Defence.pk Gets Hacked, 38K Members Data at Risk

Defence.PK, one of the largest and most active Pakistani forum on internet, reportedly got hacked earlier today by an independent Indian hacker.

Hacker claims that he has got access to main database of defence.pk and a 2 GB file has been dumped and saved with him. He aims to release the whole dump, that contains user information of some 38,000 members, sometime later.

Named as pr0tect0r or also known as mrNRG is an independent hacker. He revealed on a hacker forum that he hacked the forum not as part of any group or in response to anything. His main motive behind hacking the forum was a vulnerability he found in the website.

He writes:

mirrors:-
http://www.zone-h.org/mirror/id/14686416
http://legend-h.org/mirror/205827/defenc…anced.html

mysql database of 2gb dumped :O

I’ll leak the details 38k users over my twitter page :P No Cyber War here!! Just another vulnerable site which needs to be notified

We reached out to defence.pk to find out their version of story, however, we are yet to get any response from them.

Here is the Zone-H mirror of defaced page: http://www.zone-h.org/mirror/id/14686416

defence.pk


  • USMAN

    So PAKCYBERARMY is preparing for it’s defence:P

    • Saad malik

      they can’t do much… they just hack sites of no importance…. they are script kiddies in real sense.

      • 786

        lol you call this site of importance. This site deals top army discussion and most probably army officials also visits them.

        • 786

          correction of my above post “no importance”

          • Saad malik

            when did i say defence.pk is of no importance??? i said PCA guys can’t hack any important indian site.

  • Saad malik

    to hell with defence.pk admin… he was running such a big forum and couldn’t hire a security professional

    • Faisal

      Bhai sahab security professional ko pay ap karain gay kya ???? website main yeh sab issues ho jatay hain koi aisa masla nahi hai. Baap maat bano foran.

      • Subhan Allah. Qibla Pakistan ki sab say ziada Daiki jany website main say aik website ha yah. Google k ishtarat ki Bharmar ha es main. es say kamaye janay pason say ayashi karnay k sath sath ager aur kuch nahie to aik firewall he purchase kar k laga lain to kia fark par jaye ga?
        App nay bat to bilcul theak ki ha k maslay ho jaty hain lakin akhar main baap bannay wali bat kar k sara maza kirkara kar dia.

        • Faisal

          Bhai jan apki information k lye bata don k ap kisi se bhe poch lain ya research kar lain “Pakistani visitors” se kisi bhe web site ko koi faida nahi hota hai, ap ki info k lye Pakistani visitors se google apko koi lakhon nahi kama laita hai, secondary yeh kay itni chalne wali website hai tu VPS pe ya dedicated pe hoge, aur firwall bhe hoge unk pass install, per her cheez firewall se nahi control ho jati hai, there are many more attacks like XSS, SQL injection etc.

          • Faisal

            Or bhai yahan tu koi daikhay
            http://www.defence.pk/about-us/

            Editors main “Indian” and “Iranian” and “Turkish” hain lol. Website is Powered by “World Defence Network”

            Address:
            P.O. Box 532302
            Indianapolis, IN, 46253
            United States
            (317) 641-7570

            What else ???

          • mujay abi b app ki bat pay atiraz ha par ab parh k ach lag raha ha.
            bas yahi kahon ga k zara ider b daik lejaye ga.
            http://www.alexa.com/siteinfo/defence.pk

          • warrior

            bhai sahab yeah site google adsense use karti hai aur pakistani kee pehle 200 sites main aate hai. Yeahee nahi, is site ko aur countrys se bhi visit karten hai. Is se app andaza lagaa sakte hain kay yeh site kitna kamma rahi hogi. Ek security expert hire karna badi baat nahi hai.

      • Copper

        whereever there is pak army, you can think of miserable negligence. They have turned into business empire. They can neither defend their head quarters nor their websites

      • Saad malik

        my dear why would i pay? when they already have ads on their site and those ads can easily earn them enough bucks to hire a professional team of experts.

