Who Hacked Mahamevnawa? Who Are The Algerian DZ Hackers? All Explained

If you don’t know already, the popular Buddhist website Mahamevnawa (Mahamevnawa.lk) was hacked and defaced by a group of Algerian Hackers calling themselves H4ck Dz Team. You can read the gossip9 article about the hack here (unfortunately I couldn’t find an English version of the news)

Because, this is an attack against an innocent but popular website in Sri Lanka we decided to look in to it to see who these people are. If you don’t know who these people are just Google the term “H4ck Dz Team”and you will see the hacks and the defacements they’ve done in the past.

So I’m going to tell you what I found,

I went through the comments of the Gossip9 article, on the comments someone has found and posted a link to “H4ck Dz Team” hackers’ Facebook page : https://www.facebook.com/H4ck.Dz.Team

Then looking at the search results of the “H4ck Dz Team” and going through the defacements you can see that he used to call himself “nO lov3” as well as “H4ck Dz Team”. And in some of the defacements there is an email address for contacting “H4ck Dz Team” : nolove49@gmail.com.

If you look at Facebook the email address nolove49@gmail.com is used to register a Facebook profile : https://www.facebook.com/soufain.dz.

But obviously this can’t be a real profile. So I looked on and found some few things which I won’t say what right now, but then I came to a dead end.

So I showed what I found to my good friend which I call him “V”, and he somehow found and gave me the website of H4ck Dz Team” : http://dz-team.biz.

DZ-Team.biz is a hacking forum that is being run by H4ck Dz Team“, looking at the whois info of dz-tam.biz won’t give that much info. But if you reverse ip the dz-team.biz you can see that only 7 websites are hosted on the ip that has dz-team.biz : http://www.ewhois.com/dz-team.biz/

They are,

dz-team.biz
al-daa.com
dz-mafia.net
atddz.com
rahahbb.com
mahdiadz.com
2algeria.org

dz-team.biz and dz-mafia.net belongs to the H4ck Dz Team Hackers. But because so little amount of websites are hosted at this IP and all of these websites being Algerian there is a stong possibility that all these websites are hosted under the same account.

Now, because the hackers that we are looking for are Algerian I first checked the 2algeria.org website. The website uses Adsense and Google Analytics. The same Google Analytics ID and Adsence ID is being used on 3 websites. Which means the 3 websites use the same Google account for Google Analytics and Google Adsence.

There can be more websites using the same Google Analytics and Google Adsence ID.

The Google Analytics ID is : UA-3582164
The Google Adsence ID is : pub-7586127814300842

The 3 websites using the same Analytics and Adsence IDs are :

2algeria.com
2algeria.org
DZWORLD.INFO

The same person who owns the DZWORLD.INFO also owns DZWORLD.NET and DZWORLD.ORG. So many DZs repeating over and over again and belonging to the same person, is this a coincidence?

Because DZWORLD.INFO and 2Algeria.org uses same Google account for Analytics, they should belong to the same person although their whois information are different.

So if you look at the 2Algeria.org who is info it looks like this,

So khadir ben youcef owns DZWORLD.ORG, DZWORLD.NET and DZWORLD.INFO. If you look at the websites that are hosted at the ip of dz-team.biz all the websites other than dz-team.biz and dz-mafia.net are registered under the same name khadir ben youcef or has some connection to that name.

Looking at the email you will find so many domains registered under the name and the email : khadir ben youcef ,khadir_khadda@hotmail.com.

I found nearly 20 domains registered under the same name and email, there can be more.

The email : khadir_khadda@hotmail.com is used to register the https://www.facebook.com/benyoucef.khadir

Googling khadir ben youcef you will find this Facebook profile : https://www.facebook.com/khadda

The email khadir_khadda@hotmail.com, which is used to register all the domains appear in his contact information of that Facebook profile (https://www.facebook.com/khadda) , and khadir ben youcef also lives in Algeria the same country where DZ Hackers are from.

Looking at the LinkedIn profile of khadir ben youcef you can see that his occupation is Information Technology and Services so he has the technical knowledge to do such hacking.

So looking at all these things we can come to a conclusion that khadir ben youcef is Hack DZ team member of n0 l0ve hacker, and according to @ipv10, this https://www.facebook.com/khadda is also a fake profile and the real people behind it are the so called “brothers” of the https://www.facebook.com/khadda Facebook profile, which is also a possibility because there are no photos of that person in real life.

