[Alert] Make sure your web sites are secured!

本帖最後由 samiux 於 2014-10-5 09:02 編輯

To all IT staff :

Please be informed that some Hong Kong websites are being hacked by Anonymous due to the tear gas defense.  Be keep in mind that Anonymous is a group of skilled malicious hackers.  Make sure your web sites and web servers as well as networks are secured.

Samiux

Update on Oct 4, 2014 :

The cause of firing tear gas defense may be due to the protesters attacks :



Sources :

http://www.bastillepost.com/hong ... %A1%9D%E6%93%8A?r=w

https://www.facebook.com/video.php?v=667194286727564 (new added)

https://www.facebook.com/video.p ... ;type=2&theater

Update reason : fix typo
                             add Update on Oct 4, 2014
                             add one more source to Update on Oct 4, 2014

本帖最後由 samiux 於 2014-10-12 10:18 編輯

Anonymous Asia (Script Kiddies) and Operation "Twitterstorm" #OpHongKong Attacks Summary Report
(as at 1000 hours on Oct 12, 2014)

Anonymous Asia Attacks

The Facebook page, namely Anonymous Asia (https://zh-tw.facebook.com/anonymous4sia), is created by one of Hong Kong citizens.  He posted some DoS tools and some DoS web tools as well as instructions for his followers to launch DoS attacks (http://en.wikipedia.org/wiki/Denial-of-service_attack) against some of the websites in Hong Kong.  As a result,  DDoS attacks are performing.

It is believed that this Facebook page is not origin from Anonymous as this page only asked his followers to perform DoS attacks only.  Meanwhile, there is another Facebook page that is also namely Anonymous Asia (https://www.facebook.com/officialanonymousasia).  In addition, there are Facebook pages namely Anonymous HK and Anonymous Hong Kong too.

According to the information gathered, there are about 20 members of original Anonymous in Hong Kong.  The Anonymous Asia Facebook page owner (https://zh-tw.facebook.com/anonymous4sia) may be one of them.  There are about 3 active admins (the owner is "T", one of them named "A" and the other is named "Dragon") of the Facebook page.  "T" has Facebook account namely Tommy Constantine and Messiah-T or Anon-T.  His real name is 陳白山.  The active admins seem not to be skilled malicious hackers.  They seem to be knowing how to hide their IP address by using TorBrowser/Tor and launch DoS (Not DDoS) only.  There is no website that are defaced or hacked by them so far.  So, we would call them as Script Kiddies (http://en.wikipedia.org/wiki/Script_kiddie).

They have no planning how to perform the DoS attacks since Oct 3, 2014.  His followers suggest which sites to be attacked and the active admins will perform the attack although some of the sites are attacked on their mind.

Some of the sites, which are under D/DoS attack, are operating properly as at 0810 hours on Oct 5, 2014.  It seems that his followers and the active admins have insufficient resources and manpower to launch the attacks or they lost their patient for the attacks.

If you are one of his followers and have performing the attacks, please be prepared to be caught as using their method to hide your IP address is not safe enough.  So, please stop it.  It is a crime.  You will be put into the jail.  It is my warning and advice.

Anonymous Asia (https://www.facebook.com/anonymous4sia) called help to Anonymous Taiwan (https://www.facebook.com/Anonymous.TW).  Anonymous Asia also provided some links and tutorials to Anonymous Taiwan.

Meanwhile, Anonymous Asia (https://www.facebook.com/anonymous4sia) also linked up with #OpHongKong (https://www.facebook.com/events/304631103075777/) which is hosted by Damon Savage (https://www.facebook.com/damon.campbell.984).  Most of the messages are believed to be posted by Hong Kong citizens.  