        • Faisal

          Boss ap k lye bhe wohe ans hai jo Abdul Qadoos bhai ko dia hai maine. Zaroori nahi hai k her koi earning point of view se he website run kar raha ho, infact he is earning from it but jitna ap soch rahay hain ho sakta hai utni na ho earning. Plus same point, website k sath kabhe bhe kuch ho sakta hai jab “Paypal” pe attack ho sakta hai tu kisi normal web pe bhe easily ho sakta hai … :-) chill now apne logon pe sirf criticize nahi karna chahiye.. Support him so that he will get motiviated and start running website even better than before

          • Junaid

            yaar, kuch arsa pahlay SONY ka playstation hack howa tha, 1 month tak sara kuch offline tha sony ka gaming console…..
            thora sa aur past mai chaltay hay. about 1 year ago, mastercard ki site hack ho gai thi..
            i am sure you know MASTERCARD.
            if those 2 business monster cant defend themselves by hiring so many security experts, then how u expect any forum manager to hire any security officer.
            Aik tu hum pakistani mai sabar ka zara sa be element nai hay. choti si baat hoti hay aur us ka itna bara batangar bana laytay hay jaysay pata nai kayamat aa gai hay aur phir 1 week kay baad sara kuch bhool jatay hay.

    • yaar sometimes professionals also cant do anything..
      i have a CISSP and CCIE but still my forum went down for 3 days.

      • SecurityGuy

        Aww!! Abdul Qadoos that means you cheated to get those certifications.

        • lolx main CCIE nahie hon yar meri team main banda ha

          • cybermate

            Dear Abdul

            Iam CCNP is their any job in your company am capable of doing that.

            • drop your details. will let u know if their is any
              me (at) abdulqadoos.com

  • Aysha Khan

    I think defence.pk used Vbluttin forum. most security forum script. how they hacked ? i think hacker attacked on FTP server.

    • zee

      yup they are using bulletin forum

    • vb also has exploits.

    • Shahid Saleem

      to avoid being hacked, first step: don’t use php.

      • salmanaslam

        hey mane, who said you dont use PHP? you know any other better web language??? just tell me?
        On a hacker forum, once i read “Switch your sites to PHP, its safer”
        and indeed PHP provides a better security for SQL injections. If programmer codes in security point of view as well.

        • salmanaslam

          *man

        • Shahid Saleem

          — you know any other better web language???

          Sure, I use ruby and python. Try using a real, consistent language with proper OOP some day. You’ll never want to go back.

          — On a hacker forum, once i read “Switch your sites to PHP, its safer”

          Ha ha, what a joke. Even Facebook, with is a BIIIIG user of PHP, compiles their PHP code to 1 GB C++ binary using https://github.com/facebook/hiphop-php
          Also I think their PHP code never talks directly to databases, they use thrift.

          — and indeed PHP provides a better security for SQL injections.

          Also funny! Better security than what? ASP?

          EASIEST way to avoid sqli attacks: don’t handle sql directly. Use an ORM.

          — If programmer codes in security point of view as well.

          Well, see that goes to the heart of the matter. Most people who write with PHP DON’T worry enough about the security. And there are all sorts of bugs found in PHP code even years after everything looks safe.

          • Waqas

            Hi,

            I don’t want to start a War here, just wanna share something. Probably, you know better than me, you may be even more professional and knowledgeable than me. But, in my point of view, you should never compare PHP with rails. Coz, PHP is a language and rails is a Framework.

            As per language is concern PHP is far more and richer than Ruby itself. However, Rails is the best framework in my opinion.

            You will get clear idea, if you you read following articles:

            http://www.learncomputer.com/php-vs-ruby-on-rails/

            http://net.tutsplus.com/articles/general/language-war-php-vs-ruby-2/

  • Aswad

    PakCyberArmy Already delivered The gift in timely manner to Indians on 14 auguest by hacking there 35 websites including fbi :P
    here is the link..

    http://www.youtube.com/watch?v=W5iLkDfuUrs&feature=player_embedded

  • Jamil Agha

    No Cyber war then why an Indian flag with a “tyre” on it ? What user data it might be having? User name, password and email addresses?

  • Fj

    Confidential Information is not discussed on the website. Just Some General Information and Forum Discussions.
    The Max. Threat can be the theft of usernames, encrypted passwords, email addresses and some Personal Details of people who like to get themselves Public.
    Nothing critical would be at stake, so it won’t be a big issue in my opinion.

    • Aysha Khan

      rightt

    • Yes… No critical data is at risk..

  • Sikander azam

    Tm logo ko kiya ho gaya he

  • don’tworry

    Over half the people at defence.pk are actually Indians. Hacking the website and stealing people’s information may very well backfire.