So the final conclusion

So the final conclusion is that H4ck Dz Team consist of,

Ben Youcef Khadir aka khadir ben youcef

Facebook : https://www.facebook.com/khadda
Twitter : @dzworld
Gmail : khadirbenyoucef@gmail.com
Skype : khadir_khadda
Live mail : khadir_khadda@hotmail.com

Yakoub Khadir

 

 

 

 

 

 

 

 

Facebook : https://www.facebook.com/yakoub.khadir
Google Plus : https://plus.google.com/104249732338023001842/about

On his Facebook profile and Google + profile he lists 2algeria.org as his website. Which is registered under the name of khadir ben youcef.

Khadir Kamel

 

 

 

 

 

 

Facebook : https://www.facebook.com/CaPiTaiNeDz
Twitter : twitter.com/CaPiTaiNeDz

In his Facebook profile cover picture says his website is dziso.com,  that website too is registered under the name of Ben Youcef Khadir aka khadir ben youcef.

 

 

 

 

 

 

 

 

And also in his Facebook profile it says that his email is khadirdz@gmail.com however the Facebook profile that is registered under that email is a female profile called “Jojo Imily” (https://www.facebook.com/profile.php?id=100002768720690)

I think nearly 100 domain names (both active and inactive) are shared between these 3 and registered under different email address. A typical thing for hackers who use stolen credit card information to register domains on the internet.

Some of the emails that they’ve used to register domain names include,

elchoroukhost.net@gmail.com
cyberbellia@gmail.com
algerie@hotmail.com.tr

Advertisements

Things To Be Expected On Facebook.

Facebook is in a period of change where, where they are going to add new features and the highly expected app center.

Today when I logged in to Facebook, I found this unusual icon in the side bar called “Connection Search”, it’s actually a way of finding friends like “Contact search”, so when I clicked on the Connection search icon this page appeared. Click to see the large image.

Facebook connection search, a thing to expect?

So is this a something to expect on Facebook? I asked some of my friends and no one has ever seen something called “Connection Search” before.Sadly the feature is still not available for me.

The other interesting thing here is the Tweet button. I think this is the first time, we’ve seen an actual Tweet button on a main Facebook page.

Facebook is also about to roll something new features called “Trending Videos”, where they are going to put popular public videos on Facebook. Just like what’s hot on Google Plus.

I’ll put a screen cap, when I see “Trending Videos” on my timeline.

The Facebook App Center will look like this :

Facebook AppCenter

#SMDayCMB The Hashtag That Made Me Lugh Hard.

If you don’t know (like I didn’t know until 5 P.M yesterday, when a friend of mine asked me whether I was at the Mashable Social Media Day), there was something called Mashable Social Media Day at Excel World, Colombo. I don’t know what happened, whatever happened I guess it’s about social media.

And the hash tag for the event was #SMDayCMB, and when I logged into Twitter at 11 PM and checked some of the tweets, they were like this :

And I was thinking this,

http://twitter.com/RukshanR/status/219121987862278144

http://twitter.com/ipv10/status/219123263199117313

If you don’t know Twitter started rolling a feature called Tailored Tweets, where trends are made according to your location, the websites you frequently visit and the tweets you make.

And it didn’t appear tonight, it was rolled 2 3 weeks back by Twitter.

There are no such thing as word wide trends, you can get the world-wide trends if you opt out from tailored trends.

I think the best thing for all the people to do is to know more about what’s happening in social media, rather than “troll” in for a social media day. Thanks for making us (me and @ivp10) laugh hard. I’m so rude.

PS : At least please read More Mashable, before going to their events.

http://twitter.com/RukshanR/status/219132370710827009

Why People Need To Stay Away From Cyber-Vigilantes.

Yesterday I came across this post “We don‚Äôt need cyber-vigilante¬†justice“, which is must read for people who want to become hackers or cyber-vigilantes and why people shouldn’t be like that. Being a cyber vigilante to show that you are a l33t hacker is one not good idea, but joining and making partnerships with equally not a food idea.

One way or another, all these cyber vigilantes are criminals, just like our ordinary day-to-day criminals but these people live online. However the unfortunate thing is these vigilantes gather followers, and these followers try to make their own way towards e-fame either by hacking of helping these vigilantes of their work. I guess it’s not like a gang but like a cult.

Anonymous has their own set of followers, LulzSec had their own followers, Jester has his own set of loyal fans. May be these vigilantes like this e-fame, anyway most of these followers are ordinary hackers or, just another scrip kiddies. When they follow these vigilantes and try to show they are also l33t, the end result is them making more havoc by hacking  websites, disrupting services and posting personal information on the internet and in the end getting caught.

If you look at Anonymous, they grew up to a point where Anonymous became a cancer to the internet, some of these Anonymous were elite hackers hacking big websites. Anonymous became famous and later Anonymous gathered followers that were no more than script kiddies that started hacking, defacing every small website that comes in their way.

