Archive for February 28, 2018

French Security Researcher hacks Telangana Government Website


A French security researcher has exposed the Telangana government's benefit disbursement portal's 'TSPost' vulnerabilities, biometric details of millions of beneficiaries were laid bare. 

The researcher, Baptiste Robert, whose Twitter handle goes by ‘Elliot Alderson’, has been trying to prove that the Aadhaar database is highly vulnerable to basic SQL (structured query language) injection, a common web hacking technique. 

For exposing the flaw, he used SQL code to attack the back-end database of Telangana disbursement portal and get access all the confidential information.

The portal had the Aadhaar details of 56 lakh beneficiaries of NREGA and 40 lakh of social security pension (SSP). 

Robert said, “In theory, a government website is very secure, but in India, it’s another story. http://tspost.aponline.gov.in is vulnerable to a basic SQL injection that allows an attacker to access the database of the website. To be clear, all the data on this website can be a dump. Telangana government officials say they are working on to fix it. For this website, they have to hire decent web developers to protect it from attacks.”

The researcher used a social media platform, Twitter, to mock the way government officials dealt with the vulnerability that he had found. He tweeted,” I don't know if I have to laugh or cry. http://tspost.aponline.gov.in owners fixed the issue by putting offline the website.”

While, a TSPost official said, “We are working on fixing the vulnerability after it was reported to us. It was online due to certain dependencies. We have taken off the site from the web, and we hope by Tuesday evening we will be able to set it right,”

Satish, COO of TSPost, said, “Our technical team is working on it. We can give an update on Tuesday.”

Bug hunter makes $2,500 for revealing Facebook vulnerability

Facebook recently patched an information disclosure vulnerability that was a new feature that it was testing which exposed page administrators, researcher Mohamed Baset reported this week.

Baset claimed he discovered the issue, which he described as a “logical error,” within a few minutes of receiving an invitation to like a Facebook page on which he had liked a post.

The Mexican security researcher recently wrote up a Facebook bug he claims he found in just 2 minutes 18 seconds.

After being notified through its bug bounty program, Facebook acknowledged the vulnerability and decided to award for his findings.

Facebook has paid the researcher $2,500 for reporting the bug that he discovered without any testing or proof of concept, or any other time-consuming processes.

The payout certainly brightened up Baset’s day more than his usual morning cup of coffee – the very cup he was drinking when the bug landed in his lap.

Baset spotted that autogenerated emails sent on behalf of a named Facebook page revealed more about the accounts behind the page than you’d expect.

While he hadn’t liked the page itself, through this feature Facebook was enabling page admins to target visitors who had interacted with any of their page content but hadn’t liked the page yet.

Looking at the email’s source code, the researcher noticed that it included the name of the page’s administrator and other details.

This wasn’t exactly a show-stopping bug, but it was enough of a data leakage flaw for Facebook to fix it promptly.

This latest Facebook bug report proves that hackers not only need technical skills but more often than not also need to have a hacking and hunting mentality that enables them to spot problems in the obvious but easy-to-miss places.

Facebook continues to attract much of the white hat hacking community; the social networking giant recently announced that it paid over $880,000 in bug bounties last year, bringing its total rewards to over $6,300,000.

New spyware posing threat to privacy

RedDrop, the name of a new form of spyware poses no less cyber security threat these days forcing the school of experts to devise a mechanism to firmly deal with this impending infection which keeps spreading at an incredible speed.

Those doing extensive research on the cyber security threat say that the spyware is deployed to steal data from the smartphones to have ensured uninterrupted access to the users' privacy which include the banking activities.

The spyware in question, if deployed to infect a smartphone can pilfer all sensitive belongings, photo, calls, messages stored in it apart from the used Wi-Fi networks.

The cyber experts who claimed to have spotted it have talked of more stunning materials in the Andriod malware to lure the smartphone users to be duped finally.

