26/11 Anniversary: Indian Cyber Army Hacks Pakistan’s Top Military Blog

Country’s top Military blog, PakSoldiers.com has been hacked by Indian Cyber Army, apparently to commemorate the anniversary of Mumbai Attacks.

Hackers, claiming the responsibility of the hack said that they are part of Indian Cyber Army and defacement of PakSoldiers is a tribute to solders and citizens who lost their lives during 26/11 incident in Mumbai.

This has happened despite the fact that Indian Government was exposed for allegedly staging the Mumbai Incident to formulate anti-terrorism laws.

PakSoldiers is an award winning platform for Military affairs and related resources.

Ghulam Sarwar, the Editor and Found of PakSoldiers confirmed ProPakistani that they are in process of restoring the website. It is still unclear if any data is lost or not.

It is assumed that Hackers exploited a notorious bug in VBulletin to get into the servers.

Here is the defaced screen:


Tech reporter with over 10 years of experience, founder of ProPakistani.PK

  • Rebel

    They hacked 1 Site on 26/11 , please give them a gift of 100.
    If we wait and watch then it doesnt mean we are sleeping

    • Shahid Saleem

      If you use software that has **well-known** vulnerabilities, it means you are sleeping. Paksoldier admins WERE asleep at the wheel.

      And, really, the best hack is unnoticable hack. Someone could have hacked it months ago and just sniffed passwords and email addresses etc. Don’t you know that people reuse their passwords? They could’ve been capturing passwords all along, preparing to hack into accounts, facebook, etc. Defacing is boring.

  • Guest

    Domain Link?

  • Syed Aqib Shah

    This Thing Happens when u hire professionals with good marks and not with good brains!!

    this is the actual thing they mentioned.

  • Mushi

    paksoldiers.com are using wordpress, The hacker might have hacked through the WP Plugin and got hold DB admin tables.

    • vfhjgj

      Tumlog wordpress hi use kar sakte ho poor country Apna to kuch bana nhi sakte na

  • Mohammed Farooq

    It is not so hard to hack down wordpress blog.

  • Ghulam Sarwar

    We have fixed it. Indian Cyber Army should hack their intelligence officials emails/credentials for the facts – 26/11 was staged by Indian RAW, Babies ;)

    • Shahid Saleem

      doesn’t change the fact that the high profile site under your **responsibility** was hacked. and who knows if it was hacked today or months ago? maybe they hacked it long time ago and just flipped the switch to show the defacing today.

      • Yeh, but this blog is not operated by ISI so even if they have collected the “sensitive data” there’s nothing to worry about. Let them have a little fun.

        • Shahid Saleem

          Do a quick check: do people who use propakistani forums use the same email address for the email accounts they used to sign up?

          If so, it’s not fun, it’s danger.

          • PPAK

            BUMP !! Boy u have a very rich Imagination and free time too, and all kinds of wired stuff really going in your head believe me. Hacked Blog leading to hacked Logins to Hacked emails and then ultimately DANGER. u made my day LOL :P

            • Shahid Saleem

              I’m only describing what has happened repeatedly. As in, techniques that are so well known that even non-hackers know about this sort of thing.

              For you it is entertainment, but wait until some site you signed up on is hacked, and then they use the plaintext password to get into your other sites.

            • abobobilly

              Doesn’t take a genius to be “broad minded” you know. And from what i see, people in Pakistan take “internet” way too “easy”, and any information they have on the internet related to them.

              Saying that they are “naive” would be an insult to them, but then they are clearly not accepting the “attached danger” to such information leaks.

              If you still don’t understand what could possibly happen with your ‘sensitive data’ (which some people think isn’t so sensitive), well … then just pray nothing bad happens.