  • Let him leak the database….. kis k paas faltu time hai email addresses & password read krne ka…

    • :D 38 hazar Email Ids Email Marketing k liye kam a saktay hain :D

      • warrior

        Indian and pakistani internet marketers kay liye yeh aachi database hoga.

    • Shahid Saleem

      You do not UNDERSTAND. Most people use same password on many sites. So, if someone gets the email addresses + passwords, they can try logging into their yahoo, facebook, skype etc accounts.

      Even if the passwords are encrypted, it does not matter because most people use WEAK passwords.

      • No issues dear… I can voluntarily give my email ID to a hacker jo ukharna hai ukhar le pehle hi mere D se sab ko ajeeb ajeeb mail jati rehti hain sab ko:P…….Secondly if a hifi official has his confidential info placed in yahoo mail box, then he deserve to be beaten. I think no one should rely on a free mail server….. Come on yar…. Lastly if someone is an average user having weak passowrd, his email ID is of no worth except for sending spams of Viagra :P…. Itni tension na lia kro yaar.

        • Junaid

          100% sahi kaha hay asad app nay..:P
          loogo ko pata nahi kaya ho jata hay kay email hack kar liya,
          yahoo 5 dollar ka email dayti hay aur wo be sari securities kay sath..
          abb jo banda itni hi fi post pay ho ga, tu wo kaya yahoo say apna account run karay ga??? :P
          koi aqal kay hath lo yaar.
          mujhy reply karo agar itna shock hay id hack karnay ka..
          aur by the way, pakistan/india mai kitnay loog internet shopping kartay hain??? and yet we are talking about data privacy and security .lol

      • Hindostan

        but it’l b useless if site has used md5 o sha1 technique for password encryption

        • Shahid Saleem

          Wrong, kiddo. If your password is “pakistan” (as I am sure many people use that, or “karachi” or “lahore” or “abc123”), it does not matter if you use md5, sha1, sha256, sha512, etc. Weak password is easy to crack in all cases.

    • warrior

      bhai sahab, hackers kay pass bahut sare tarekay haute hain password crack karne kay. Jab woo is site ko hack kar sakten hain unknow style kay saath to password crack karne kaa bhi on ke pass hisahb hota hai.

  • sas

    yaar abi me ne website open ki ha defence.pk tou wo open hu gai ha hack kb hui thi phr?????????

  • Umair

    It was hacked yesterday I think.

  • Waqas

    78k website hacked by Zcompany Hacking Cr3w

    http://www.vsocio.com/social-media/zhc-hacked-blog-co-in-and-78000-indian-domains/

    This is Google’s cache
    http://t.co/FRcRvCB

    complete list of hacked blogs
    http://t.co/dqfUols

    hey admin if you want more detail about this attack email mi :)

    • awesome work

      • provoking?

        why you guys keeps on provoking cyber wars by praising their work. Just ignore this hacks.

        • why Indians don’t stop doing these stupid things?

          • Shahid Saleem

            Playground logic. “he started it waah waah i’m going to hit him too”

            Grow up, learn to take a deep breath and control yourself. That is Our Prophet’s way.

            Oh and don’t forget all the PAKISTANI crackers who attack PAKISTANI sites, too. That’s reality too my friend.

    • provoking?

      they didn’t provide any zone-h mirror so not so authentic info

  • CollegejeanS

    Defence pk seems to be back in control!

  • Welldone…keep it up…!

  • shabbir

    PAk CYber Army of SHak is a bunch of script kiddies who only how to get fame and where to get fame. because they are fame whores and they dont know nothing more than that. and they are good in getting fame. there are two other forums pccs and zhc are far better than PCA atleast they know how to hack the things. from my eyes PCA are the bunch of idiots and fame whores.

    • Saad malik

      spot on…

    • Junaid

      un kay forum kay link send karna zara..
      hope_for_u1 [@]yahoo,com

  • Xtremist
  • Xtremist
  • Xtremist
  • Xtremist

    just over through these links you will come to know what muslim hackers are doing… i dont know why pro pakistani forum only put the news of indian hackers !!!

  • Really sad!

    I hope propakistani won’t get hacked that.

  • Cyber Wing

    This is little thing,now pakistani are working on making full prove security system.

    • Shahid Saleem

      The only “foolproof” security system is to disconnect yourself from the network. And you are right! That is exactly what some people want!

  • Aamir

    This is not the right way to show your patriotism by hacking websites. I don’t appreciate this act from both sides. People should not praise it.

