Defence.pk Gets Hacked, 38K Members Data at Risk

Defence.PK, one of the largest and most active Pakistani forum on internet, reportedly got hacked earlier today by an independent Indian hacker.

Hacker claims that he has got access to main database of defence.pk and a 2 GB file has been dumped and saved with him. He aims to release the whole dump, that contains user information of some 38,000 members, sometime later.

Named as pr0tect0r or also known as mrNRG is an independent hacker. He revealed on a hacker forum that he hacked the forum not as part of any group or in response to anything. His main motive behind hacking the forum was a vulnerability he found in the website.

He writes:

mirrors:-
http://www.zone-h.org/mirror/id/14686416
http://legend-h.org/mirror/205827/defenc…anced.html

mysql database of 2gb dumped :O

I’ll leak the details 38k users over my twitter page :P No Cyber War here!! Just another vulnerable site which needs to be notified

We reached out to defence.pk to find out their version of story, however, we are yet to get any response from them.

Here is the Zone-H mirror of defaced page: http://www.zone-h.org/mirror/id/14686416

defence.pk


    • they can’t do much… they just hack sites of no importance…. they are script kiddies in real sense.

      • lol you call this site of importance. This site deals top army discussion and most probably army officials also visits them.

  • to hell with defence.pk admin… he was running such a big forum and couldn’t hire a security professional

    • Bhai sahab security professional ko pay ap karain gay kya ???? website main yeh sab issues ho jatay hain koi aisa masla nahi hai. Baap maat bano foran.

      • Subhan Allah. Qibla Pakistan ki sab say ziada Daiki jany website main say aik website ha yah. Google k ishtarat ki Bharmar ha es main. es say kamaye janay pason say ayashi karnay k sath sath ager aur kuch nahie to aik firewall he purchase kar k laga lain to kia fark par jaye ga?
        App nay bat to bilcul theak ki ha k maslay ho jaty hain lakin akhar main baap bannay wali bat kar k sara maza kirkara kar dia.

        • Bhai jan apki information k lye bata don k ap kisi se bhe poch lain ya research kar lain “Pakistani visitors” se kisi bhe web site ko koi faida nahi hota hai, ap ki info k lye Pakistani visitors se google apko koi lakhon nahi kama laita hai, secondary yeh kay itni chalne wali website hai tu VPS pe ya dedicated pe hoge, aur firwall bhe hoge unk pass install, per her cheez firewall se nahi control ho jati hai, there are many more attacks like XSS, SQL injection etc.

          • Or bhai yahan tu koi daikhay
            http://www.defence.pk/about-us/

            Editors main “Indian” and “Iranian” and “Turkish” hain lol. Website is Powered by “World Defence Network”

            Address:
            P.O. Box 532302
            Indianapolis, IN, 46253
            United States
            (317) 641-7570

            What else ???

          • bhai sahab yeah site google adsense use karti hai aur pakistani kee pehle 200 sites main aate hai. Yeahee nahi, is site ko aur countrys se bhi visit karten hai. Is se app andaza lagaa sakte hain kay yeh site kitna kamma rahi hogi. Ek security expert hire karna badi baat nahi hai.

      • whereever there is pak army, you can think of miserable negligence. They have turned into business empire. They can neither defend their head quarters nor their websites

      • my dear why would i pay? when they already have ads on their site and those ads can easily earn them enough bucks to hire a professional team of experts.

        • Boss ap k lye bhe wohe ans hai jo Abdul Qadoos bhai ko dia hai maine. Zaroori nahi hai k her koi earning point of view se he website run kar raha ho, infact he is earning from it but jitna ap soch rahay hain ho sakta hai utni na ho earning. Plus same point, website k sath kabhe bhe kuch ho sakta hai jab “Paypal” pe attack ho sakta hai tu kisi normal web pe bhe easily ho sakta hai … :-) chill now apne logon pe sirf criticize nahi karna chahiye.. Support him so that he will get motiviated and start running website even better than before

          • yaar, kuch arsa pahlay SONY ka playstation hack howa tha, 1 month tak sara kuch offline tha sony ka gaming console…..
            thora sa aur past mai chaltay hay. about 1 year ago, mastercard ki site hack ho gai thi..
            i am sure you know MASTERCARD.
            if those 2 business monster cant defend themselves by hiring so many security experts, then how u expect any forum manager to hire any security officer.
            Aik tu hum pakistani mai sabar ka zara sa be element nai hay. choti si baat hoti hay aur us ka itna bara batangar bana laytay hay jaysay pata nai kayamat aa gai hay aur phir 1 week kay baad sara kuch bhool jatay hay.

