26/11 Anniversary: Indian Cyber Army Hacks Pakistan’s Top Military Blog

Country’s top Military blog, has been hacked by Indian Cyber Army, apparently to commemorate the anniversary of Mumbai Attacks.


Hackers, claiming the responsibility of the hack said that they are part of Indian Cyber Army and defacement of PakSoldiers is a tribute to solders and citizens who lost their lives during 26/11 incident in Mumbai.

This has happened despite the fact that Indian Government was exposed for allegedly staging the Mumbai Incident to formulate anti-terrorism laws.

PakSoldiers is an award winning platform for Military affairs and related resources.

Ghulam Sarwar, the Editor and Found of PakSoldiers confirmed ProPakistani that they are in process of restoring the website. It is still unclear if any data is lost or not.

It is assumed that Hackers exploited a notorious bug in VBulletin to get into the servers.


Here is the defaced screen:


Tech and telecom reporter with over 15 years of experience, he works as founder of ProPakistani.PK


  • They hacked 1 Site on 26/11 , please give them a gift of 100.
    If we wait and watch then it doesnt mean we are sleeping

    • If you use software that has **well-known** vulnerabilities, it means you are sleeping. Paksoldier admins WERE asleep at the wheel.

      And, really, the best hack is unnoticable hack. Someone could have hacked it months ago and just sniffed passwords and email addresses etc. Don’t you know that people reuse their passwords? They could’ve been capturing passwords all along, preparing to hack into accounts, facebook, etc. Defacing is boring.

  • This Thing Happens when u hire professionals with good marks and not with good brains!!

    this is the actual thing they mentioned.

  • are using wordpress, The hacker might have hacked through the WP Plugin and got hold DB admin tables.

  • We have fixed it. Indian Cyber Army should hack their intelligence officials emails/credentials for the facts – 26/11 was staged by Indian RAW, Babies ;)

    • doesn’t change the fact that the high profile site under your **responsibility** was hacked. and who knows if it was hacked today or months ago? maybe they hacked it long time ago and just flipped the switch to show the defacing today.

        • Do a quick check: do people who use propakistani forums use the same email address for the email accounts they used to sign up?

          If so, it’s not fun, it’s danger.

          • BUMP !! Boy u have a very rich Imagination and free time too, and all kinds of wired stuff really going in your head believe me. Hacked Blog leading to hacked Logins to Hacked emails and then ultimately DANGER. u made my day LOL :P

            • I’m only describing what has happened repeatedly. As in, techniques that are so well known that even non-hackers know about this sort of thing.

              For you it is entertainment, but wait until some site you signed up on is hacked, and then they use the plaintext password to get into your other sites.

            • Doesn’t take a genius to be “broad minded” you know. And from what i see, people in Pakistan take “internet” way too “easy”, and any information they have on the internet related to them.

              Saying that they are “naive” would be an insult to them, but then they are clearly not accepting the “attached danger” to such information leaks.

              If you still don’t understand what could possibly happen with your ‘sensitive data’ (which some people think isn’t so sensitive), well … then just pray nothing bad happens.

              • OK Mr Broad Minded, Internet is some serious stuff and there are levels of users, and ASSUMPTIONS like people who have blog accounts naive enough to have the same passwords as their emails IDs, which they are also using to keep their “sensitive data” is plain stupidity, Do u really think people are that stupid or u guyz r some kind of geniuses. First u r talking remote possibilities like an everyday thing and based on that u r judging people. For average users yes this is a potential threat but how many of them u know with web site logins use the same password for their email and keep their so called sensitive data there, and if u call facebook account as sensitive data, then consider this discussion over.
                @SS: Plz go ahead and obtain ur “sensitive data” from some one’s email id using his password from PP, as u claimed earlier, Believe me Its a lot different then as shown in movies :)

                • Again, it is not an assumption, IT IS A WIDELY PROVEN FACT. Every time big sites (like gawker, adobe) have had their passwords released, people have tried to cross-reference and attack with the passwords. Even if the passwords are encrypted (which we all know doesn’t help because people choose stupid stupid passwords like “pakistan” or “786786” or “abc123”).