              • PPAK

                OK Mr Broad Minded, Internet is some serious stuff and there are levels of users, and ASSUMPTIONS like people who have blog accounts naive enough to have the same passwords as their emails IDs, which they are also using to keep their “sensitive data” is plain stupidity, Do u really think people are that stupid or u guyz r some kind of geniuses. First u r talking remote possibilities like an everyday thing and based on that u r judging people. For average users yes this is a potential threat but how many of them u know with web site logins use the same password for their email and keep their so called sensitive data there, and if u call facebook account as sensitive data, then consider this discussion over.
                @SS: Plz go ahead and obtain ur “sensitive data” from some one’s email id using his password from PP, as u claimed earlier, Believe me Its a lot different then as shown in movies :)

                • Shahid Saleem

                  Again, it is not an assumption, IT IS A WIDELY PROVEN FACT. Every time big sites (like gawker, adobe) have had their passwords released, people have tried to cross-reference and attack with the passwords. Even if the passwords are encrypted (which we all know doesn’t help because people choose stupid stupid passwords like “pakistan” or “786786” or “abc123”).

                  Google for “people reuse passwords” or “password reuse” and read the links. One older study (from 2011) says:

                  Of the 456 common users, 161 had their password cracked in both datasets, 46 only had their rootkit.com password cracked and 77 only had their Gawker password cracked, leaving 172 with neither password cracked. Of the accounts for which passwords were cracked at both sites, 76% used the exact same password. A further 6% used passwords differing by only capitalisation or a small suffix (e.g. ‘password’ and ‘password1′).

                  More recently from April 2013:

                  While 77 percent use passwords on their phones and nearly half employ two-factor authentication for their online accounts, a new study by Varonis finds, some 61 percent are always or often using the same password for multiple accounts and applications—basically defeating the purpose of their authentication practices.

                  If you post another comment about how it’s not a “big issue” then you better have a study to back up your ideas. Because otherwise, you are making noise.

                  • PPAK

                    Let me make it easy for u, otherwise u will be running wild on the Information super Highway for more stats
                    Instead of giving password cracking statistics from google plz focus on ur original claim that, site password leading to email password to sensitive data in email leading to DANGER, and im really interested in the DANGER part of ur comment and if u could not then we will see who is making NOISE :)

                    • Shahid Saleem

                      When you sign up don’t you give both email AND password to the site? So anyone who hacks the site and grabs the database gets both (maybe password is encrypted, maybe not). Even if it is encrypted, they can still try to use Jack the Ripper or some other software to guess it. And the stats (which I will point out again were extracted from actual studies by professional security researchers) show that many if not most people reuse passwords.

                      So now the hackers can get into your email account. And once they do that, they can try to get into your facebook, account, or on other sites. Even if you don’t have the same password on those sites, they can trigger “forgot password” emails and break in.

                      What are you saying, man? Can’t you understand a simple thing like the above? And you sense no danger?

                      ignorance definitely is bliss for you.

                    • PPAK

                      U consider facebook as “sensitive data” and a compromised facebook account leads some how to “DANGER”, How interesting that’s all what i needed to hear from u. HAHAHA No wonder u r paranoid and on top of that u consider others Ignorant, Ignorance is definitely a blessing.
                      Again u made my day today, plz keep them coming :)

                    • Shahid Saleem

                      Suppose someone breaks into your facebook account and your email account. If your bank sends account information to your email account, do you think by searching your old emails, your facebook private posts, etc etc. someone could come up with enough facts about you to impersonate you on a phone call to the bank? And then claim you need access to your bank’s website for some reason? Maybe to change your registered phone number for sms banking? Things like that?

                      You have a SERIOUS lack of imagination here. More money & reputation is lost due to social engineering and identity theft than actual hacking.

                      If someone hacked into your gmail account and started sending all kinds of emails to your co-workers and boss, what will they think of you?

                      If you don’t mind either situations, please comment with your email accounts and passwords. You have nothing “serious” to worry about, so why not share them?

                    • PPAK

                      First u r imagining “remote possibilities like an everyday thing” U did not notice that there are too many IFs in your explanation and that’s what i originally said.
                      IF one has a web site login/password same as his email’s IF they are transacted/stored unencrypted by the web site admins IF they got sniffed/cracked/brute forced IF they keep the sensitive financial data in the same “public email” IF they use the same id to keep social sites(if at all they are using one) for keeping their personal info and IF bank has so week controls that they will change them at once, on hacker’s request and that too without notice re verification from the original sources LOL :)
                      Secondly, There s hell of a difference between talking/imagining about it and actually doing it.