  • I think defence.pk used Vbluttin forum. most security forum script. how they hacked ? i think hacker attacked on FTP server.

      • hey mane, who said you dont use PHP? you know any other better web language??? just tell me?
        On a hacker forum, once i read “Switch your sites to PHP, its safer”
        and indeed PHP provides a better security for SQL injections. If programmer codes in security point of view as well.

        • — you know any other better web language???

          Sure, I use ruby and python. Try using a real, consistent language with proper OOP some day. You’ll never want to go back.

          — On a hacker forum, once i read “Switch your sites to PHP, its safer”

          Ha ha, what a joke. Even Facebook, with is a BIIIIG user of PHP, compiles their PHP code to 1 GB C++ binary using https://github.com/facebook/hiphop-php
          Also I think their PHP code never talks directly to databases, they use thrift.

          — and indeed PHP provides a better security for SQL injections.

          Also funny! Better security than what? ASP?

          EASIEST way to avoid sqli attacks: don’t handle sql directly. Use an ORM.

          — If programmer codes in security point of view as well.

          Well, see that goes to the heart of the matter. Most people who write with PHP DON’T worry enough about the security. And there are all sorts of bugs found in PHP code even years after everything looks safe.

  • No Cyber war then why an Indian flag with a “tyre” on it ? What user data it might be having? User name, password and email addresses?

  • Confidential Information is not discussed on the website. Just Some General Information and Forum Discussions.
    The Max. Threat can be the theft of usernames, encrypted passwords, email addresses and some Personal Details of people who like to get themselves Public.
    Nothing critical would be at stake, so it won’t be a big issue in my opinion.

  • Over half the people at defence.pk are actually Indians. Hacking the website and stealing people’s information may very well backfire.

    • You do not UNDERSTAND. Most people use same password on many sites. So, if someone gets the email addresses + passwords, they can try logging into their yahoo, facebook, skype etc accounts.

      Even if the passwords are encrypted, it does not matter because most people use WEAK passwords.

      • No issues dear… I can voluntarily give my email ID to a hacker jo ukharna hai ukhar le pehle hi mere D se sab ko ajeeb ajeeb mail jati rehti hain sab ko:P…….Secondly if a hifi official has his confidential info placed in yahoo mail box, then he deserve to be beaten. I think no one should rely on a free mail server….. Come on yar…. Lastly if someone is an average user having weak passowrd, his email ID is of no worth except for sending spams of Viagra :P…. Itni tension na lia kro yaar.

        • 100% sahi kaha hay asad app nay..:P
          loogo ko pata nahi kaya ho jata hay kay email hack kar liya,
          yahoo 5 dollar ka email dayti hay aur wo be sari securities kay sath..
          abb jo banda itni hi fi post pay ho ga, tu wo kaya yahoo say apna account run karay ga??? :P
          koi aqal kay hath lo yaar.
          mujhy reply karo agar itna shock hay id hack karnay ka..
          aur by the way, pakistan/india mai kitnay loog internet shopping kartay hain??? and yet we are talking about data privacy and security .lol

        • Wrong, kiddo. If your password is “pakistan” (as I am sure many people use that, or “karachi” or “lahore” or “abc123”), it does not matter if you use md5, sha1, sha256, sha512, etc. Weak password is easy to crack in all cases.

    • bhai sahab, hackers kay pass bahut sare tarekay haute hain password crack karne kay. Jab woo is site ko hack kar sakten hain unknow style kay saath to password crack karne kaa bhi on ke pass hisahb hota hai.

  • yaar abi me ne website open ki ha defence.pk tou wo open hu gai ha hack kb hui thi phr?????????

  • PAk CYber Army of SHak is a bunch of script kiddies who only how to get fame and where to get fame. because they are fame whores and they dont know nothing more than that. and they are good in getting fame. there are two other forums pccs and zhc are far better than PCA atleast they know how to hack the things. from my eyes PCA are the bunch of idiots and fame whores.

