The Unknowns

Last updated

The Unknowns is a self-proclaimed ethical hacking group that came to attention in May 2012 after exploiting weaknesses in the security of NASA, CIA, White House, the European Space Agency, Harvard University, Renault, the United States Military Joint Pathology Center, the Royal Thai Navy, and several ministries of defense. [1] The group posted their reasons for these attacks on the sites Anonpaste & Pastebin including a link to a compressed file which contained a lot of files obtained from the US Military sites they breached. The Unknowns claim "... our goal was never to harm anyone, we want to make this whole internet world more secured because, simply, it's not at all and we want to help." [2] The group claims to be ethical in their hacking activities, but nonetheless lifted internal documents from their victims, posting them online. They claim this was because they had reported the security holes to many of their victims, but did not receive a response back from any of them. The whole point was to show that these government-run sites have loopholes in their code and anyone can exploit them. The group used methods like advanced SQL injection to gain access to the victim websites. NASA and the ESA have both confirmed the attack. They claimed that the affected systems were taken offline and have since been patched. [3] At the time this was one of the most wanted hacking groups in Europe and also wanted by the FBI, although they refused to tell if they were investigating the hacks.

Contents

Members

The team had 6 not 7 core members: [4]

Jail

Zyklon B, who lives in France, was arrested by the French Intelligence Service on June 24, 2012. He was later released because he was just sixteen years old at the time. He has trials taking place in 2014 supposedly. [5] His life is related in a book written by his mother Sophie Léac L'histoire vraie d'un jeune hacker français (in October 2013) or the true story of a French teen-hacker. A second book is in preparation: Hack! There will be cyberwar!. [6]

Hacked websites and applications

The group has hacked many websites and applications using a series of different attacks. The most notable, however, being SQL injection. [7] There have been a lot of companies affected by the group, but some of the hacks even for big companies did not make the media (probably due to keeping the multi-country legal investigation a secret). However, the most notable hacks done by The Unknowns, mostly government related websites, did make mass media. [8] The group is still active, and the members are still working together, as they try to make the internet safer.

SQL injection attacks were used on the following: [7]

However they have used different attacks:

Abolished

The purpose of The Unknowns was to find security issues in high-profiled websites and to get them patched.[ citation needed ] The information from the hacked sites was released because The Unknowns attempted to make contact with all their targets informing them of the security issues, but they did not receive a response back from any of the websites targeted. Some data was leaked to force these websites to patch their systems.
After a period of hacking high-profile websites, The Unknown disbanded the group in 2012 but reunited it in the early 2015.[ citation needed ]

Related Research Articles

<span class="mw-page-title-main">SQL injection</span> Computer hacking technique

In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

Vulnerabilities are flaws in a computer system that weaken the overall security of the system.

A security hacker or security researcher is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers.

Watering hole is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected. Hacks looking for specific information may only attack users coming from a specific IP address. This also makes the hacks harder to detect and research. The name is derived from predators in the natural world, who wait for an opportunity to attack their prey near watering holes.

<span class="mw-page-title-main">HackThisSite</span> Organization

HackThisSite.org, commonly referred to as HTS, is an online hacking and security website founded by Jeremy Hammond. The site is maintained by members of the community after he left the organization. It aims to provide users with a way to learn and practice basic and advanced "hacking" skills through a series of challenges in a safe and legal environment. The organization has a user base of over a million, though the number of active members is believed to be much lower. The most users online at the same time was 19,950 on February 5, 2018 at 2:46 a.m.CT.

A zero-day is a vulnerability in software or hardware that is typically unknown to the vendor and for which no patch or other fix is available. The vendor has zero days to prepare a patch as the vulnerability has already been described or exploited.

Operation Aurora was a series of cyber attacks performed by advanced persistent threats such as the Elderwood Group based in Beijing, China, with associations with the People's Liberation Army. First disclosed publicly by Google on January 12, 2010, by a weblog post, the attacks began in mid-2009 and continued through December 2009.

A vulnerability database (VDB) is a platform aimed at collecting, maintaining, and disseminating information about discovered computer security vulnerabilities. The database will customarily describe the identified vulnerability, assess the potential impact on affected systems, and any workarounds or updates to mitigate the issue. A VDB will assign a unique identifier to each vulnerability cataloged such as a number or alphanumeric designation. Information in the database can be made available via web pages, exports, or API. A VDB can provide the information for free, for pay, or a combination thereof.

<span class="mw-page-title-main">LulzSec</span> Hacker group

LulzSec was a black hat computer hacking group that claimed responsibility for several high profile attacks, including the compromise of user accounts from PlayStation Network in 2011. The group also claimed responsibility for taking the CIA website offline. Some security professionals have commented that LulzSec has drawn attention to insecure systems and the dangers of password reuse. It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. One of the founders of LulzSec was computer security specialist Hector Monsegur, who used the online moniker Sabu. He later helped law enforcement track down other members of the organization as part of a plea deal. At least four associates of LulzSec were arrested in March 2012 as part of this investigation. Prior, British authorities had announced the arrests of two teenagers they alleged were LulzSec members, going by the pseudonyms T-flow and Topiary.

