South African university website hacked by Anonymous

Maxson_N

Well-Known Member
Joined
Jun 23, 2011
Messages
202
The site was vulnerable to SQL injection since 2012.. I hacked into it back when I was a student there.. The site database had students records like names, student number, ID, course registered, etc.. But no academic records and other important stuff.. Hope this won't incriminate me..
 

mobber

Well-Known Member
Joined
Jan 9, 2012
Messages
139
The site was vulnerable to SQL injection since 2012.. I hacked into it back when I was a student there.. The site database had students records like names, student number, ID, course registered, etc.. But no academic records and other important stuff.. Hope this won't incriminate me..
Oh yeah it does. You just admitted on a public forum that you committed a crime, the Protection Of Information Act. At a State Institution nogal. Not that anybody cares. You do know that SAPS have a Cyber Crime Unit (not the usual ID10T's)? Don't be sorry, be careful. :D
 
Last edited:

LCBXX

Honorary Master
Joined
Apr 11, 2006
Messages
10,645
Those script kiddies at it again.
And with that another weekend is ruined for sysadmins because of nothing more than embarrassment.

I am still not sure what this #"OpAfrica crusade" has yielded other than defaced websites. Naughty kids spraying graffiti on a wall behind a fence behave in the same way.
 

Duan

Senior Member
Joined
Jun 20, 2004
Messages
856
If they wanted to make a difference they should hack the bank accounts of the stealing politicians and donate the money to deserving NGOs who actually make a difference!

Defacing websites is a bit like burning schools.
 

MagicDude4Eva

Banned
Joined
Apr 2, 2008
Messages
6,479
Oh yeah it does. You just admitted on a public forum that you committed a crime, the Protection Of Information Act. At a State Institution nogal. Not that anybody cares. You do know that SAPS have a Cyber Crime Unit (not the usual ID10T's)? Don't be sorry, be careful. :D
Not really a crime if you followed proper process. You do know that there is a whole industry of security experts and white-hat security experts out there who do nothing else than finding issues like this to protect the man on the street.

TBH - most of government websites developed by SITA and some of very well-known SA ICT companies have data leaked all over pastebin. I would rather be worried about the hacks and leaks you do not hear about (such as a popular local e-commerce leaking out 30,000 creditcard records onto Google last month - no one has heard about it).
 

DigitalSoldier

Honorary Master
Joined
Jul 27, 2003
Messages
10,182
As if the students or anyone else will be bothered by these hackers. Africans will see it as racism/imperialism/ 3rd force.

The people are aware of failings of the government but they still vote for the same government so how will this messages on websites do anything ? The people in Limpopo are not getting textbooks because of government failure, but the ANC has the most support in the Limpopo province.
 

AirWolf

Honorary Master
Joined
Aug 18, 2006
Messages
22,687
As if the students or anyone else will be bothered by these hackers. Africans will see it as racism/imperialism/ 3rd force.

The people are aware of failings of the government but they still vote for the same government so how will this messages on websites do anything ? The people in Limpopo are not getting textbooks because of government failure, but the ANC has the most support in the Limpopo province.
Keep the voting majority in the dark as far as possible and votes are secured for a long time.
 

mobber

Well-Known Member
Joined
Jan 9, 2012
Messages
139
Not really a crime if you followed proper process. You do know that there is a whole industry of security experts and white-hat security experts out there who do nothing else than finding issues like this to protect the man on the street.

TBH - most of government websites developed by SITA and some of very well-known SA ICT companies have data leaked all over pastebin. I would rather be worried about the hacks and leaks you do not hear about (such as a popular local e-commerce leaking out 30,000 creditcard records onto Google last month - no one has heard about it).
Yes, of course I know that. He "hacked", by his own admission, into an account with personal info to which he was not privy. I also mentioned that nobody cares with a :D
 

Sollie

Expert Member
Joined
Apr 20, 2005
Messages
4,546
I would rather be worried about the hacks and leaks you do not hear about (such as a popular local e-commerce leaking out 30,000 creditcard records onto Google last month - no one has heard about it).
There it is. Information ending up in the hands of people that should not have it. And reading up, if personal data could be ex-filtrated from the hack, that's bad. I guess there could be other bits and pieces of info, perhaps even a copy of an ID or so? Thing is you can keep your data secure, but you have to supply data to some other parties, the University in this case. Do they keep it secure? No. So much data floating about, not only internationally, but also locally. A hackers wet dream. How many numpties re-use passwords?

Given enough bits and pieces of information on a party, I could become that party virtually speaking, none of his assistance required. So if I want to become MagicDude4Eva, I do not target MagicDude4Eva with phishing and social engineering as he'd be too savvy. No, I target his providers. Mission accomplished and hello, my name is MagicDude4Eva.
 

mobber

Well-Known Member
Joined
Jan 9, 2012
Messages
139
There it is. Information ending up in the hands of people that should not have it. And reading up, if personal data could be ex-filtrated from the hack, that's bad. I guess there could be other bits and pieces of info, perhaps even a copy of an ID or so? Thing is you can keep your data secure, but you have to supply data to some other parties, the University in this case. Do they keep it secure? No. So much data floating about, not only internationally, but also locally. A hackers wet dream. How many numpties re-use passwords?

Given enough bits and pieces of information on a party, I could become that party virtually speaking, none of his assistance required. So if I want to become MagicDude4Eva, I do not target MagicDude4Eva with phishing and social engineering as he'd be too savvy. No, I target his providers. Mission accomplished and hello, my name is MagicDude4Eva.
+ 1
 

SammyD

Expert Member
Joined
Jul 28, 2014
Messages
2,141
What does this achieve exactly? I can't see Uni Limpopo being a vessel for government corruption so even a bit of embarrassment achieves nothing.
 

ActivateD

Expert Member
Joined
Jun 7, 2004
Messages
1,356
What does this achieve exactly? I can't see Uni Limpopo being a vessel for government corruption so even a bit of embarrassment achieves nothing.
I guess it was a low hanging fruit. Shodan/Google with some clever search request will show you many government websites and servers that are vulnerable.
 

genetic

Honorary Master
Joined
Apr 26, 2008
Messages
28,913
What does this achieve exactly? I can't see Uni Limpopo being a vessel for government corruption so even a bit of embarrassment achieves nothing.
"Anonymous" is as thick as pig shyte. They can't even distinguish the difference between Africa being a continent and South Africa a country.

Asking what they plan to achieve is like asking them a simple math question. They aren't gonna get it right.
 
Top