  • just over through these links you will come to know what muslim hackers are doing… i dont know why pro pakistani forum only put the news of indian hackers !!!

    • The only “foolproof” security system is to disconnect yourself from the network. And you are right! That is exactly what some people want!

  • This is not the right way to show your patriotism by hacking websites. I don’t appreciate this act from both sides. People should not praise it.

  • site info shows it’s less Pakistani more American :p

    Sites like songs.pk, defence.pk operated by others not Pakistani but b/z of domain or TLD they got 70% to 80% traffic from Pakistan. so its not mean that this is Pakistani site

  • SQL INJECTION IT SEEMS
    , not a big deal, seems webmaster has not paied any attension on data inputs and form checkings.. we should learn by now com’on its been ages but frankly there is no education even in uni regarding security implementation purpose.
    and more everybody is becoming software engineer by learning one or two online tutorial ..

  • Website is under VBULLETIN , I do not agree on this, they should have developed their on script and maintain their security.
    Every open source or paid script has their flaws due to the structure and many users on it, they know where the leak is, but even they could have developed their little CMS it saves the life..

    • Yes, it does not matter if the software is open source or proprietary. All that matters is HOW MANY PEOPLE look through the source and check for holes. In reality, even if they have the source, over 90% of the people will not look through each line of code.

      (Some of the remaining 10% are obviously crackers)

      I mean for example, look at this site (propakistani.pk) or its forum. Can any of the admins say that they have read and understood all the code? No! They depend on other people (wordpress.org for example) to provide security updates and fixes for holes that almost certainly exist.

    • There is a big rule in CS industry, i.e. “DON’T REINVENT THE WHEEL”. When I started my CS degree, on the very first day we are told that this is a rule of industry. No one writes the code from scratch when that is already present. Coders write new code only when the code of that functionality is not available or when they want to practice. But the fact is in Real world scenarios we reuse already written code. Although we must verify the code before using.

  • I think PAKBUGS and PCA ARE WAITING FOR ANOTHER ATTACK ON THEIR COUNTRY’s CYBER WAR FIELD !!!!

  • Dear brother i know who hacker is he bhaion aap ko pta hona chahye pakistan cyber arm and same insia ki army cyber armi means hackers waghera dono ke beach challenges chal re hen joo zyada sites hack kare he is champion pakistani sirf unki ye wo ye wo choto moti sits hack karte hen phr khush hte hen and indhia bara sachak laga ke bhaag jata he hahahha shame on pkistani hackers huhhhh

  • (((((((Dear brother i know who hacker is he bhaion aap ko pta hona chahye pakistan cyber arm and same insia ki army cyber armi means hackers waghera dono ke beach challenges chal re hen joo zyada sites hack kare he is champion pakistani sirf unki ye wo ye wo choto moti sits hack karte hen phr khush hte hen and indhia bara sachak laga ke bhaag jata he hahahha shame on pkistani hackers huhhhh))))))))))))

  • salam bahi logo ,

    so what u people think about this please reply.

    if the website is powered by worlddefencenetwork.com.so do u think its safe.these fuckers them self does not have web designer.
    2010 worlddefencenetwork. All Rights Reserved. Greyzed Theme created by The Forge Web Creations. Powered by WordPress.
    if they cant design the website and purchase a common theme from worldpress.so what grantee they will give for security, i am shock that our pakistani defence.pk hire them for what ,please can any one reply me thanks .

  • i agree with “heroes of pakistan” we really need to start ehtical hacking who are those indians who hack our website and tell us you need to fix it.
    They are just back stabbing saying that there is no cyber war but it is a cyber war and in like real war we should F*** them up.
    From Today I am going to make them cry as hard as i can i need is help of my expert bros

  • i agree with “heroes of pakistan” we really need to start ehtical hacking who are those indians who hack our website and tell us you need to fix it.
    They are just back stabbing saying that there is no cyber war but it is a cyber war and in like real war we should F*** them up.
    From Today I am going to make them cry as hard as i can i need is help of my hacker bros and we should aim for some big like one of ther important websites
    + database and croupt them.

  • Don’t trust people. They may be capable of greatness.
    Among the tests of leadership could be the power to recognize a difficulty before it becomes an emergency.


  • Get Alerts

    Follow ProPakistani to get latest news and updates.


    ProPakistani Community

    Join the groups below to get latest news and updates.



    >