Finally what happened is that most of the top members of the Anonymous got arrested and, most of the followers inevitably got arrested or either got their personal information exposed or posted on the internet. Even we had our own AnonymousLK and we had the utmost pleasure of exposing them.

It’s not just Anonymous and LulzSec, even people who are supporting the so-called “patriotic” hacker Jester has also suffered when their personal information published on the internet, and recently the websites that Jester supports like the Wounded Warrior Project was also brought down, and personal information of LeRes was published online by the UGNazi hackers who are against Jester.

The best thing is not to take sides, not to support people like Anonymous, and people like Jester who is “hacktivist for good”. There is no such thing as hacktivist for good. It’s illegal and there is no difference between Anonymous type hackers. Helping cyber vigilantes is same as helping everyday crooks, you never know when you’ll get in to trouble thanks to them.

So people need to think twice about becoming online vigilantes or taking their sides. Not only the people who are being targeted by the vigilantes are affected, but also people who take sides are also affected in the cat fights between hacktivists. Stay safe.

“The law of celestial mechanics dictate that when two objects collide there is always damage of a collateral nature”

What LinkedIn, Last Fm, eHarmony Hacking Tell Us.

If you are following what’s happening on the internet¬†recently you might have seen that LinkedIn, Last Fm, and online dating website eHarmony were hacked and millions of passwords were posted online.

Last Fm Hack : nakedsecurity.sophos.com/2012/06/07/last-fm-password

LinkedIn Hack : nakedsecurity.sophos.com/2012/06/06/millions-of-linkedin-passwords-reportedly-leaked-take-action-now

eHarmony Hack : nakedsecurity.sophos.com/2012/06/07/eharmony-passwords-stolen

I’m not going to talk about the hacking incidents, you can get all the information you need from the above links. I’m going to talk more about what we should learn from that.

These events post questions about the security of the websites where people give their personal information, pictures and messages. People really need to think twice before giving all of their personal¬†information to websites, posting their pictures online etc. Because, as these hacking incidents show even the best of the websites are vulnerable and you can’t be 100% sure that your information will be secure forever.

Some might argue that the cloud is more secure than having data on your computer, however if you keep your systems up to date, and your data encrypted I think your computer is pretty safer than the cloud, even the most secure method of two factor authentication was bypassed because of a security flaw in Google to gain access to the emails of CloudFlare CEO and gaining access to CloudFlare user data and changing the DNS information of 4Chan.

If you look at the passwords of LinkedIn, (not sure about the passwords of Last Fm and eHarmony) you can see how insecure the biggest websites on the internet can be.

If you look at LinkedIn, the¬†passwords¬†they stored were not salted. Salting is adding a random string to the password before it’s being hashed, so even the same password will have a different hash due to the random string. As a result of LinkedIn not salting their passwords 60% of passwords that were released online were cracked within 24 hours.

So if you have a website that stores passwords it’s a must to salt the passwords before hashing and use a strong hashing method like SHA-1 because MD-5 is now considered to be outdated.

If you are a LinkedIn, Last Fm or an eHarmony user :

  • You need to change your passwords quickly
  • If you are using the same password for other accounts you need to change them too.
  • Make sure you use two factor authentication if it is available. Two factor authentication is available on Facebook, Google etc.

 

Staying Frosty On Facebook.

We say we’re living in a digital world and how people are connected¬†through the internet more than ever. However, when it comes to using social networking most people are still very primitive. The latest addition to this came yesterday when a teacher was blackmailed on Facebook into sex by the suspect who befriended her on Facebook (News Here).

I think the reason for people to act differently online than in real life is a very complex one, social networking has only been here for like 10 years and most people on Facebook have been there¬†since¬†2008 or later so most probably they’ve been social networking for only 4 years or less. It’s a new thing for all human beings and people have failed to understand the¬†differences¬†and similarities in real life and life online.

  • What makes people not to share their photos with everyone in real life while sharing them with everyone in the world on Facebook?
  • What makes people not be friendly and talk with¬†strangers¬†in real life while people accept every friend request on Facebook¬†without¬†even knowing that person exist in real life?and believe what they say.
  • What makes people not to share their private¬†information¬†in real life while they share everything what comes to their mind on Twitter?
Some good comments on the article¬†“Teacher blackmailed into sex on Facebook” :¬†

I think people, specially children needed to be¬†taught¬†how to be safe on social networking and internet safety¬†practices¬†before they starting to use internet as we do with other things in real life. However, the¬†fascinating¬†thing is because internet and social networking has been there for a very short time it’s a new thing even for parents, and parents themselves don’t know how to be safe when it comes to being online.

