South African university website hacked by Anonymous

M

Maxson_N

Well-Known Member
Joined
Jun 23, 2011
Messages
202
The site was vulnerable to SQL injection since 2012.. I hacked into it back when I was a student there.. The site database had students records like names, student number, ID, course registered, etc.. But no academic records and other important stuff.. Hope this won't incriminate me..
 
M

mobber

Well-Known Member
Joined
Jan 9, 2012
Messages
139
Maxson_N said:
The site was vulnerable to SQL injection since 2012.. I hacked into it back when I was a student there.. The site database had students records like names, student number, ID, course registered, etc.. But no academic records and other important stuff.. Hope this won't incriminate me..
Click to expand...
Oh yeah it does. You just admitted on a public forum that you committed a crime, the Protection Of Information Act. At a State Institution nogal. Not that anybody cares. You do know that SAPS have a Cyber Crime Unit (not the usual ID10T's)? Don't be sorry, be careful. :D
 
Last edited:
LCBXX

LCBXX

Honorary Master
Joined
Apr 11, 2006
Messages
10,645
gregmcc said:
Those script kiddies at it again.
Click to expand...
And with that another weekend is ruined for sysadmins because of nothing more than embarrassment.

I am still not sure what this #"OpAfrica crusade" has yielded other than defaced websites. Naughty kids spraying graffiti on a wall behind a fence behave in the same way.
 
D

Duan

Senior Member
Joined
Jun 20, 2004
Messages
856
If they wanted to make a difference they should hack the bank accounts of the stealing politicians and donate the money to deserving NGOs who actually make a difference!

Defacing websites is a bit like burning schools.
 
MagicDude4Eva

MagicDude4Eva

Banned
Joined
Apr 2, 2008
Messages
6,479
mobber said:
Oh yeah it does. You just admitted on a public forum that you committed a crime, the Protection Of Information Act. At a State Institution nogal. Not that anybody cares. You do know that SAPS have a Cyber Crime Unit (not the usual ID10T's)? Don't be sorry, be careful. :D
Click to expand...
Not really a crime if you followed proper process. You do know that there is a whole industry of security experts and white-hat security experts out there who do nothing else than finding issues like this to protect the man on the street.

TBH - most of government websites developed by SITA and some of very well-known SA ICT companies have data leaked all over pastebin. I would rather be worried about the hacks and leaks you do not hear about (such as a popular local e-commerce leaking out 30,000 creditcard records onto Google last month - no one has heard about it).
 
D

DigitalSoldier

Honorary Master
Joined
Jul 27, 2003
Messages
10,182
As if the students or anyone else will be bothered by these hackers. Africans will see it as racism/imperialism/ 3rd force.

The people are aware of failings of the government but they still vote for the same government so how will this messages on websites do anything ? The people in Limpopo are not getting textbooks because of government failure, but the ANC has the most support in the Limpopo province.
 
AirWolf

AirWolf

Honorary Master
Joined
Aug 18, 2006
Messages
22,687
DigitalSoldier said:
As if the students or anyone else will be bothered by these hackers. Africans will see it as racism/imperialism/ 3rd force.

The people are aware of failings of the government but they still vote for the same government so how will this messages on websites do anything ? The people in Limpopo are not getting textbooks because of government failure, but the ANC has the most support in the Limpopo province.
Click to expand...
Keep the voting majority in the dark as far as possible and votes are secured for a long time.
 
M

mobber

Well-Known Member
Joined
Jan 9, 2012
Messages
139
MagicDude4Eva said:
Not really a crime if you followed proper process. You do know that there is a whole industry of security experts and white-hat security experts out there who do nothing else than finding issues like this to protect the man on the street.

TBH - most of government websites developed by SITA and some of very well-known SA ICT companies have data leaked all over pastebin. I would rather be worried about the hacks and leaks you do not hear about (such as a popular local e-commerce leaking out 30,000 creditcard records onto Google last month - no one has heard about it).
Click to expand...
Yes, of course I know that. He "hacked", by his own admission, into an account with personal info to which he was not privy. I also mentioned that nobody cares with a :D
 
Sollie

Sollie

Expert Member
Joined
Apr 20, 2005
Messages
4,546
MagicDude4Eva said:
I would rather be worried about the hacks and leaks you do not hear about (such as a popular local e-commerce leaking out 30,000 creditcard records onto Google last month - no one has heard about it).
Click to expand...
There it is. Information ending up in the hands of people that should not have it. And reading up, if personal data could be ex-filtrated from the hack, that's bad. I guess there could be other bits and pieces of info, perhaps even a copy of an ID or so? Thing is you can keep your data secure, but you have to supply data to some other parties, the University in this case. Do they keep it secure? No. So much data floating about, not only internationally, but also locally. A hackers wet dream. How many numpties re-use passwords?

Given enough bits and pieces of information on a party, I could become that party virtually speaking, none of his assistance required. So if I want to become MagicDude4Eva, I do not target MagicDude4Eva with phishing and social engineering as he'd be too savvy. No, I target his providers. Mission accomplished and hello, my name is MagicDude4Eva.
 
M

mobber

Well-Known Member
Joined
Jan 9, 2012
Messages
139
Sollie said:
There it is. Information ending up in the hands of people that should not have it. And reading up, if personal data could be ex-filtrated from the hack, that's bad. I guess there could be other bits and pieces of info, perhaps even a copy of an ID or so? Thing is you can keep your data secure, but you have to supply data to some other parties, the University in this case. Do they keep it secure? No. So much data floating about, not only internationally, but also locally. A hackers wet dream. How many numpties re-use passwords?

Given enough bits and pieces of information on a party, I could become that party virtually speaking, none of his assistance required. So if I want to become MagicDude4Eva, I do not target MagicDude4Eva with phishing and social engineering as he'd be too savvy. No, I target his providers. Mission accomplished and hello, my name is MagicDude4Eva.
Click to expand...
+ 1
 
S

SammyD

Expert Member
Joined
Jul 28, 2014
Messages
2,141
What does this achieve exactly? I can't see Uni Limpopo being a vessel for government corruption so even a bit of embarrassment achieves nothing.
 
ActivateD

ActivateD

Expert Member
Joined
Jun 7, 2004
Messages
1,356
SammyD said:
What does this achieve exactly? I can't see Uni Limpopo being a vessel for government corruption so even a bit of embarrassment achieves nothing.
Click to expand...
I guess it was a low hanging fruit. Shodan/Google with some clever search request will show you many government websites and servers that are vulnerable.
 
genetic

genetic

Honorary Master
Joined
Apr 26, 2008
Messages
28,913
SammyD said:
What does this achieve exactly? I can't see Uni Limpopo being a vessel for government corruption so even a bit of embarrassment achieves nothing.
Click to expand...
"Anonymous" is as thick as pig shyte. They can't even distinguish the difference between Africa being a continent and South Africa a country.

Asking what they plan to achieve is like asking them a simple math question. They aren't gonna get it right.
 
You must log in or register to reply here.
Top