Anonymous Asia accompanied with #OpHongKong (https://www.facebook.com/events/304631103075777/) and Anonymous Taiwan to D/DoS to websites of Hong Kong Police Force, Hong Kong Exchanges and Clearing Limited, and MPFA.  It is because 5 persons have been arrested for attacking Hong Kong Government websites in the early morning on Oct 6, 2014.  They performed the attack via Tor at about 1100 hours on Oct 6, 2014 and stopped at about 1130 hours on the same day.  They thought that the attacks are failed due to the assistance of the China Cyber Army.

After the failure, "T" announced that all arrested persons should not co-operate with Police Officers and seek assistance from them.  He claimed that only they can help those arrested persons.  Meanwhile, "T" also suspected that there are spies on their page.  In addition, the admin "T" and his followers seem very upset for the failure and arrested persons.

Several hours later after the failure on Oct 6, 2014, "T" stated that Anonymous Taiwan was conducting D/DoS to China's press media websites.  However, those sites seem to be still alive when I was surfing them.

Since failure again, Anonymous #OpHongKong (https://www.facebook.com/events/304631103075777/) and Anonymous Asia as well as Anonymous Taiwan then protest on their pages only.  However, some websites in Hong Kong (may be not in the list below) are still under D/DoS attack by some of the Hong Kong citizens and members of Anonymous.  However, Hong Kong Government sites are not included.  In addition, the #OpHongKong (https://www.facebook.com/events/304631103075777/) has been deleted on Oct 8, 2014 and the owner of the page Damon Savage (https://www.facebook.com/damon.campbell.984) has been deleted on Oct 9, 2014.  Meanwhile, AnonMafia Cyber Family (https://www.facebook.com/groups/620109748063773/) Facebook page has been deleted on the same day which is also hosted by Damon Savage.

On Oct 7, 2014, "T" announced that hackers from 18 countries or areas join force.  Meanwhile, it is very interesting that "T" announced his Facebook page backup at the following locations as he scared about the Facebook page will be deleted by the official.

Google+ https://plus.google.com/b/109503 ... 2198323737203/posts
Twitter https://twitter.com/An0nymousAsia
Tumblr http://anonymous4514.tumblr.com/
Pinterest http://www.pinterest.com/anonymousasia/occupy-hong-kong/
Anonymous Facebook http://www.anonysocial.com/profile-211/

"T" announced that one of his staff has been arrested and his computer has been seized on Oct 7, 2014.  He stated that his staff is not a member of Anonymous Asia.  Later, he advise his followers to use PS3 with Linux to do the communications and attacks as Hong Kong Police Officers will not seize game machines.  He also advise his followers to buy a low-end computer from him for the seizure as exhibit in case they are being arrested.  In addition, he asked his followers to hand over their old mobile phones (instead of smartphones) to Police in case they are being arrested.  He announced to D/DoS Hong Kong Police Force website on Oct 8, 2014.

On Oct 9, 2014, "A" announced that Anonymous Asia will hold the fire and the attack will be handed over to the overseas.  It is because the IP address of Hong Kong Government websites are changing during the attacks.

On Oct 10, 2014, a message (believed to be answering someone else enquiry) is posted on the Anonymous Asia Facebook page (beleived to be written by "A" or "Dragon") stated that the D/DoS is not started by them but it is started by Damon Savage.  It states that the particulars of the members of Anonymous Asia has been opened by someone else.  It also states that the document of C.Y. Leung is hacked by LulzSec.  However, I doubt about that as hackers cannot hack into the system and search and find the suitable documents within such a very short time.  Meanwhile, all malicious hackers of LulzSec has been arrested during previous attacks by FBI because of betray.  According to the message, the author (believed to be "A" or "Dragon") do not understand Tor very well.  Furthermore, it also states that they can do nothing on the those who have been arrested by Hong Kong Police due to the unsafe DoS instructions by Anonymous Asia.

On Oct 11, 2014, "T" provides some commands and links for the "Twitterstorm" Attacks against http://www.mps.gov.cn and 上海商業銀行.