                    • PPAK

                      Like i said earlier, U r talking(imagining) remote possibilities like every day things,
                      Did u notice how many IFs u have used in ur comment,

                      IF the web site gets hacked
                      IF the passwords are transacted/stored unencrypted
                      IF they are sniffed/cracked
                      IF user is using same passwords for their email ids
                      IF user is keeping financial accounts data on same public emails
                      IF user is using the same email account for the social sites access
                      IF user is publishing personal information on these sites
                      and IF bank has such week controls that they will change the credentials on anonymous requests without informing/re verifying from the original sources
                      U make me laugh again and again, i bet ur wild Imagination rich brain is creating more problems for u then solving some :)
                      Talking about it is one thing but actually executing it in real world is a lot harder baby, and don’t start throwing more stats of old incidents from ur beloved Google

                    • Shahid Saleem

                      1. web sites DO get hacked. or do you think that does not happen?

                      2. passwords are either not encrypted or badly encrypted. For a recent example, see Adobe hack this very month.

                      3. Bad passwords + password hints = easily cracked. Again, BIG example, Adobe hack. MILLIONS of accounts.

                      4. studies have shown that 30-50% people DO use same passwords or at least similar ones (adding a number at the end, etc etc). But of course, you don’t believe real world, you believe whatever you think.

                      5, 6. do you think people have 20 different email accounts for 20 different services? I know I get email from my bank to the same account that I get other social media emails. what about you?

                      7. you know nothing about social hacking or identity theft AT ALL. Go learn something from an expert.

      • kash

        Let us c if you could show the same enthusiasm on its response,


        and i am saying this totally unbiased :)

        • PeeDroid

          He Cant, Aaisa karay Ga To RAW Se Passay Kasay Milain Ga…

          • Shahid Saleem

            Sorry, I only accept moneys from Mossad. They may me extra to annoy you.

            • PeeDroid

              And He Is A Troll!!
              You Dont Look Cool, Not Even Close!!
              Just Quit It Doucher!!

              • Shahid Saleem

                Hah! I’m so cool, even Siri left you for me.

  • PeeDroid

    Indians Are The Most Stupid People On Earth!!

    • Shahid Saleem

      your grandparents were indians. i guess by your reasoning, you must be the grandchild of stupid people who had stupid kids AND grandkids. ha ha!

      • dfs

        hindu why barking here

        • Shahid Saleem

          Your ancestors were Hindu. Your mentality still is.

          • abobobilly

            I hope you mean that strictly from “location’s perspective” and not “religious perspective” … because if my ancestors marched from Hindustan to Pakistan during its making, that doesn’t make them “Hindu”.

            • Shahid Saleem

              You and dfs fell for a lie. I’m sorry, but that’s the truth.

              For years Pakistani culture and media and army and politicians have been trying to convince you that Indian automatically equals Hindu. Whereas in fact, there are 3/4ths the number of Muslims in India than there are in Pakistan (over 135 million vs around 170 million). And their growth rate (29.5%/10 years) is such that in a few decades, there will be more Muslims in India than in Pakistan.

              Regardless, calling people “hindu” like dfs did is not the manner associated with Muslims, which is why I said it was mentality.

              • PeeDroid

                Now STFU You Exactly Know What I Was Talking About..
                INDIANS.. I Was Not Talking About Past.. I Was Talking About Present.. And Bi**H Like You Dragged It To Somewhere Else.. Because India Ko Kuch Kehney Se Teri G****H Main Mirchain lagti Hain!!
                Now Go Drink Your Piss Piss Drink.. Douche

                • Shahid Saleem

                  You want to talk about the present? Let’s talk about the present. Here is the present:

                  Country’s top Military blog has been hacked by Indian Cyber Arm

                  So country’s highest profile military-related blog didn’t bother to secure his system.

