Even as Russia brings pain and suffering to the people of Ukraine, hacker activists are trying to inflict some pain on Russians inside Russia. In this battle, fought in secret, no attack is too small. So Anonymous, a decentralized international activist and hacktivist collective that conducted multiple cyber attacks inside Russia, attacked a Russian message board or internet forum, obtained user information and leaked the entire database online.
The hack, created by KiraSec, a cybersecurity group of hacktivists working as Anonymous agents, is an act of harassment against Russia over its invasion of Ukraine, which began in February. “The reason we hacked this Russian forum is the same reason for our previous hacks and takedowns,” said AnonZenn, one of the heads of KiraSec International business hours in an exclusive interview.
“Russian citizens are blind to reality because of the Russian propaganda spread by Putin and the Kremlin,” he stressed. While Russia was feared for its cyberwarfare prowess, Anonymous and other hacking groups have now shown that it is just a paper tiger. And the group, which has carried out several spectacular cyberattacks against Russia, had no trouble hacking the Russian Internet forums Expat.ru and forum.expat.ru.
“It was vulnerable to a variety of different exploits and had open ports that a secure website shouldn’t have,” AnonZenn said. Whether the Russians got too complacent because of their “unmatched” cyber proficiency or it was all just propaganda isn’t clear, but Anonymous found its way into the database and easily obtained sensitive details, including usernames and passwords.
“We picked one of the exploits, which happened to be a malicious code injection, and exploited it. Once I was in the forum database and admin account, I immediately saved everything,” announced AnonZenn.
The team also discovered a spreadsheet that contained 3,600 accounts, including “email, username, password, posts, joined date, including the administrator’s password (which was moscow00).” AnonZenn explained that the passwords were hashed, but only in MD5 (a cryptographically flawed but still widely used hash function that produces a 128-bit hash value), which Anonymous says is “very easy and extremely easy to unhash”. It only took you a few seconds to know the hashed passwords.
For all their cybersecurity and hacking reputations, the Russians have been carefree. The hacktivist said, “You had the hashed password and the plaintext password right below it,” which is a total clue because even if you don’t know how to dehash, the password is just there. Anonymous shared that the Russian forum “not only has terrible security measures, but the way they handle their users’ information is absolutely unsafe and ridiculous”.
Anonymous then logged into the accounts and posted “every single thread on the forum with different messages.” Some posts harassed Russians, while others insulted Russian President Vladimir Putin and had a link to a Ukrainian song.
Anonymous also changed the forum location to Ukraine, changed some profile pictures to KiraSec’s logo, and notified all members via DM about Ukraine and Anonymous hacking their accounts. The forum administrators could not stop the posts. The hack may not seem remarkable, but Anonymous said, “This opens up a world of chaos for the website owner.”
Anonymous has published every user data it could get their hands on online.
KiraSec has shut down hundreds of Russian websites, Russian banks like alfabank, bank.yandex.ru, pro-Russian terrorist websites, Russian pedophile websites, Russian government websites, Russian porn sites and many more.
The cyber-activists also “hacked various Russian SCADAs and ICS, bombed their systems and completely destroyed their industrial machines.”
KiraSec also works with DarkLulz, another anonymous hacktivist group very active in OpRussia and OpBRICS. It is an operation similar to OpRussia, but its scope extends to countries that help Russia in the war.
“Hopefully, with enough hacktivists targeting Russia and spreading this message, it will at least be eye-opening for some Russians who are in the crosshairs,” Anonymous’ AnonZenn said.
https://www.ibtimes.com.au/anonymous-lays-waste-russian-message-board-releases-entire-database-online-1838529?utm_source=Public&utm_medium=Feed&utm_campaign=Distribution Anonymous trashes the Russian message board and puts the entire database online