Twitterstorm Attacks

Anonymous Asia posted a link (http://pastebin.com/raw.php?i=uwf7jurt) by AnonymousGlobo that one of China Government sites has been compromised and the emails have been dumped.  Meanwhile, an operation "twitterstorm", which is commanded by Anonymous and AntiSec, will be started on October 11, 2014 at 1300 hours MST (UTC -7) against the following top targets :

www.mps.gov.cn - Chinese Police
www.police.gov.hk - Hong Kong Police
www.mod.gov.cn - Ministry of Defence of China
www.moj.gov.cn - Ministry of Justice of China

On Oct 11, 2014, according to Bleached Info (http://paper.li/trezsec/1388225035), there are some China Government websites have been defaced and hacked (http://pastebin.com/raw.php?i=JzXd5N81).  Meanwhile, Mask Action 公義同盟 (https://www.facebook.com/MaskActionAlliance) will relay the message from Anonymous.  Mask Action states that 52 China Government websites database will be leaked at 0300 hours on Oct 12, 2014 (https://twitter.com/trezsec/status/520826440661889024).  All the captioned information are origin from Twitter @trezsec (https://twitter.com/trezsec).  Anonymous Asia also provides commands and links for the attacks against http://www.mps.gov.cn and 上海商業銀行.

At about 0100 hours on Oct 12, 2014, @trezsec states that they are conducting DDoS at http://www.ebeijing.gov.cn/.  
At about 0130 hours on Oct 12, 2014, @trezsec states that target Ministry of Defence of China (http://www.mod.gov.cn/) down by DDoS.  
At about 0155 hours on Oct 12, 2014, @trezsec states that target http://www.shgaoqiao.gov.cn down by DDoS.  
At about 0200 hours on Oct 12, 2014, @trezsec states that target (1) http://www.stats.gov.cn, (2) http://www.gdd.gov.cn down by DDoS.
At about 0210 hours on Oct 12, 2014, @trezsec states that target http://www.ndrc.gov.cn down by DDoS.
At about 0230 hours on Oct 12, 2014, @trezsec states that target (1) http://www.gzjjzd.gov.cn, (2) http://www.mwr.gov.cn down by DDoS.
At about 0240 hours on Oct 12, 2014, @trezsec states that target http://www.saic.gov.cn down by DDoS.
At about 0305 hours on Oct 12, 2014, @trezsec states that target http://www.sjz.gov.cn down by DDoS.
At about 0315 hours on Oct 12, 2014, @trezsec states that target http://www.shmec.gov.cn down by DDoS.
At about 0318 hours on Oct 12, 2014, @trezsec states that target http://www.gaohang.gov.cn down by DDoS.
At about 0319 hours on Oct 12, 2014, @trezsec states that target http://www.xm.gov.cn down by DDoS.
At about 0322 hours on Oct 12, 2014, @trezsec states that target http://www.mps.gov.cn down by DDoS.
At about 0343 hours on Oct 12, 2014, @trezsec states that target (1) http://c3integratedsolutions.com, (2) http://www.police.gov.hk down by DDoS.
At about 0410 hours on Oct 12, 2014, @trezsec states that target Ministry of Justice of China (http://www.moj.gov.cn) down by DDoS.
At about 0415 hours on Oct 12, 2014, @trezsec states that target http://www.sanya.gov.cn down by DDoS.
At about 0430 hours on Oct 12, 2014, @trezsec states that target http://www.cyberpolice.cn down by DDoS.
At about 0450 hours on Oct 12, 2014, @trezsec states that target http://www.chinamil.com.cn down by DDoS.
At about 0454 hours on Oct 12, 2014, @trezsec states that target http://www.credit.gov.cn down by DDoS.

However, most of the sites are not down for long.  I can surf those websites properly.  I also test the connectivity by using web tool (http://www.check-host.net) to confirm.

The Twitterstorm attack on Oct 12, 2014 is stopped at about 0500 hours.