                  Everything else is noise. His failure is what you don’t want to talk about.

              • abobobilly

                Unless you are one of my great great grand parents, or someone who served in the army knowing their “lies” … I refuse to believe you on that matter being “a lie”.

                So Lets not go in a direction where i’d disagree with you strongly and focus on the subject at hand.

                Regardless, the two people PeeDroid and dfs are a bunch of immature children who haven’t yet completed their “Middle” grade education, which could be the reason of their small, full of hatred and possibly “intentional” racism mentality. These people should be taught to respect everyone regardless of their religion, color or opinion.

          • PeeDroid

            While You Are Still Hindu!!
            I Hope You Have Watched The Movie “Waar”.
            I Wonder You Get Paid In Dollar Or INR??!!!!

            • Shahid Saleem

              Why should I watch Waar? Will that make me a better Muslim? It’s just a couple of hours of entertainment.

              Eating a good Jalapeno burger at Hardee’s, now, that’s my idea of entertainment!

              • PeeDroid

                Why Should A HINDU Watch WAAR….
                You Should Watch AGENT VINODH, EK THA TIGER & Sunny Deol Movies!!!!!!
                Douche Cow Piss Drinker..

                • Shahid Saleem

                  Funny choice of movies. More Pakistanis watched those movies than watched Waar :):):)

          • dfs

            mine ancestors were not hindu its your and still in hindus whom sowrn whom harvest no one know beside your moms & you are perfect example of this

            • Shahid Saleem

              Oh, where did your ancestors come from?

              And, as a Muslim, could you repeat what about said about my Mother? you know, just so we are perfectly clear & plain about what you want to say about my mother.

              • PeeDroid

                Stop Telling Us About Our Religion…
                Drink Your Piss Piss Drink And STFU!!!

          • PeeDroid

            I Think You Didnt Have Your Cow Piss Energy Drink Today..
            Your Seeta Might Have Not Pissed Today, Thats Why You Out Of Your Senses!! Loool.. :B :P :D

        • PeeDroid

          Because Only Thing Indians aKa Hindus Know Is Bark.. LMAO

      • PeeDroid

        India Ka Tattway.. BC Teray G***d** Grand Parents Hindu Hoon Ga..
        Da**ay Kasam Khuda Ki Mujay Kahin Milgeya Na Tu.. Tera Wo Hashar Karoon Ga Ke Doobara Kahin Bhi Comment Karney Wala Nahi Rahay Ga!!

      • PeeDroid

        BTW My Grand Parents Were From Kashmir.. You Douche..

        • Shahid Saleem

          And where is Kashmir located? Kamchatka Peninsula?

          Kashmir was part of British-ruled India from 1846 to 1947. Before that, owned by Sikhs. How can you possibly be so IGNORANT of the things you are proud of?

          • dfs

            did you forget about that whom were you fathers for 1000 years read first morn so try to find your father in that era and cry overj your hindus losers still are slaves bz you talk like a slave smart @shahidsaleem:disqus

            • Shahid Saleem

              I am 100% certain based on where my parents, grandparents, etc. were born that their (my) ancestors were also at some point Hindu or Buddhist.

              But I am as certain as anything that my grandparents were Indians, because they were born in British-ruled India. So I will never say that Indians are stupid. If they had been born or lived in a village **just 50 miles east** then maybe they would be Indian Muslims, not Pakistani Muslims. And there is nothing wrong with that, in my experience. After all, being Muslim is more important than being Pakistani, right?

              If you think I am Naive, then go ahead. It won’t hurt you or me. If it brings pleasure to you for a few minutes, great!

              • PeeDroid

                If you think I am Naive, then go ahead. It won’t hurt you or me. If it brings pleasure to you for a few minutes, great!

                To Pehlay He Apni Bakwas Band Karleta!!