Teamp0ison was a computer security research group consisting of 3 to 5 core members. The group gained notoriety in 2011/2012 for its blackhat hacking activities, which included attacks on the United Nations, NASA, NATO, Facebook, Minecraft Pocket Edition Forums, and several other large corporations and government entities. TeaMp0isoN disbanded in 2012 following the arrests of some of its core members, "TriCk", and "MLT".

<span class="mw-page-title-main">Operation AntiSec</span> Series of cyberattacks conducted by Anonymous and LulzSec

Operation Anti-Security, also referred to as Operation AntiSec or #AntiSec, is a series of hacking attacks performed by members of the hacking group LulzSec and Anonymous, and others inspired by the announcement of the operation. LulzSec performed the earliest attacks of the operation, with the first against the Serious Organised Crime Agency on 20 June 2011. Soon after, the group released information taken from the servers of the Arizona Department of Public Safety; Anonymous would later release information from the same agency two more times. An offshoot of the group calling themselves LulzSecBrazil launched attacks on numerous websites belonging to the Government of Brazil and the energy company Petrobras. LulzSec claimed to retire as a group, but on 18 July, they reconvened to hack into the websites of British newspapers The Sun and The Times, posting a fake news story of the death of the publication's owner Rupert Murdoch.

Răzvan Manole Cernăianu, nicknamed "TinKode", is a Romanian computer security consultant and hacker, known for gaining unauthorized access to computer systems of many different organizations, and posting proof of his exploits online. He commonly hacks high-profile websites that have SQL injection vulnerabilities, although unknown methods were used in his most recent attacks. Other aliases included sysgh0st.

In July 2012, Yahoo Voice, a user-generated content platform owned by Yahoo, suffered a major data breach. On July 11, 2012, a hacking group calling itself "D33DS Company" posted a file online containing approximately 450,000 login credentials and passwords from Yahoo Voice users. The data was obtained through a SQL injection attack that exploited vulnerabilities in Yahoo's database servers.

<span class="mw-page-title-main">Wargame (hacking)</span> Cyber-security challenge and mind sport in hacking

In hacking, a wargame is a cyber-security challenge and mind sport in which the competitors must exploit or defend a vulnerability in a system or application, and/or gain or prevent access to a computer system.

<span class="mw-page-title-main">NullCrew</span>

NullCrew was a hacktivist group founded in 2012 that took responsibility for multiple high-profile computer attacks against corporations, educational institutions, and government agencies.

Cyberweapons are commonly defined as malware agents employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce malicious code into existing software, causing a computer to perform actions or processes unintended by its operator.

<span class="mw-page-title-main">DB Networks</span>

DB Networks is a privately held Information Security company founded in the United States The company is headquartered in San Diego, California, and its regional offices are located in Palo Alto, California and Seattle, Washington.

<span class="mw-page-title-main">Benjamin Kunz Mejri</span> German IT security specialist and penetration tester

Benjamin Kunz Mejri is a German IT security specialist and penetration tester. His areas of research include vulnerabilities in computer systems, bug bounties, the security of e-payment payment services and privacy protection. Mejri is known for uncovering new zero-day vulnerabilities and making them transparent to the public.

A threat actor, bad actor or malicious actor is either a person or a group of people that take part in an action that is intended to cause harm to the cyber realm including: computers, devices, systems, or networks. The term is typically used to describe individuals or groups that perform malicious acts against a person or an organization of any type or size. Threat actors engage in cyber related offenses to exploit open vulnerabilities and disrupt operations. Threat actors have different educational backgrounds, skills, and resources. The frequency and classification of cyber attacks changes rapidly. The background of threat actors helps dictate who they target, how they attack, and what information they seek. There are a number of threat actors including: cyber criminals, nation-state actors, ideologues, thrill seekers/trolls, insiders, and competitors. These threat actors all have distinct motivations, techniques, targets, and uses of stolen data. See Advanced persistent threats for a list of identified threat actors.

The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016. They published several leaks containing hacking tools, including several zero-day exploits, from the "Equation Group" who are widely suspected to be a branch of the National Security Agency (NSA) of the United States. Specifically, these exploits and vulnerabilities targeted enterprise firewalls, antivirus software, and Microsoft products. The Shadow Brokers originally attributed the leaks to the Equation Group threat actor, who have been tied to the NSA's Tailored Access Operations unit.

References

List of hacked websites/companies

  1. "NASA, ESA confirm they were hacked by 'The Unknowns'". NBC News . May 7, 2012. Retrieved May 7, 2012.[ dead link ]
  2. "The Unknowns Pastebin post" . Retrieved May 7, 2012.
  3. "NASA, ESA confirm hacks; The Unknowns says systems patched". ZDNet . Archived from the original on May 8, 2012. Retrieved May 7, 2012.
  4. "An article about the group" . Retrieved January 18, 2014.
  5. "Zyklon B claiming to have been arrested" . Retrieved January 10, 2014.
  6. "WordPress.com". WordPress.com.
  7. 1 2 "A news article talking about the use of SQL injection attacks". May 4, 2012. Retrieved January 10, 2014.
  8. "A news article about the group by ABC". ABC News . Retrieved January 10, 2014.
  9. "A news article talking about UK police servers getting hacked by The Unknowns" . Retrieved January 10, 2014.