I think I was lucky in that way¬†because¬†I started learning about computers and internet when I was 10 (I didn’t have my own computer, I got my first when I was 12) and I read the news and stories about how people got into trouble thanks to the internet. And when I got my own internet connection in 2010 when I was 20, I know how to protect myself on the internet and for me so far so good.

Being blackmailed into sex on Facebook is not the only thing that can happen to a person, there is an increasing trend where beautiful photos of girls are being posted on popular forums and sometimes even on porn forums, which can affect you for the rest of your life. These photos are then being used by other people in making fake profiles under fake names.

It’s amazingly simple for a fake profile on Facebook to get information from someone that they normally don’t share in real life, from mobile numbers to¬†personal¬†stories. Specially if you use a female profile it’s really easy to get information from both males and females alike.

This video on from Tom Ryan shows how easily how got access to military classifid information by using a fake profile called Robin Sage  : Tom Ryan | Palantir Technologies

There is another danger that you don’t understand in adding unknown people on Facebook. You can hack ANY, YES ANY Facebook account, if you can add 3 profiles in to your target profile.¬†I won’t going to reveal the process, but trust me it’s very simple to hack any Facebook profile if you can slip 3 friends.

How to stay safe : 

  • Try to stay anonymous as¬†possible, don’t even give your real date of birth to Facebook, Facebook only need it to confirm you are above the age to have a Facebook account.
  • Don’t add unknown people on Facebook, if you do make sure they don’t see personal stuff you post on Facebook.
  • Always use two factor authentication, so it’ll make your Facebook account almost always bullet proof. You can activate two factor authentication from the security settings on Facebook.
  • Don’t post any photos of you on Facebook, and it’s better to not to let others take photos of you if they are going to post them on Facebook.
  • And¬†importantly¬†learn how to be safe online before you jump into it.

Flame, Another Weapon of Industrial Cyber Warfare.

My Twitter Timeline is full news about the discovery of the malware called Flame, which was found mainly in Iran and some other middle east countries. This is also another malware targeting particular countries and used for espionage which has some unique features that separates it from other malware like Stuxnet, and Duqu and some features that resembles them.

  • It is a backdoor virus, a trojan virus and also a worm combined, it spreads mainly via USB devices and through networks.
  • It has a complete malware, it can record audio from the mic of the computer, take screenshots and also log key presses and send them to the command and control center.¬†Although there have been malware with such features this is the first ¬†malware to have all these features.
  • Flame malware is large which is 20mb, where most of the malware that are found these days are mostly smaller in size.
  • The malware is highly complex, it has multiple compression and encryption¬†methods¬†to be used for the data sending to the command and control servers.

According to researchers it has some features common to Stuxnet, which targeted nuclear power plants of Iran, Flame is also used for industrial espionage and use the same vulnerability in Windows to infect. This is another example for cyber attacks targeting governments and high-profile targets of countries.

It’s not hard for one to¬†imagine¬†that an average person or a group, because :

  • An average coder or a group can’t create malware with such complexity. It requires a group of highly talented group of people¬†specialized¬†in designing¬†such malware which only very few¬†countries¬†in the world possess.
  • An average person or a group has no need of such a malware to spy on Iran and other Middle Eastern countries other than another country who are keen to keep an eye on Middle East, and only few¬†countries have talent to build such a malware,¬†like US,¬†Israel or China who are famous for its hacking capabilities.

As this article from Reuters points out,

It is the most complex piece of malicious software discovered to date, said Kaspersky Lab security senior researcher Roel Schouwenberg, whose company discovered the virus. The results of the Lab’s work were made available on Monday.

According to Kaspersky the Flame malware has gone undetected for five years which is a pretty long time and if someone or a country can build such a tool five years ago. One can imagine how complex these industrial malware have evolved now, and the tech skills of the builders of Flame could have achived by now.

This also makes a question that how many unknown cyber operations are currently out there happening around the world done by countries, and cyber capabilities of other countries. Because, malware like Duqu, Stuxnet are not malware that are not made and being used by ordinary hackers. According to my friend @ipv10 who is a web researcher herself looking at the distribution and capabilities required to build such a malware the origin of the malware should be non other than USA.

If you are skeptic about cyber warfare, it has already begun. And when other countries are moving fast in the direction of arming themselves with cyber weapons inducing India, all we are doing is hunting perverts on Facebook, time for us to move on improving out cyber capabilities.

You can read Kaspersky’s blog post of¬†comprehensive¬†explanation of Flame malware :¬†http://www.securelist.com/en/blog/208193522/The_Flame_Questions_and_Answers