a fraction of them in part and we have masked up important data and data. See the following documents that suggest (in our humble opinion) one of the biggest online cyber attacks that has taken place in recent years in Greece with the aim of one of the most important ministries (especially at this time), the Ministry of Finance:
The identity and profile of the Hackers who carried out the extensive data leakage of the Ministry:
The identity of the perpetrators so far has not been clarified. Impression is caused by the extensive leakage of documents and fixed access over a long period of time, as evidenced by the documents, which has not been observed in the past by other hackers in Greece. The methodology of action, profile, know-how, and massive mining of documents reminiscent of espionage attacks by governments and organized cybercriminals. One can simulate the elements of the attack with the methodology Advanced Persistent Threat (APT) which was successfully used in similar attacks on White House, The Google and RSA by Chinese government hackers.
According to reliable information, Greek promoters of Anonymous #OpGreece were not aware of this attack, and as all the evidence (even from the jargon of the manifesto-announcement) the assault was carried out by members participating in the Anonymous global community outside Greece.
5 questions with political extensions who request immediate aEverythingin from those responsible
With today's revelation brought to light by SecNews, strong questions are raised about the two aforementioned incidents, which took place in April 2012 and beyond. It is clear that if hackers have access to the Ministry's infrastructure to date, they could create "false" facts and incidents (such as the leak of the document by the department head) without the knowledge of those involved in order to mislead the public and authorities. This has happened many times in attacks against government networks in the US and elsewhere, with a complete disorientation of the authorities with methods of spying and altering the identity of unsuspecting victims (!)
By having access codes for a large number of users, it is extremely easy to identify someone else's identity with disastrous results. The questions to be answered by the competent authorities of the Ministry are:
- Additional measures were taken by the security services of the Ministry following the attack of last April critical infrastructure; Why did these measures prove inadequate?
- How do you explain the use of simple passwords in key document and mail management systems? What is the data and information security policy imposed by the Hellenic Republic?
- The data posted (so far) by hackers are data related to the economic situation of the country. What do you foresee in case of mass leakage of personal data of Greek citizens and what measures have been taken to deal with such a case? Why did the hackers choose October 28 to make the incident public? Symbolism or something else?
- Are senior Ministry officials, the Minister and the Undersecretaries aware of the dangers posed by the lack of information security measures and the improper use of the internet by Ministry officials? Do they know that foreign governments can know in advance by cyber espionage methods the moves being prepared by the government's financial staff?
- What do you plan to ensure the critical infrastructure of the National Intelligence Service, the National CERT (Computer Emergency and Response Team) and the country's security authorities? How can it be justified that foreign governments, cyber-spies, hacktivists or hostile countries manage to have PERMANENT and UNLOCABLE access to the neuralgic systems of the state machine and not be noticed, except in case of publication of an incident?
SecNews remains at the disposal of the press office of the Ministry to post a relevant Press Release if it is desirable.
SecNews thanks the anonymous sender of the message for timely and valid update.
Greek
Chinese (Simplified)
English
Greek
Russian
They try to impose citizen cards and other central data management systems (strictly personal data)… and do not look at how bad their infrastructure is ..
They try to impose citizen cards and other central data management systems (strictly personal data)… and do not look at how bad their infrastructure is ..
The message of the attack and the documents that have been posted?
http://www.ehackingnews.com/2012/10/anonymous-leak-classified-doc.html
Search engine search for Greek Financial Documents download and search only last XNUM time.
There is also a torrent (name = MOF) and zip files for direct download
I can not understand why the links are not communicated, since when you are exclusive as always, you have to announce the links. Why do you keep this data for your delivery? Unacceptable, inform the people.
@EisteAparadektoi Thank you for your comment. We clearly state that we did not disclose the relevant links due to the nature and high quality of the documents. The documents contain data of high importance regarding the Greek debt as well as personal data of employees of the Ministry. Thanks.
@ Secnews I have the impression that Anons want all the Greeks to know, not just you secnews. What you do is the publishing of MEGA and the rest of the sold-out assholes. If you can not share the data forward it to another reporter who can.
@EisteAparadektoi We understand exactly what you are saying. We are already in the phase of comprehensive investigation of the documents and in communication with our legal team we are examining whether it is possible to proceed with such a thing.
Your point of view is highly respected.
@ SecnewsThanks for your answers. Rate it and let us know without any doubts.
@EisteAparadektoi @Secnews If I'm not mistaken, you can always find them on the sites uploaded by Anonymous. I imagine sec news τα takes it from there…
@Secnews Right! The point is to do proper journalism! You do not need to have powersearching knowledge to read a message that concerns all the Greek people! And yes it is from the Anonymous page as mentioned in the "exclusive" text, the anonpaste!
????????????????????????????????????????????????????????????????????????? ???
@EisteAparadektoi @Secnews Post my man, Kosmakis is trying to find it in the morning! 🙂
@EisteAparadektoi @Secnews Search twitter for #opgreece and you will find the Links.
DIMOSIOGRAPHY SIMENI OTI GRAFI O DIMOS? DILADI O KOSMOS? DILADI DISKOLEBESTE ON GRAPSETE PRAGMATA GIA TON KOSMO? DILADI I DIMOSIOGRAPHY EINAI TO ANAPARAGOUME MONO GEGONOTA POU MAS LENE ALOI? AFTA DOU BRISKETE ESIS TA ANADIMOSIEBETE MEXRI ENOS SIMOU? KSERO APLA TI AKRIBOS DOULIA KANI ENAS DIMOSIOGRAFOS GIATI AND EINAI APLA PAPAGALOS NA PARO KANA DIO KAI NA PAPSO NA BLEPO BLOG RADIO A TV.
