“I would like to tell you that I have successfully penetrated the site” Cryptolulz told me via Twitter. “I have taken over its database”
He exploited a blind SQL Injection vulnerability, he hacked the website of Russian embassy of Armenia to create awareness amongst the authorities.
“because I don’t think they care much about security … lol”
The hacker tried to contact the admins of the website some time ago, but he hasn’t received any response.
“I left them an email but no reply so I decided to leak a short amount of their database…” he added.
He broke into the database a0014414_embassy that contains 36 tables, but the hacker leaked only the “user” table which contains the credentials for the admin, the editor and other people in the stuff. He avoided disclosing the members’ records because they may include classified information.
Data was published on Pastebin, leaked records include id, name, type, email, login, password, last visit IP address, last visit date, profile creation date.
Cryptolulz was involved in several data leaks of government websites, including the Mexican telecommunication website and several DDoS attacks against government website and banks. He defined its motivation as “politically driven hacking.”
My reason for targeting this website was to create awareness amongst the people and higher authorities… because I don’t think they
Cryptolulz now joined a new hacking team called Fallensec.
(Security Affairs – Russian embassy of Armenia, hacking)