                  Google for “people reuse passwords” or “password reuse” and read the links. One older study (from 2011) says:

                  Of the 456 common users, 161 had their password cracked in both datasets, 46 only had their password cracked and 77 only had their Gawker password cracked, leaving 172 with neither password cracked. Of the accounts for which passwords were cracked at both sites, 76% used the exact same password. A further 6% used passwords differing by only capitalisation or a small suffix (e.g. ‘password’ and ‘password1′).

                  More recently from April 2013:

                  While 77 percent use passwords on their phones and nearly half employ two-factor authentication for their online accounts, a new study by Varonis finds, some 61 percent are always or often using the same password for multiple accounts and applications—basically defeating the purpose of their authentication practices.

                  If you post another comment about how it’s not a “big issue” then you better have a study to back up your ideas. Because otherwise, you are making noise.

                  • Let me make it easy for u, otherwise u will be running wild on the Information super Highway for more stats
                    Instead of giving password cracking statistics from google plz focus on ur original claim that, site password leading to email password to sensitive data in email leading to DANGER, and im really interested in the DANGER part of ur comment and if u could not then we will see who is making NOISE :)

                    • When you sign up don’t you give both email AND password to the site? So anyone who hacks the site and grabs the database gets both (maybe password is encrypted, maybe not). Even if it is encrypted, they can still try to use Jack the Ripper or some other software to guess it. And the stats (which I will point out again were extracted from actual studies by professional security researchers) show that many if not most people reuse passwords.

                      So now the hackers can get into your email account. And once they do that, they can try to get into your facebook, account, or on other sites. Even if you don’t have the same password on those sites, they can trigger “forgot password” emails and break in.

                      What are you saying, man? Can’t you understand a simple thing like the above? And you sense no danger?

                      ignorance definitely is bliss for you.

                    • U consider facebook as “sensitive data” and a compromised facebook account leads some how to “DANGER”, How interesting that’s all what i needed to hear from u. HAHAHA No wonder u r paranoid and on top of that u consider others Ignorant, Ignorance is definitely a blessing.
                      Again u made my day today, plz keep them coming :)

                    • Suppose someone breaks into your facebook account and your email account. If your bank sends account information to your email account, do you think by searching your old emails, your facebook private posts, etc etc. someone could come up with enough facts about you to impersonate you on a phone call to the bank? And then claim you need access to your bank’s website for some reason? Maybe to change your registered phone number for sms banking? Things like that?

                      You have a SERIOUS lack of imagination here. More money & reputation is lost due to social engineering and identity theft than actual hacking.

                      If someone hacked into your gmail account and started sending all kinds of emails to your co-workers and boss, what will they think of you?

                      If you don’t mind either situations, please comment with your email accounts and passwords. You have nothing “serious” to worry about, so why not share them?

                    • First u r imagining “remote possibilities like an everyday thing” U did not notice that there are too many IFs in your explanation and that’s what i originally said.
                      IF one has a web site login/password same as his email’s IF they are transacted/stored unencrypted by the web site admins IF they got sniffed/cracked/brute forced IF they keep the sensitive financial data in the same “public email” IF they use the same id to keep social sites(if at all they are using one) for keeping their personal info and IF bank has so week controls that they will change them at once, on hacker’s request and that too without notice re verification from the original sources LOL :)
                      Secondly, There s hell of a difference between talking/imagining about it and actually doing it.

                    • Like i said earlier, U r talking(imagining) remote possibilities like every day things,
                      Did u notice how many IFs u have used in ur comment,

                      IF the web site gets hacked
                      IF the passwords are transacted/stored unencrypted
                      IF they are sniffed/cracked
                      IF user is using same passwords for their email ids
                      IF user is keeping financial accounts data on same public emails
                      IF user is using the same email account for the social sites access
                      IF user is publishing personal information on these sites
                      and IF bank has such week controls that they will change the credentials on anonymous requests without informing/re verifying from the original sources
                      U make me laugh again and again, i bet ur wild Imagination rich brain is creating more problems for u then solving some :)
                      Talking about it is one thing but actually executing it in real world is a lot harder baby, and don’t start throwing more stats of old incidents from ur beloved Google

                    • 1. web sites DO get hacked. or do you think that does not happen?

                      2. passwords are either not encrypted or badly encrypted. For a recent example, see Adobe hack this very month.