Leakage of Twitterstorm :

(http://pastebin.com/u/OpHK)
(http://pastebin.com/raw.php?i=0Ce4je8r)
(http://pastebin.com/raw.php?i=HBHCGbd3)
(1) www.zjcxrc.gov.cn -- http://pastebin.com/raw.php?i=KivUV9VQ (database)
                         database dump - http://www.megafileupload.com/en ... any-csv-tar-gz.html
                         http://pastebin.com/raw.php?i=k7MDMGXH (database)
                         database dump - http://www.megafileupload.com/en ... nyinfo-csv-rar.html
                         http://pastebin.com/raw.php?i=B8960WTS (database)
                         database dump - http://www.megafileupload.com/en ... member-csv-rar.html
                         http://pastebin.com/raw.php?i=X3dvRc8j (database)
                         database dump - http://www.megafileupload.com/en/file/571119/dump-rar.html
(2) www.nftz.gov.cn -- http://pastebin.com/raw.php?i=URdebf27 (database)
                       http://pastebin.com/raw.php?i=1VhJwHNh (database)
                       database dump - http://www.megafileupload.com/en/file/571121/dump-rar.html
(3) www.gyx.gov.cn -- http://pastebin.com/raw.php?i=HJ86Urc3 (database)
(4) www.yintai.gov.cn -- http://pastebin.com/raw.php?i=GwGPWDGa (database)
(5) www.tanbu.gov.cn -- http://pastebin.com/raw.php?i=GwGPWDGa (database)
(6) www.hljcredit.gov.cn - http://pastebin.com/raw.php?i=WywHJv40 (database)


Defacement of Twitterstorm :

(http://pastebin.com/u/OpHK)
(http://pastebin.com/raw.php?i=0Ce4je8r)
(http://pastebin.com/raw.php?i=HBHCGbd3)
(1) http://www.gxj.km.gov.cn/hector.html
(2) http://www.bys.gov.cn/index.html
(3) http://www.tongcheng.jcy.gov.cn/Xnitro.html
(4) http://www.tielingws.gov.cn

Other Attacks

Furthermore, there is another #OpHongKong (https://www.facebook.com/events/337675269734564/) which is hosted by Time to Unite (https://www.facebook.com/time.to.unite).  There are some skilled malicious hackers.  Some websites in Hong Kong have been hacked for admin accounts and defaced.  Meanwhile, some websites in China have been defaced.  There are 5 malicious hacker teams for this #OpHongKong, they are :

Ghost Security Anonymous (GSA)
AnonMafia Cyber Family (AMCF)
DragonForce Team (DFT)
Anonymous Asia (AA)
GARUDA INDONESIA CYBER TEAM (GICT J3)

#OpHongKong (https://www.facebook.com/events/337675269734564/) (hosted by Time to Unite) has a list to hack.  They also provided some tools for download :

http://www.ceo.gov.hk/chi/
http://paper.people.com.cn/
http://www.takungpao.com
http://www.wenweipo.com
http://www.hkdailynews.com.hk
http://www.sunweb.com.hk
http://www.aud.gov.hk/
http://www.police.gov.hk/
http://www.cso.gov.hk/
http://www.customs.gov.hk/
http://www.cpu.gov.hk/
http://www.doj.gov.hk/eng/index.html
http://www.gpa.gov.hk/
http://www.gld.gov.hk/eng/welcome.htm
http://www.judiciary.gov.hk/en/index/index.htm
http://www.govtlab.gov.hk/english/home.htm
http://www.mpfa.org.hk/tch/main/index.jsp
http://www.ogcio.gov.hk/en/index.htm
http://www.ombudsman.hk/
http://www.oso.gov.hk/eng/home/home.html
http://www.bjo.gov.hk/en/home/index.html
http://www.pland.gov.hk/pland_en/index.html
http://www.grs.gov.hk/ws/english/home.htm
http://www.try.gov.hk/internet/ehhome.html
http://www.fstb.gov.hk/tb/en/
http://www.admwing.gov.hk/
http://www.afcd.gov.hk/
http://www.hongkongairport.com/eng/index.html
http://www.td.gov.hk/en/home/
http://www.immd.gov.hk/en/home.html
http://www.dh.gov.hk/
http://www.ird.gov.hk/eng/welcome.htm
http://isd.gov.hk/eng/

Who is the master mind in Anonymous Asia Facebook page?

