The GEMA (A german music copyright watchdog) has been hacked a few hours ago by @THE_SENQU / @AnonyPwnies
Several hours the website has been defaced with a Youtube apology screen, like we have seen many times before. (Sorry, this song... etc.)
It says:
"Sorry, this page isn't (not only) available in germany, because it could link to a company for which ANONYMOUS didn't release the necessary "freedom rights". We are sorry. NOT!"
The hackers released a ~17 MB (~350 MB unzipped) SQL-Dump file @ multiple OCHs.
Pic related.
( dump_p-www-direkt.gema.de_interP1_16-07-2011-05-53-34.rar )
Funny about this:
Over one month ago, a unkown person attacked the gema.de website successfully. (SQL Injection).
He released some user names and passwords. Pastebin
Last night all GEMA printers had been attacked, too. The attackers changed / set a random password. "Have fun, setting up the printers. But please use a password this time!"
Right now ( ~16:30) it's still defaced. Or to be more precise it's routed to a HTML-Pastebin ( http://pastehtml.com/view/b4pzxvn2x.html )
"The hackers claim to have stolen a massive amount of GEMA data"
computer.t-online.de
Background music: "Portal - Credits song 'Still alive' http://www.youtube.com/v/Y6ljFaKRTrI
"The GEMA is an association, which represents the copyright musicians and songwriters."
So a translation states. In fact, the GEMA is more like a surveillance agency with shady (nearly gestapo-like) methods to find and bring down potential copyright violaters.
Inside GEMA
Update:
17:22 - The battle still continues..
Sometimes the visitors are redirected to the pasteHTML page, sometimes they just get a "503 - service temporary unavailable" message.
The gema IT "experts" managed to put the website back on 5 times, but without solving the security issue.
Link GEMA Statement
17:40 - Video message released / fifth defacement.
Translation:
We are anonymous. Since you didn't follow our last call we are forced to attack your website. Have a nice day. P.S.: IF the admins would spent more time with security then with WoW (World of Warcraft) this attack possibly wouldn't be that effective. thanks for your support!Video:
http://www.youtube.com/watch?v=Kq4R0Bv6xws
23:17 - Hack "documentation"
It all started with a SQL Injection vulnerability and went to #root on XX virtual machines.
Sometimes the password was the username, sometimes it was just "bla" (Webserver)
UserDump
Big "documentation" picture:
http://img7.imagebanana.com/img/w4ro8rt2/gemahack2.png
Links:
Internal NMap Scans
http://pastebin.com/KNYP6J0f
http://pastebin.com/vD2Rc4CB