Under the banner of the ongoing online Operation Africa campaign, hackers yesterday breached and defaced a number of South African websites.
The campaign started in February, with members of hacker collective Anonymous stating that the group would be targeting African governments over corruption, internet censorship and child labour. The campaign has since targeted company websites associated with “corrupt governments.”
A hacker going by the Twitter handle of @SinfulHazeCE has claimed responsibility, identifying with the hacker group New World Hackers, for yesterday’s attacks, in which he targeted farmwise-pots.co.za, africanfootprints.co.za, strokeaid.co.za and eclipsegroup.co.za and 10 other websites. That last one is a furniture supply company.
The hacker replaced the home pages of those sites with his own message, while electronic dance music played in the background.
The companies involved didn’t seem to fit the bill for what would qualify as #OpAfrica targets, so we set out to contact SinfulHazeCE and New World Hackers in order to ask them about it.
“Yes the targets that were defaced were a bit strange for OpAfrica, [but] they were defaced to spread awareness about OpAfrica. No harm has been done to their servers and websites – everything was left intact except for the “index.php” which was replaced by my index.php containing the deface page,” the hacker told htxt.africa.
When asked how easy it was to gain access and deface the websites, SinfulHazeCE revealed that it took him less than a day the breach – and also revealed (rather extensively) how he managed to gain access.
“Well it was quite easy. I created a python script which scans the .za domain and http://strokeaid.co.za caught my eye. I then had a further look into the site which then lead me to finding a SQL error. After that, I did an SQL injection, [and] I gained access to their database where I found something quite interesting,” he said.
Since he managed to deface good number of sites, we were curious: were all of the websites breached on the same server? Well, it turns out they were.
“There where 13 websites hosted on that specific server, but at that point I still had no root access to the server,” said SinfulHazeCE. “I did a little digging and found a way to upload my shell, that is when I saw all the domains hosted on the server, although I did run into a slight problem when I realized my shell has “www-data” which had no write permission – which means I could view their entire server but I could not do anything or deface anything. I then saw that there was a way to access the sites via FTP, [and] I started a brute force which cracked all of their usernames and passwords within about an hour or two.”
SinfulHazeCE pins the blame for the ease at accessing the sites at hosting company J3 Hosting, as it “did not do a good job on securing their clients websites.” In short: “I would say this was an easy target.”
As for the “why”, SinfulHazeCE wanted to make it clear that the sites weren’t targeted for any wrong-doing, but rather to create awareness. “All the sites hacked, their databases are intact and will not be released as they are innocent civilians.”
New World Hackers stressed that “#OpAfrica is to show the people how corrupt Africa is, [in] some places in Africa the governments abuse their own people, innocents; upon the streets.”
More recently, hackers Zim4theWin (operating under Anonymous Africa) took down the website of the Economic Freedom Fighters (EFF), by launching a distributed denial of service (DDoS) attack to overload the website’s server. This attack came after the same hackers claimed responsibility for taking down several SABC sites just a day earlier.
“What zim4thewin had done a good thing to show [the] SABC that Anonymous is watching and that we are not afraid to show our power/strength a little. SABC is now alerted and if they keep on censoring information and media they will be attacked again. I still thank zim4thewin for showing SABC and EFF that we have a voice and we are not going to sit back and watch a country with potential die because of a few that are corrupt,” SinfulHazeCE explained.
We asked New World Hackers how effective a DDoS attack is, as it merely renders the entire website inaccessible, whereas the most recent attacks left a pointed message on the targeted sites’ front pages.
“We are well known for DDOS attacks, we see it as a protest. It can be a way to get a message across. Most companies, if they aren’t getting any revenue from the website, they don’t care.”
The operation has however in the past targeted bigger websites, as in February it hacked into South Africa’s Department of Water Affairs, and a month later hacked Kenya’s Foreign Ministry and leaked over 1TB in data of government information.
When asked about their future plans, the group told us their next target would be an African telephone company, “so that we could snoop on the government after identifying all of the phone numbers.”
[Image – CC by 2.0/Mattia Notari – Foto]