Anonymous Asia (https://www.facebook.com/anonymous4sia) is also selling a combined copy of BackTrack and Kali Linux at Golden Shopping Centre Shop 25 (深水埗高登電腦中心 25 號鋪) for $88-HK. The post is origin by Tommy Constantine at Facebook (https://www.facebook.com/an0nT).  He also has another name Messiah-T or Anon-T.  His real name is 陳白山 who is younger brother of 陳玉峰.  How stupid this guy is!  By the way, he is the admin "T" too (He admitted his identity at #OpHongKong hosted by Time to Unite).  According to Google, 陳白山 has criminal records of Assaulting Police Officer and Possession of Dangereous Drug.  He may be running a mobile phone shop at Golden Shopping Centre.  

There is another person namely Tsunakiel Yau (https://www.facebook.com/kanda.yu.353?fref=nf) and he may be a member of Anonymous Asia.  The page owner/admin "T" had been arrested for 2 times and his two mobile phones had been seized during the Occupy Central recently.  Computer of "T" has been seized by Police on Oct 7, 2014.  Meanwhile, the admin "A" had been arrested on Oct 2, 2014 and his mobile phone had been seized too.

The following Hong Kong Citizens have been joined the DDoSer at AnonMafia Cyber Family (https://www.facebook.com/groups/620109748063773/).  The admin of AnonMafia Cyber Family is also the admin of #OpHongKong, that is Damon Savage (https://www.facebook.com/damon.campbell.984) :

(1) William Law (https://www.facebook.com/williamlaw)
(2) Pak Long Wu (https://www.facebook.com/paklong.wu)
    - student of 順德聯誼總會梁銶琚中學
    - DoS HK Government website on Oct 3, 2014

Tools and tutorials :

The source code of the web tools is at http://pastebin.com/985aB7QV and which is believed to be developed by "T".

Windows DoS Tool is at https://zh-tw.facebook.com/notes ... %8A/550520508427241

*nix DoS Tool is at https://zh-tw.facebook.com/notes ... %8A/550494038429888

Smartphone DoS Tool is at https://zh-tw.facebook.com/notes ... %8A/550461975099761
                          https://play.google.com/store/ap ... m.aldrinh.loic.free

The following information is gathered as at 1700 hours on Oct 10, 2014 :

Sites that have been defaced by Anonymous :
(Some of the following sites have been fixed.)

http://1idc.hk/

http://bodyart.com.hk/
http://dr-clean.com.hk/
http://evergainplaza.com.hk/
http://yio.com.hk/
http://2pitech.com/
http://cakecakefamily.com.hk/
http://fannysworkshop.com/
http://fccl.biz/
http://gsmint.hk/
http://hotpot.hk/
http://huabaohk.com/
http://infowisecorp.com/
http://intercontinental-rattanware.hk/
http://www.ispirit.hk/
http://ispiritpro.com/
http://jbox.com.hk/
http://korrigan.biz/
http://locallife.com.hk/
http://nmp.com.hk/home.htm
https://privatemarket.com/home/
http://promoter.com.hk/index.html
http://saikaihk.com/
http://tenacityintl.com/
http://rmgi.com.hk/index.html

http://www.supernice.com.hk
http://www.longriver.com.hk/admin/main.php (ADMIN:7081195)
http://www.singyip.hk/admin/index.html (singyip:sztd1688, syhk:sztd168) (will be hacked by "T" but believed to be failed.)