                      3. Bad passwords + password hints = easily cracked. Again, BIG example, Adobe hack. MILLIONS of accounts.

                      4. studies have shown that 30-50% people DO use same passwords or at least similar ones (adding a number at the end, etc etc). But of course, you don’t believe real world, you believe whatever you think.

                      5, 6. do you think people have 20 different email accounts for 20 different services? I know I get email from my bank to the same account that I get other social media emails. what about you?

                      7. you know nothing about social hacking or identity theft AT ALL. Go learn something from an expert.

    • your grandparents were indians. i guess by your reasoning, you must be the grandchild of stupid people who had stupid kids AND grandkids. ha ha!

          • I hope you mean that strictly from “location’s perspective” and not “religious perspective” … because if my ancestors marched from Hindustan to Pakistan during its making, that doesn’t make them “Hindu”.

            • You and dfs fell for a lie. I’m sorry, but that’s the truth.

              For years Pakistani culture and media and army and politicians have been trying to convince you that Indian automatically equals Hindu. Whereas in fact, there are 3/4ths the number of Muslims in India than there are in Pakistan (over 135 million vs around 170 million). And their growth rate (29.5%/10 years) is such that in a few decades, there will be more Muslims in India than in Pakistan.

              Regardless, calling people “hindu” like dfs did is not the manner associated with Muslims, which is why I said it was mentality.

              • Now STFU You Exactly Know What I Was Talking About..
                INDIANS.. I Was Not Talking About Past.. I Was Talking About Present.. And Bi**H Like You Dragged It To Somewhere Else.. Because India Ko Kuch Kehney Se Teri G****H Main Mirchain lagti Hain!!
                Now Go Drink Your Piss Piss Drink.. Douche

                • You want to talk about the present? Let’s talk about the present. Here is the present:

                  Country’s top Military blog has been hacked by Indian Cyber Arm

                  So country’s highest profile military-related blog didn’t bother to secure his system.

                  Everything else is noise. His failure is what you don’t want to talk about.

              • Unless you are one of my great great grand parents, or someone who served in the army knowing their “lies” … I refuse to believe you on that matter being “a lie”.

                So Lets not go in a direction where i’d disagree with you strongly and focus on the subject at hand.

                Regardless, the two people PeeDroid and dfs are a bunch of immature children who haven’t yet completed their “Middle” grade education, which could be the reason of their small, full of hatred and possibly “intentional” racism mentality. These people should be taught to respect everyone regardless of their religion, color or opinion.

          • While You Are Still Hindu!!
            I Hope You Have Watched The Movie “Waar”.
            I Wonder You Get Paid In Dollar Or INR??!!!!

            • Why should I watch Waar? Will that make me a better Muslim? It’s just a couple of hours of entertainment.

              Eating a good Jalapeno burger at Hardee’s, now, that’s my idea of entertainment!

              • Why Should A HINDU Watch WAAR….
                You Should Watch AGENT VINODH, EK THA TIGER & Sunny Deol Movies!!!!!!
                Douche Cow Piss Drinker..

          • mine ancestors were not hindu its your and still in hindus whom sowrn whom harvest no one know beside your moms & you are perfect example of this

            • Oh, where did your ancestors come from?

              And, as a Muslim, could you repeat what about said about my Mother? you know, just so we are perfectly clear & plain about what you want to say about my mother.

          • I Think You Didnt Have Your Cow Piss Energy Drink Today..
            Your Seeta Might Have Not Pissed Today, Thats Why You Out Of Your Senses!! Loool.. :B :P :D

      • India Ka Tattway.. BC Teray G***d** Grand Parents Hindu Hoon Ga..
        Da**ay Kasam Khuda Ki Mujay Kahin Milgeya Na Tu.. Tera Wo Hashar Karoon Ga Ke Doobara Kahin Bhi Comment Karney Wala Nahi Rahay Ga!!

        • And where is Kashmir located? Kamchatka Peninsula?

          Kashmir was part of British-ruled India from 1846 to 1947. Before that, owned by Sikhs. How can you possibly be so IGNORANT of the things you are proud of?

          • did you forget about that whom were you fathers for 1000 years read first morn so try to find your father in that era and cry overj your hindus losers still are slaves bz you talk like a slave smart @shahidsaleem:disqus

            • I am 100% certain based on where my parents, grandparents, etc. were born that their (my) ancestors were also at some point Hindu or Buddhist.

