Tunisian Cyber Army , the hacker group that targets Unite States, has claimed to have breached official website of the First National Bank of Mercersburg (www.fnbmbg.com).
The security breach is part of their ongoing operation called "#opBlackSummer". The hacker informed EHN about the breach with a vulnerable link.
The group has discovered a SQL injection vulnerability in the target website, managed to exploit the vulnerability and compromised the user data.
The team said they are able to retrieve only 3500 user data , they have decided to attack again for retrieving full database.
TCA claims that the stolen user data contains clear-text login credentials, birthday, email address, Social Security Number(SSN) and address details.
Tunisian Cyber Army is continuing their operation referred as "#OpBlackSummer" - an operation against United States. This time, they hacked into the United Parcel Service(UPS) website.
In an email sent to EHN, the hacker stated that they have exploit this vulnerability in Customized Express Envelopes sub-domain (customizedenvelopes.ups.com).
This time, hackers didn't provide the vulnerable link. They provide the login credentials of admin (username and plain-text password).
Hackers also included two attachments in the mail : ups.com.docx, UsersOrderDetails.xls. Those files contains the Customer information including Address, Name, Company, email address, username, phone number and other details.
As part of their ongoing operation against United States known as "#opBlackSummer", the Tunisian Cyber Army(TCA) and Al-Qaeda Electronic Army(AQEA) has breached the websites belong to US Telecommunication companies.
The hacker group has identified three SQL Injection vulnerabilities in AT&T sub-domains and one SQLi in Verizon website. The hackers provided the vulnerable links to EHN.
The hackers also attacked the the official website for the U.S. Small Business Administration(sba.gov), Merrimack County Savings Bank(mcsbnh.com), State Bank of Park Rapids(statebankofparkrapids.com).
The team exploited the vulnerabilities and compromised information such as User IDs, security question answers, passwords, addresses and email addresses.
XSS in FBI website
Speaking to EHN, the TCA said they exploited the xss vulnerability in FBI website by requesting the admin to open the crafted fbi site link. The hacker claimed that they got temporary access to their computer and downloaded some files about crimes and report.
At EHN, we can't assure that hackers claims about the data compromise are true but the vulnerability links provided by the hackers are valid one.
Al-Qaeda Electronic Army and Tunisian Army recently attacked several U.S. Government websites as part of their operation called "#opBlackSummer" - an operation against America.
Now the hackers took their operation to next level by launching cyber attack against Petroleum and Gas companies. Yesterday, EHN got notification that the Team breached the two U.S. Petroleum websites.
They identified the SQL Injection vulnerability in the websites belong to "Chevron Corporation(chevron.com) -an American multinational energy corporation " and "Oceaneering International, Inc(oceaneering.com)- a subsea engineering and applied technology company based in Houston, Texas, U.S.A.". We have verified the existence of the vulnerability.
The team managed to exploit this vulnerability and extracted sensitive data from the target databases. The hacker said to have compromised important data including email addresses, passwords, and 270 IP address belong to Companies' computers.
The hackers claim they will send these IP address details to their Chinese hackers team to do some malicious work.
TCA said this operation will continue till September. The hackers said they are planning to "give a great surprise for the USA" on 11th Septemebr (9/11), the date on which al-Qaeda hijacked four airliners and carried out suicide attacks against targets in the United States.
Following the Pentagon and State.gov security breach, the Tunisian Cyber Army and Al-Qaeda Electronic Army has attacked two more United States Government websites.
Today, they have targeted the U.S. customs and Border Protection (cbp.gov) and Office of Personnel Management (OPM.gov).
The team managed to extract the information from the target database by exploiting the critical SQL Injection vulnerability in those websites.
TCA team told EHN that they have compromised information such as username, encrypted passwords(they managed to crack), private emails.
In an email sent to E Hacking News, the hacker provided the vulnerable link of both websites. For a security reasons, we are not disclosing the links here.
The hack is part of the their ongoing operation called as "#OpBlackSummer", an operation against U.S. So far, they have hacked large number of websites and compromised data. The hacker said their next target is Gas and Petroleum companies.
Recently, EHN received a news report from Tunisian Cyber Army and Al Qaida Electronic Army in which the hackers claimed to have infected the Pentagon administrator, as part of their on going operation called "#opBlackSummer".
The attack was happened after hackers identified a reflected cross site scripting(XSS) vulnerability in one of the sub domain of Pentagon (g1arng.army.pentagon.mil).
POC:
g1arng.army.pentagon.mil/Programs/Pages/Default.aspx?Category="><script>alert("xss by tca and AQECA on pentagon")</script>
xss vulnerability
The hacker managed to exploit this vulnerability for sending malicious payload to the admin of Pentagon. Hackers claims that they got success in infecting them.
Hackers said they compromised some important file and steal cookies from the pentagon mail. The security breach was done with collaboration with Chinese hackers.
At the time of writing, the vulnerability is not fixed. If the TCA claim is true, then this one will be the best example that demonstrate the severity of simple reflected xss. Yesterday, i have sent notification to Pentagon team about the vulnerability but there is no response from them.
In another mail, the team said the have hacked the state.gov with SQL injection vulnerability.
Tunisian Cyber Army claimed to have breached CBN and AT&T websites by exploiting the SQL Injection vulnerabilities.
In an email sent to EHN, the hacker provided the screenshots along with the vulnerable link . Hacker recommended EHN not to publish the vulnerable links.
He claimed to have compromised 19,800 user details from the CBN website(CBN.com) - The Christian Broadcasting Network.
The hacker claimed that this is part of operation called "#opblucksummer", a hacking-operation against United States.
So far, the hackers hacked into American Express, Nasa and few other websites.
The Tunisian cyber army has claimed to have hacked a number of French websites. The hackers have breached the website belong to ministry of sport and jeunesse(drdjs-basse-normandie.jeunesse-sports.gouv.fr)
They have dumped the database in pastebin(pastebin.com/wSEfbSd9). The dump contains the vulnerable link, username, email address, hashed password. It includes the admin username and password.
The admin account is using very weak password, it is easy for hacker to crack. A simple Google search returns the password of admin.
The hacker also hacked french association of science economic website(afse.fr) and leaked the database(pastebin.com/fY68z7Eb). The leak contains username, email address, plain-text format passwords.
Recently, they have hacked into the france chamber of commerce(littoral-normand-picard.cci.fr) , french normal superior school website(archicubes.ens.fr) and leaked the database.
*Update*
The hacker claimed that they have hacked France Ministry of Development website and leaked the compromised database (pastebin.com/WVswJ820). It includes the username, password, email address details.