http://www.hk-cc.hk/

Sites that are under the D/DoS attack by Anonymous because of the arrests :
This time they are attacking via Tor.
(The attacks start at about 1100 hours on Oct 6, 2014 and it seems to be stopped at 1130 hours due to thinking of China Cyber Army is doing the defense)

http://www.mpfa.org.hk/tch/main/index.jsp 積金局
http://www.police.gov.hk/ Hong Kong Police Force 香港警務處 香港特別行政區政府
http://www.hkex.com.hk/chi/index_c.htm Hong Kong Exchanges and Clearing Limited 香港交易所

Sites that are under the D/Dos attack by the Anonymous (Script Kiddies) including #OpHongKong (https://www.facebook.com/events/304631103075777/) :

http://www.speakout.hk/ Speak Out HK 港人講地
http://www.ftu.org.hk/ The Hong Kong Federation of Trade Union 香港工會聯合會
http://www.tvb.com/ TVB 電視廣播有限公司
http://www.chkp.org/ Caring Hong Kong Power 愛護香港力量
http://www.dab.org.hk/ Democratic Alliance for the Betterment and Progress of Hong Kong 民建聯
http://www1.jpoa.com.hk/ 香港警察隊員佐級協會
http://www.npp.org.hk/ 新民黨
http://www.heekeecrab.com/ 喜記蟹將軍
http://lifestyle.etnet.com.hk/column/index.php 經濟日報 生活副刊
http://hkyds.org/ 香港培青社
http://www.hkdailynews.com.hk/ 新報
http://www.sunweb.com.hk/ The Sun Internet Edition
http://www.gov.hk/ 香港政府一站通

Sites that are immuned from the D/DoS attack by the Anonymous (Script Kiddies) :

http://www.police.gov.hk/ Hong Kong Police Force 香港警務處 香港特別行政區政府
http://www.sign4peacedemocracy.hk/ Alliance for Peace and Democracy 「保普選反佔中」大聯盟
http://www.hkex.com.hk/chi/index_c.htm Hong Kong Exchanges and Clearing Limited 香港交易所
http://www.news.gov.hk/ 香港政府新聞網
http://www.oclp.hk/ Occupy Central with Love and Peace 讓愛與和平佔領中環 (updated - before is under attack)
http://www.silentmajority.hk/ Silent Majority For HK 幫港出聲
http://hk.on.cc/hk/news/ 東方報業
http://www.directory.gov.hk/ 香港特別行政區政府及有關機構的網上電話簿

Police Action :

Oct 6, 2014 - Bastille Post
警凌晨拘5人 涉攻擊政府網站
http://www.bastillepost.com/hong ... %B6%B2%E7%AB%99?r=w
http://www.bastillepost.com/hong ... C%E7%B6%B2%E7%AB%99
兩男攻擊政府網站保釋候查
http://www.bastillepost.com/hong ... B%E5%80%99%E6%9F%A5

Oct 8, 2014 - Bastille Post
涉攻擊政府網站 警再拘3少年
http://www.bastillepost.com/hong ... 3%E5%B0%91%E5%B9%B4

Samiux

Update reason : fix typo
                             update status

TOP

A video and some links have been added to the Post #1.

Samiux

TOP

Status of Post #2 has been updated.  Please refer to Post #2 for details.

Samiux

TOP

Post #2 has been updated.

Samiux

TOP

Five persons have been arrested for attacking HK Government websites.  For details, please refer to Post #2.

Samiux

TOP

Anonymous just performed D/DoS attack on Hong Kong Police Force and Hong Kong Exchanges and Clearing Limited.  Please refer to Post #2 for details.

Samiux

TOP

Some websites in Hong Kong (including Hong Kong Government) are under attack.  Please refer to Post #2 for details.

Samiux

TOP

The master mind of Anonymous Asia is confirmed.  Please refer to Post #2 for details.

Samiux

TOP

Update for "Twitterstorm" Attacks on Oct 12, 2014.  Please see Post #2 for details.

Samiux

TOP

相關文章