With this most persistent malware these days, an infected user, mostly, get to know it only after receive an exorbitant phone bill since the malware keeps sending many silent messages. The high bill is also attributed to the uninterrupted spyware activities.

Initially, RedDrop, that developed the malware deployed a Chinese language with content for adult in the app and then the English speaking lots were also targetted which the researchers call a global operation.

The gang of hackers never direct the users to download the malicious ones in a jiffy since their network keeps spreading over 3,000 domains, which if allowed to work, helps an user install the malware.

Even a single dropper, if downloaded, easily takes control over the entire server and the system to keep downloading many other components encouraging the user to proceed.


Clear evidence to blame those behind RedDrop and its hybrid infection eludes. But the ulterior motive behind this is beyond doubt, is espionage which is why, the hang of hackers have immense resource invested in the malware.

20,000 ETH Tokens Returned To Coindash


It so occurred on February 23rd that Coindash made public by means of its blog that 20,000 ETH had been re-stationed to company's wallet at 12:01:41 AM +UTC.

Amid July of a year ago, the hacker changed the deposit address that was displayed on Coindash's, at that point siphoning nearly 37,000 ETH tokens from ICO subscribers  – at the time esteemed at around $10 million USD. The 20,000 ETH tokens came back to Coindash are right now worth almost $17 million.

The exchange involves the second time that the hacker has returned assets to Coindash, as 10,000 ETH tokens were sent to one of Coindash's Ethereum wallets on September nineteenth, 2017 – then comparing to more or less $3 million.

Facetiously, the hack endured by Coindash a year ago, at that point portrayed as "damaging event to both our contributors and our company," now seems to have been liable for the company netting a critical dollar-value increment in capital.

Following the latest transaction, the consolidated dollar-value of the returned 30,000 ETH at the point of separate execution equates to around $20 million – or twofold the fiat-estimation of the stolen ETH at the time of the burglary.

The Israeli Authorities were likewise notified of the transaction.

The hacker nonetheless returned the 20,000 ETH to Coindash and the Chief of Coindash, Alon Muroch, even issued an announcement with respect to the news, expressing "Similar to the hack itself, the hacker’s actions will not prevent us from the realizing our vision, Coindash product launch will take place next week as originally intended."

Coindash's product launch is as of now scheduled for February 27th.


Coindash's blog further expressed that the company "notified the Counter Cyber Terrorist Unit in Israel" with respect to the transaction, and that "The hacker’s Ethereum address will continue to be tracked and monitored for any suspicious activity...”

Russia behind the Olympic cyber attack!

The US investigators probing the cyber attack on the 300 personal computers deployed in the Winter Olympics, 2018 claimed to have received some striking evidence to blame Russia for the mess up.

The intelligence inputs have suggested active role of a league of Russian spies who launched a malware on the opening day of the event, a month after the attack on the south Korean routers.

Sources claimed to have possessed a great deal of glaring evidence that the spies in question had access to North Korean internet to deploy in the attack to pin the blame on the country at a time when the country pins hopes on the games to bridge the yawning gap with South Korea.

But the US investigators find it difficult to go public blaming it on the Russian spies for the mess up in the internet broadcast system where many PCs refused to function properly to print out the tickets.

Some other circumstances have helped the investigators come to such a conclusion since Russia’s name cropped up after the Olympic authority disclosed ban on doping as revealed in the health data of the Olympic athletes after the 2016 event.

These schemes of things are grim reminder of the NotPetya, the incident of dreaded cyber attack that virtually disabled many PCs across the world last year. There is no dearth of clues to indict the same hackers for this attack that lasted for a short spell of time.

Even after in the possession of so much evidence, there is hardly any chance to focus to the blame of Russia since the game hosting nation remains tightlipped over the cyber attack incident that partially disrupted the recent global games event.

The investigators and event promoters might maintain studied silence. But they are now at least in the know that cyber security in all probability pose a serious threat to a global event and care and attention are the need of the hour to do away with this impending problem.