Monday, August 22, 2011

GEMA hacked by anonymous



The GEMA (A german music copyright watchdog) has been hacked a few hours ago by @THE_SENQU / @AnonyPwnies




Several hours the website has been defaced with a Youtube apology screen, like we have seen many times before. (Sorry, this song... etc.)

It says:
"Sorry, this page isn't (not only) available in germany, because it could link to a company for which ANONYMOUS didn't release the necessary "freedom rights". We are sorry. NOT!"

The hackers released a ~17 MB (~350 MB unzipped) SQL-Dump file @ multiple OCHs.
Pic related.
( dump_p-www-direkt.gema.de_interP1_16-07-2011-05-53-34.rar )



Funny about this:
Over one month ago, a unkown person attacked the gema.de website successfully. (SQL Injection).
He released some user names and passwords. Pastebin


Last night all GEMA printers had been attacked, too. The attackers changed / set a random password. "Have fun, setting up the printers. But please use a password this time!"


Right now ( ~16:30) it's still defaced. Or to be more precise it's routed to a HTML-Pastebin ( http://pastehtml.com/view/b4pzxvn2x.html )


"The hackers claim to have stolen a massive amount of GEMA data"
computer.t-online.de


Background music: "Portal - Credits song 'Still alive' http://www.youtube.com/v/Y6ljFaKRTrI

"The GEMA is an association, which represents the copyright musicians and songwriters."
So a translation states. In fact, the GEMA is more like a surveillance agency with shady (nearly gestapo-like) methods to find and bring down potential copyright violaters.


Inside GEMA







Update:

17:22 - The battle still continues..
Sometimes the visitors are redirected to the pasteHTML page, sometimes they just get a "503 - service temporary unavailable" message.
The gema IT "experts" managed to put the website back on 5 times, but without solving the security issue.

Link GEMA Statement


17:40 - Video message released / fifth defacement.

Translation:
We are anonymous. Since you didn't follow our last call we are forced to attack your website. Have a nice day. P.S.: IF the admins would spent more time with security then with WoW (World of Warcraft) this attack possibly wouldn't be that effective. thanks for your support!
http://www.youtube.com/watch?v=Kq4R0Bv6xws
Video:




23:17 - Hack "documentation"

It all started with a SQL Injection vulnerability and went to #root on XX virtual machines.
Sometimes the password was the username, sometimes it was just "bla" (Webserver)
UserDump


Big "documentation" picture:

http://img7.imagebanana.com/img/w4ro8rt2/gemahack2.png

Links:

Internal NMap Scans
http://pastebin.com/KNYP6J0f
http://pastebin.com/vD2Rc4CB