          • PeeDrink

            Haan Forcefully Liya Tha Na.. Kashmir Ek Aleda Mulk Tha..
            Hinduoon Ne Kabza Kiya Huwa Tha Tab Bhi Aur Aaj Bhi!!
            Palestine Pe Israel Ne Kabza Kiya Huwa Ha Iska Matlab Palestine Israel Bangeya…
            Now Go Drink Your Mother Seetas Piss ….:D

            • Shahid Saleem

              Nope, the British signed an agreement with the failed Sikh ruler of Punjab and separated the two areas after he lost. The British gave Kashmir to a local warlord who helped them in their battle. It was his grandson who was the ruler of Kashmir during partition. It was never a separate country, no more than Kalat or Bhawalpur or (Indian) Hyderabad state.

              I understand your confusion, though. You probably used Apple Maps for historical data :):):)

  • imi…..-R

    wait they will be relied so0on….<3 :P

  • Saeed

    actually, we can’t secure anything by 100% and as per my experience when you build your website with your customize php then you can secure your website but when you used any WP then there is more chances for hacking the website because alots of plugins are not written in security wise.

    I will request them to use your own php customization rather than used any WP.

    • Shahid Saleem

      Step #1: don’t use PHP or ASP.

      90% of your problems go away.

      • dfs

        bz you are S.O.B son of… you don’t know anything beside of barking in pakistani forum so pitty no hindus like you thats why came here with muslim name so pitty

        • Shahid Saleem

          You must be a PHP coder, ha ha!

          Sorry, but your language sucks.

          • PeeDroid

            OO Tu Ja Ke Apni Seeta Ki Piss Piss Suck Ker…

  • Mohammed Farooq
  • ScAvEnGeR (PHC)

    First of all, it was a vBulletin™ zero-day! It was nothing that could be known by the site admin. They are using vBulletin™ Version 4.1.1. The person who discovered it has put up the vulnerability for sale for like 7000$…

    Secondly, the hack was by Godzilla, he is a kind of person who firsts nests inside the server and sniffs for passwords till it’s time to deface. Mostly he plants a backdoor and malware which he is famous for. So instead of blaming the site admin, be a little bit open- minded.

    • Never Mind

      that ain’t that 7000$ exploit they used. it was old upgrade.php exploit. just chmod 400 the install directory+search & delete backdoors + delete newly created admin users and it will be fixed..

  • Ajmal
  • PeeDroid

    Now STFU You Exactly Know What I Was Talking About..
    INDIANS.. I Was Not Talking About Past.. I Was Talking About Present.. And Bi**H Like You Dragged It To Somewhere Else.. Because India Ko Kuch Kehney Se Teri G****H Main Mirchain Lagti Hain, Aur Aasa Aur Kisi Pakistani Ka Sath Nahi Hota!!
    Now Go Drink Your Piss Piss Drink.. Douche

    • Shahid Saleem

      You talk about my piss a lot. Are you jealous? I am sure a psychiatrist can help you with that problem.

      And a professional psychiatrist, not Siri :):):)

      • PeeDroid

        Chal Ab Teri Phaat Ka Haath Main Aa Gai Ha To Apney Ap Ko Tassalian Na De.. RAW Ka Tatway..
        Teri Pool Khul Chuki Ha, Baki Bhoonkney Ki Adat Hinduoon Ki Poorani Ha.. Ab Is Baray Main Tujse Kya Gilla Karna!!
        Phutt Ja.. Piss Piss Drink Pe Ka Drunk Hoja!!

  • PeeDroid

    Shahid Saleem Wangrey Loki Hondey Ne Jaray Facebook Te Apna Status Like Karke Apey He Pareshan Ho Jandey Ne Ea Like Kiney Kita??.. Hahahahaha.. :D :B :P

  • Shahid Saleem

    But the studies show numbers that for maybe 30-50% of the people, it is not IF, but YES THEY DO. But of course you don’t trust the studies, because you “know better”. Whatever, man, still waiting for you to post your email + passwords.

  • Arham Ahmad

    This is nothing as compared to Pak cyber army hacking of indian investigation agency website CBI, the most sensitive and secured website of india. CBI is connected to the command centre of world police organisation – Interpol – 24×7. That was a great loss to them.