Thursday, 4 December 2014

Facebook and Microsoft are attacked

Microsoft hacked with other Rwanda high profile domains against US military operations

The hacking group with the handle “The Hackers Army” has hijacked the Rwanda top level domains that includes Microsoft, Ibm, American Express, Aol, Bbc, Coca Cola, Coke, Discovery Channel, Fanta, Fedex, Mastercard, Nec, Nike, Norton, Orange, Philips, Qubee, Register and Rolls-roycee.

It’s not clear how this attack was carried out, but it may have involved compromising the system operated by the Rwanda NIC.

The hackers (THA) writes against US military operations on the deface page.

We are Back with destruction TO give a single message to the citizens of the world. The U.S Military has Killed, Maimed and Made Homeless over 20 Million people since Vietnam. More than 1000 People Killed in Pakistan in which 127 were Identified as Little children and this is just the Tip of the Ice Berg.Very few countries have violated as many Humanitarian Laws & Codes of War on Such a Large Scale Over such an Extended Period. The Vast Political Leverage of The U.S , The Rising Indifference of Media Coverage and the Alleged need of Secrecy for Matters of So Called National Security have Enabled one of the BLOODIEST history in 50 years. We are THA = The Hackers Army (The Voice of Oppressed)

List of Hijacked Domains:

Mirror: See more at:

Facebook hacked by Java Zero Day exploit

Facebook – a social networking giant with one billion active users said on Friday that it has been attacked by an unidentified group of hackers in January, fortunately no user information was compromised during the attack.
Facebook and Microsoft are attacked
What is really interesting is the level of sophistication of the malware based attack that eluded security defense, it compromised the developer’s website and infected the employee’s machine when visited it.

The laptops infected were fully-patched and running up-to-date anti-virus software occurrence that suggests attacker have exploited zero day vulnerabilities hosting an exploit on the web site.

The official statement reports:

“Facebook, like every significant internet service, is frequently targeted by those who want to disrupt or access our data and infrastructure. As such, we invest heavily in preventing, detecting, and responding to threats that target our infrastructure, and we never stop working to protect the people who use our service. The vast majority of the time, we are successful in preventing harm before it happens, and our security team works to quickly and effectively investigate and stop abuse.

Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day.”
Facebook confirmed no user data was compromised.

We have found no evidence that Facebook user data was compromised.
Facebook advisory confirmed that security teams of the company are very active in the fight to cyber threats thanks to an intense collaboration with law enforcement and security teams of other companies. The attacks seem to have exploited a zero-day Java software vulnerability well before the official announcement provided by Oracle company.

“After analyzing the compromised website where the attack originated, we found it was using a “zero-day” (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.”

The investigation are still ongoing as confirmed by Facebook

“We will continue to work with law enforcement and the other organizations and entities affected by this attack. It is in everyone’s interests for our industry to work together to prevent attacks such as these in the future.”

Facebook has a very managed bug bounty program which attracts Bug Bounty Hunter to participate in it and report vulnerabilities to facebook.

Previous Post
Next Post

post written by: