Security Brief: Turkey, Security Holes and Hacks


Over the past week, the notorious RedHack hacktivist collective has been highly active. After breaching the website of the Istanbul Special Provincial Administration, they also took aim at the systems of Turkey’s Directorate of Religious Affairs.

The hackers are considered a serious threat by the Turkish government. A few days ago, Turkish police filed a report with the Istanbul Prosecutor’s Office in which they named the group a “cyber terrorist organization.”

“Protecting and defending the public's rights and freedom Wanting Equality for all Demanding Justice is NOT Terrorism,” the hackers responded.

RedHack is not the only hacktivist group that made the news this week. Three other hacktivists have defaced a total of 33 Chinese government domains in protest against the massacre of Uyghurs.

In addition, Anonymous-affiliated hackers claimed to have breached Turkey’s Ministry of Finance. They’ve leaked several documents that appear to represent income and expense reports.

And since we’re talking about hacks, let’s take a quick look at the organizations and websites that were hacked this week.

The list includes the Malaysia domain registry, a hack which lead to several high-profile .my domains being defaced; the US Air Force Culture and Language Center, breached by Turkish Ajan; Ubisoft; Relead, whose customer database was leaked by Anonymous; CNN’s Political Ticker; and website of former Apprentice” contestant Katie Hopkins.

The fact that pro-US hacker The Jester doesn’t agree with the actions of NSA whistleblower Edward Snowden is known. However, this week the hacker started an operation against all governments that offer to help Snowden.

His targets include Ecuador’s stock exchange, a site of the country’s Tourism Ministry, Iceland-based DataCell, and the website of Venezuela’s presidency.

As far as vulnerabilities are concerned, experts claim to have identified a critical backdoor in Atlassian’s single sign-on and secure user authentication solution Crowd. However, the company has not been able to confirm the flaw’s existence.

In case you’re using Cryptocat to make sure your communications are secure, you should know that at least some of your conversations might have been cracked. Some controversy surrounds the topic.

Cryptocat developers say the vulnerability exposed only group chats for around 7 months, but the researcher who identified the security hole believes all conversations from between October 2011 and June 2013 could have been cracked.

Commander Joseph Kramek of the US Coast Guard has published a report to highlight the fact that US port facilities are vulnerable to cyberattacks. Many ports have invested a lot of money in physical security, but cyber security is not a top concern for many of them.

The most important security hole brought to light this week is one that affects around 900 million Android devices. Security researchers have identified a vulnerability that could be leveraged to turn any legitimate app into a malicious Trojan, without breaking the application’s cryptographic signature.

Also in the mobile security category, an expert has found that Motorola harvests a lot of sensitive information from Droid X2 phone, and possibly other models. The data includes usernames, email addresses and passwords.

Here are some other interesting stories, in case you’ve missed them:

The European Union has adopted new legislation. Cybercriminals will face tougher penalties.

The Indian government has released its National Cyber Security Policy 2013

Bulgarian national allegedly involved with Shadowcrew hacking forum extradited to the US

AT&T hacker Andrew Auernheimer appeals sentence

Java RAT used in spear phishing attacks against US government agencies

PwnedList harvests over 28 million credentials from the Tianya hack

Man suspected of being involved in Mitt Romney tax returns extortion scheme has been indicted

Beware of scams leveraging the removal of Egyptian President Mohamed Morsi
Add me on Google+

Via: Security Brief: Turkey, Security Holes and Hacks