Extreme full-disclosure hijacks hundreds of Pakistani websites

The new landing page showed a picture of two penguins (sometimes just one) crossing a bridge (the ‘defacement’ mirror for yahoo.pk can be seen here on zone-h). It was headed ‘eboz’, the name of a Turkish hacking crew that has been around for some time. TechCrunch suggests that the group – or at least the name – has been used since 2009, and “that Eboz is now linked to some 600 take-downs.” Some of the pages display “Pakistan Downed” which early reports thought might be a reference to the Google Pakistan takedown and Google’s importance to the internet. It is more likely, however, a reference to the flaws found and exploited in the top-level domain system in Pakistan, PKNIC, that were used on a generic scale.

ProPakistani, a site specializing in telecom and broadband issues in Pakistan, has provided more information this morning. It received an email from an apparently separate Pakistani hacking group, with members including Khanisgr8, Net_Spy, Xpired, Sho0ter and N3t.Crack3r giving details on the flaws in the PKNIC system. ProPakistani noted that this “hacker group claims to be the watchmen of Pakistani cyber space and are believed to quietly observe things to make sure that they keep rolling smoothly.”

The flaws revealed include boolean-based blind sql injection, time-based blind sql injection, cross site scripting and sensitive directory disclosure, together “with complete parameters and proofs of vulnerability.” ProPakistani has offered to “share the the complete details of these vulnerabilities with PKNIC if they want to resolve the flaws.”

It isn’t clear whether the supposedly Turkish hacker or group known as eboz is the same as this supposedly Pakistani group, whether they are affiliated, or whether the Pakistani group knew of the flaws separately. In the long-term, however, the eboz action will do more good than harm. Taken with the explanation given to ProPakistani it is a form of extreme full-disclosure that will force PKNIC to rectify the flaws and prevent other cybercriminals exploiting them for financial gain in the future.

What’s Hot on Infosecurity Magazine?