  • ppl stop discussing it ,it was not hacked just defaced by a Paki Hacker .so that the vulnerability should be notified !!

  • site info shows it’s less Pakistani more American :p

    Sites like songs.pk, defence.pk operated by others not Pakistani but b/z of domain or TLD they got 70% to 80% traffic from Pakistan. so its not mean that this is Pakistani site

  • SQL INJECTION IT SEEMS
    , not a big deal, seems webmaster has not paied any attension on data inputs and form checkings.. we should learn by now com’on its been ages but frankly there is no education even in uni regarding security implementation purpose.
    and more everybody is becoming software engineer by learning one or two online tutorial ..

  • Website is under VBULLETIN , I do not agree on this, they should have developed their on script and maintain their security.
    Every open source or paid script has their flaws due to the structure and many users on it, they know where the leak is, but even they could have developed their little CMS it saves the life..

    • Shahid Saleem

      Yes, it does not matter if the software is open source or proprietary. All that matters is HOW MANY PEOPLE look through the source and check for holes. In reality, even if they have the source, over 90% of the people will not look through each line of code.

      (Some of the remaining 10% are obviously crackers)

      I mean for example, look at this site (propakistani.pk) or its forum. Can any of the admins say that they have read and understood all the code? No! They depend on other people (wordpress.org for example) to provide security updates and fixes for holes that almost certainly exist.

    • There is a big rule in CS industry, i.e. “DON’T REINVENT THE WHEEL”. When I started my CS degree, on the very first day we are told that this is a rule of industry. No one writes the code from scratch when that is already present. Coders write new code only when the code of that functionality is not available or when they want to practice. But the fact is in Real world scenarios we reuse already written code. Although we must verify the code before using.

  • pkzoom

    its not a big deal

  • Yasir

    I think PAKBUGS and PCA ARE WAITING FOR ANOTHER ATTACK ON THEIR COUNTRY’s CYBER WAR FIELD !!!!

  • lolo

    lol this time he hacked nokia.com as published on thehackernews.com

  • Raheem Hacker

    Dear brother i know who hacker is he bhaion aap ko pta hona chahye pakistan cyber arm and same insia ki army cyber armi means hackers waghera dono ke beach challenges chal re hen joo zyada sites hack kare he is champion pakistani sirf unki ye wo ye wo choto moti sits hack karte hen phr khush hte hen and indhia bara sachak laga ke bhaag jata he hahahha shame on pkistani hackers huhhhh

  • Raheem Hacker

    (((((((Dear brother i know who hacker is he bhaion aap ko pta hona chahye pakistan cyber arm and same insia ki army cyber armi means hackers waghera dono ke beach challenges chal re hen joo zyada sites hack kare he is champion pakistani sirf unki ye wo ye wo choto moti sits hack karte hen phr khush hte hen and indhia bara sachak laga ke bhaag jata he hahahha shame on pkistani hackers huhhhh))))))))))))

  • shaan khan

    salam bahi logo ,

    so what u people think about this please reply.

    if the website is powered by worlddefencenetwork.com.so do u think its safe.these fuckers them self does not have web designer.
    2010 worlddefencenetwork. All Rights Reserved. Greyzed Theme created by The Forge Web Creations. Powered by WordPress.
    if they cant design the website and purchase a common theme from worldpress.so what grantee they will give for security, i am shock that our pakistani defence.pk hire them for what ,please can any one reply me thanks .

  • heroes of pakistan

    Thats a sad news we Pakistani need to protect our websites and secure them more

  • Reckless

    i agree with “heroes of pakistan” we really need to start ehtical hacking who are those indians who hack our website and tell us you need to fix it.
    They are just back stabbing saying that there is no cyber war but it is a cyber war and in like real war we should F*** them up.
    From Today I am going to make them cry as hard as i can i need is help of my expert bros

  • Reckless

    i agree with “heroes of pakistan” we really need to start ehtical hacking who are those indians who hack our website and tell us you need to fix it.
    They are just back stabbing saying that there is no cyber war but it is a cyber war and in like real war we should F*** them up.
    From Today I am going to make them cry as hard as i can i need is help of my hacker bros and we should aim for some big like one of ther important websites
    + database and croupt them.

  • Joaquin Osso

    Don’t trust people. They may be capable of greatness.
    Among the tests of leadership could be the power to recognize a difficulty before it becomes an emergency.