              But I am as certain as anything that my grandparents were Indians, because they were born in British-ruled India. So I will never say that Indians are stupid. If they had been born or lived in a village **just 50 miles east** then maybe they would be Indian Muslims, not Pakistani Muslims. And there is nothing wrong with that, in my experience. After all, being Muslim is more important than being Pakistani, right?

              If you think I am Naive, then go ahead. It won’t hurt you or me. If it brings pleasure to you for a few minutes, great!

              • If you think I am Naive, then go ahead. It won’t hurt you or me. If it brings pleasure to you for a few minutes, great!

                To Pehlay He Apni Bakwas Band Karleta!!

          • Haan Forcefully Liya Tha Na.. Kashmir Ek Aleda Mulk Tha..
            Hinduoon Ne Kabza Kiya Huwa Tha Tab Bhi Aur Aaj Bhi!!
            Palestine Pe Israel Ne Kabza Kiya Huwa Ha Iska Matlab Palestine Israel Bangeya…
            Now Go Drink Your Mother Seetas Piss ….:D

            • Nope, the British signed an agreement with the failed Sikh ruler of Punjab and separated the two areas after he lost. The British gave Kashmir to a local warlord who helped them in their battle. It was his grandson who was the ruler of Kashmir during partition. It was never a separate country, no more than Kalat or Bhawalpur or (Indian) Hyderabad state.

              I understand your confusion, though. You probably used Apple Maps for historical data :):):)

  • actually, we can’t secure anything by 100% and as per my experience when you build your website with your customize php then you can secure your website but when you used any WP then there is more chances for hacking the website because alots of plugins are not written in security wise.

    I will request them to use your own php customization rather than used any WP.

  • First of all, it was a vBulletin™ zero-day! It was nothing that could be known by the site admin. They are using vBulletin™ Version 4.1.1. The person who discovered it has put up the vulnerability for sale for like 7000$…

    Secondly, the hack was by Godzilla, he is a kind of person who firsts nests inside the server and sniffs for passwords till it’s time to deface. Mostly he plants a backdoor and malware which he is famous for. So instead of blaming the site admin, be a little bit open- minded.

    • that ain’t that 7000$ exploit they used. it was old upgrade.php exploit. just chmod 400 the install directory+search & delete backdoors + delete newly created admin users and it will be fixed..

  • @shahidsaleem:disqus
    Now STFU You Exactly Know What I Was Talking About..
    INDIANS.. I Was Not Talking About Past.. I Was Talking About Present.. And Bi**H Like You Dragged It To Somewhere Else.. Because India Ko Kuch Kehney Se Teri G****H Main Mirchain Lagti Hain, Aur Aasa Aur Kisi Pakistani Ka Sath Nahi Hota!!
    Now Go Drink Your Piss Piss Drink.. Douche

    • You talk about my piss a lot. Are you jealous? I am sure a psychiatrist can help you with that problem.

      And a professional psychiatrist, not Siri :):):)

      • Chal Ab Teri Phaat Ka Haath Main Aa Gai Ha To Apney Ap Ko Tassalian Na De.. RAW Ka Tatway..
        Teri Pool Khul Chuki Ha, Baki Bhoonkney Ki Adat Hinduoon Ki Poorani Ha.. Ab Is Baray Main Tujse Kya Gilla Karna!!
        Phutt Ja.. Piss Piss Drink Pe Ka Drunk Hoja!!

  • Shahid Saleem Wangrey Loki Hondey Ne Jaray Facebook Te Apna Status Like Karke Apey He Pareshan Ho Jandey Ne Ea Like Kiney Kita??.. Hahahahaha.. :D :B :P

  • But the studies show numbers that for maybe 30-50% of the people, it is not IF, but YES THEY DO. But of course you don’t trust the studies, because you “know better”. Whatever, man, still waiting for you to post your email + passwords.

  • This is nothing as compared to Pak cyber army hacking of indian investigation agency website CBI, the most sensitive and secured website of india. CBI is connected to the command centre of world police organisation – Interpol – 24×7. That was a great loss to them.

  • Advertisement

    See ProPakistani in...
    ProPakistani App