KAI KATI AKOMA… .. TO DIMOSIO XREOS DEN EINAI KAI DIKO MOU XREOS? DILADI DEN THA MOU TO ZITISOUN NA TO PLIROSO? EINAI DIKEOMA MOU KAI IPOXREOSI SAS OPOS EGO ASKO STO EPAKRO TA KATHIKONTA MOU OS LITOURGOS NA TA ASKITE KAI ESIS… AN PAPSOUME NA EIMASTE STO KABOUKI MAS KAI NA KRIBOMASTE DAS K OI NA KRIBOMASTE DAS.
GRIGORA TA LINKS STO LAO
you can use the password to save the password for the users you are using to encrypt and the poly dyskolo on the tape. gnorizo apo sap kai aytos poy vrike ta mallon apo kapoio xls arxeio tha ta vrike. exaloy apo tin laipoyn oi standard sap users. day amfisvito to arthro apla leo !!!
If you have the facts, you owe it to the Greek Citizen to make them public. The last 3 years have become points and monsters with the Greek economy and the slightest that could help to find out its reality is your need to make it public. You are not legally responsible because you do not post the material simply indicate where it is.
You must publish all the information at your disposal. Otherwise, you become accomplices of those who have kept them secret for so long.
Give the link for the anonpaste only! this will not cause any problems for you…
Nice censorship!
Watermarkings why did you put them? Do not you eat the news other sites? And what is the news just like their favorite code is 123456? If you do not download the data for download, censorship and watermarking, you are no better than Greek TV.
Ask your legal team as soon as possible to tell you if you can publicize the data. My opinion is that you HAVE the need to make them public even if your legal team tells you no. Well or badly you dropped the ball.
You do not have the right to hide the information. You have not captured the data. They have leaked and are now public. Even if criminal responsibility arises for you, these will be small compared to the size and importance of information.
Ande we wait
@human_pride We have not yet been authorized by our legal team.
??????????????????????????????????????????????????????????????? ???
@EisteAparadektoi We have not been allowed by our legal team so far because the issue needs special attention as we are told.
@EisteAparadektoi swamp indymedia.org
Vaxevanis did not hesitate to appear on the list; even if he was a journalist who worked for big channels in the past, he was bullied. If the announcements are hidden behind the theft of data, it is your obligation to provide the links. If justice has its guts and there in the Cybercrime Prosecution they are not noumads..let them go to catch them.If the interception was done by anonymous and you do not give a complete article with relevant links etc. I'm sure they will be published elsewhere and you will lose the exclusivity;
Dear ArisApoToSaliaris already the links make the round of the internet and we have identified the links in social media and on various websites. Regarding your deceptive comments, they are respected and we accept your good or malicious criticism.
Why don't you give the link that is posted? You do not want the Greek to be informed. citizen?
Nice all this, other on the Intranet of GLK how they came in? Do not even have Intranet over there?
If you go to the Athens indymedia page (not facebook) in the right column in the local news you will see the relevant article "Leakage of documents from the Greek Ministry of Finance" with Link with the full list of codes and more. You can easily find Athens Indymedia if you search on google.
Lamia of the system hides the amounts they paid in the international houses .. It does not come out tpt in the light you just chased the advertisement and the projection .. Whoever is looking for the cyber time can find the link… He is right or he is left first he is in the list of the people
And you hide news according to your own criteria. Impartiality?? Faith in journalistic ethics ?? Respect to your audience ?? How do you say this abortion ??? What I understood from this site is that if I want a reliable source of information, I should look anywhere other than here. This is not news. It is a news report. And in the end, if you had a little chip, you would not take it out at all since you are afraid to do your job and really perform a function by informing. On the other hand, this presupposes something that is playing and that you have never heard of as an arrest. It is a concept known to many people as DIGNITY…
You are not telling me, lads… how did the anonymous servers that do NOT see the Internet hack ???? Another "success" of the anonymous but Harry Potter. We did not hear such nonsense there either… Come on.
Kids okay I have the links with the documents do not say and something important I could not appreciate them as I do not know, however if allowed I put it here the link to see them
Kids okay I have the links with the documents do not say and something important I could not appreciate them as I do not know, however if allowed I put it here the link to see them
In your article of 31/10/2012 entitled "Who finally carried out the cyber attack on YPOIK?" (https://www.secnews.gr/archives/52929) typically states that "the sources confirm that there was no digital interception and that" the reference to the x-activists Anonymous was made out of malice and to disorient the authorities ". If I remember correctly in another article which I did not find at the moment you mention that the authorities diagnosed that these systems were not connected to the internet, so documents were leaked from the inside stating that “The information confirms the essence of the issue we raised this morning with the mass leak of documents from the Ministry without confirming the commission of an electronic attack. ” (http://δηλαδή that the guru wants to be shown and passed, you also see that there are serious distances from what is being diagnosed and from what is valid. I therefore draw the following conclusion. For their INSTITUTIONS I am sure. To play the show for their benefit too (because it's going to be when you tell the minister that the specialized officers I've been looking for and found that it was done from inside, so let's all find out and I'll find out who did it. they are not going to find them, but no malicious employee is easy to blame for him, consumables are like the GHS kidney). For their political games, however, I have some reservations, but as I see in the particular police office where the political wind blows, we go.
Goes on
These few of me.
To know that some just use their minds to think where and where.
This text is purely personal, and any disagreements are respected.