At the beginning of the month, the Internet community was in uproar over the move to block file hosting sites, like The Pirate Bay and even video sharing website, Vimeo. It is widely believed that Reliance Entertainment had secured a John Doe court order for their upcoming release, Dangerous Ishhq. This prompted many Internet service providers to block these bittorent sites to combat piracy. The news of the blockage has left many users perturbed, but without much of a say other than posting messages on Twitter or Facebook. However, two individuals with the know-how of the issue planned and did something about it. A hacker, who goes by the name Isac, and his friend hackthis29 attacked the major Internet service provider Reliance. In a detailed explanation to Softpedia, Isac stated his motives behind the hack of Reliance.
As per the report, Isac informed Softpedia that he had seen Reliance block a range of websites, including Pastebin. So, he decided to do something about it by checking out the security measures of Reliance. He said, “So about a week ago I had the tried accessing pastebin.com and it was also blocked. That was the last straw so I hacked into the netsweeper panel [of Reliance] that is really, really vulnerable. I did it in like 5min's tops and had obtained full permissions to add any URL to the block list and modify the error pages.” The website went on to explain by giving an example that a hacker could add google.com to a deny list and attribute it with a custom error page. In turn, this page will be designed to replicate a site that is authentic, but will have a malicious code concealed within in.
Reliance susceptible to hacks
Isac went on to state that this attack could be upscaled for a range of purposes and that depends on the motives of the hacker. He said that one could add within the site a fake pop-up requesting the user to install an update that could depend upon the vulnerabilities in components, such as Java to download malware. However, in doing so, the customers of Reliance could be affected in the process as well. The report states, “The hacker claims that he has no intention of causing any damage, his single purpose being to demonstrate that while Reliance is committing an abuse, the company doesn’t even bother to ensure that its systems are safe.”
Isac points out that while poking around; he discovered many holes that could allow any cyber criminal to affect the computers of Reliance users. He explains his concern by stating, “How can such a huge telecom like Reliance be so careless about their customers? I want to show that Reliance is doing something that is totally unjustifiable and it’s only thinking about the profit to the company when they are doing this, as many people use vimeo.com and other file sharing sites for other purposes than illegal file sharing. I also want to raise the question of the legality of such a block and to show how pathetic the security they use to implement these blocks is. “
Isac goes on to state that by using this Zero-day flaw, it is not only Reliance that can get affected, but other service providers as well. He categorically states that he has no malicious intent and proposes a fix for this, by stating, “The only fix that I can suggest for now that will not affect the system is to use longer passwords so the password hashes cannot be cracked, and to remove the other default users and change the password of the root SQL user that most netsweeper systems have by default.” But this is only a work around fix and the company is the only one that can permanently fix this issue.
Published Date: May 18, 2012 10:16 am | Updated Date: May 18, 2012 10:16 am