First of all, we would like to emphasize that Zone-H is not related to any party in the Wikileaks case. We are do not agree nor disagree with any action happened, we just want to share our opinion on the forthcomming events. Already many news media released information about the cables, sources, how it happened etc.
But now, it is clear that the Wikileaks will not stop to publish the cables. There are plenty of the mirrors all around the globe and information are shared over the Facebook and Twitter. Also the arrest of Julian Assange can’t stop the day-by-day publishing of the cables. Whole case raises more questions, some cannot be answered. Like first one: how is it possible that Bradley Manning was able to get 250k of cables? As from the Guardian article, he had “unprecedented access to classified networks 14 hours a day 7days a week for 8+ months”.
When Zone-H started back in 2002, we were receiving an average of 2500 defacements monthly, this number keeps on increasing year after year. For example, the last month we registered over 95.000 defacements, while we only had 60.000 in 2009 for the same period.
What we can also say from these numbers is that the methods used are still the same: most of the vulnerabilities exploited are on web applications. We also know from what we monitored that registrar attacks greatly increased the past years even if this number is quite low compared to the total of attacks. But not only web applications are guilty, as poor local system security on various web hostings usually allow crackers to get full access to the servers.
You probably read that story somewhere last month, on December 17 2009 Twitter’s homepage has been replaced by this message:
“Iranian Cyber Army
THIS SITE HAS BEEN HACKED BY IRANIAN CYBER ARMY
U.S.A. Think They Controlling And Managing Internet By Their Access, But THey Don’t, We Control And Manage Internet By Our Power, So Do Not Try To Stimulation Iranian Peoples To….
NOW WHICH COUNTRY IN EMBARGO LIST? IRAN? USA?
WE PUSH THEM IN EMBARGO LIST ;)
They “simply” hacked their registrar (dyndns) and modified their DNS entries.
Yesterday the Baidu homepage, China’s n°1 search engine, got defaced by the same attacker and with the same method, but this time register.com was the vulnerable registrar.
E2-labs' project Ethan dissected. Anatomy of a franchise proposal based on non-existing partnerships (UPDATED)22/11/2009 Written by Roberto Preatoni
In case you didn’t understand, this is the solution of our *crypto* jeopardy game posted in the last news.
We received a notice that on WikiLeaks somebody uploaded an interesting document. It’s a PDF file, called Project Ethan (after Tom Cruise’s Mission Impossible caracther?) and it refers to E2-labs very recent plans to open in India an educational and IT security franchise network. We downloaded the document and we found some very interesting information in it, regarding E2-labs future plans and how the name of Zone-H (and a few others) was used to back up the whole plan to convince possible investors to invest money in Mr. Zaki Qureshey expansion plans. Needless to say, Zone-H was never informed about such plans and never gave any consent to be included in it.
The document is a financial investment porposal, made up by 28 pages. It seems to be written by Grant Thornton, a well-known financial advisor company. We have no doubt that the document was originally produced by such company, it’s too well structured, E2-labs and Zaki Qureshey definitely don’t posses the business skills to do that. Nevertheless, the document it’s filled by improper statements. We don’t think that Grand Thornton did it on purpose, we just imagine the situation where they were given some statements and material by Zaki Qureshey and they granted it for real, without verifying it. And that is bad, after all, the entire businell proposal carry their name.
The result is a well written document meant to attract possible investors, backed up by Grant Thornton name, which sounds to the ears of possible investors as a guarantee that it is referring to a serious proposal. This is probably the reason why E2-Labs Mr.Zaki Qureshey decided to invest some money to look for Grant Thornton advocacy. Just another case to use somebody’s name for his plans.
In this article, we are going to show some excerpts from that document, followed by some of our comments. Why did we decide to make this document public? Because that document is yet another example of Mr. Zaki Qureshey unethical business practices and because it’s involving directly my an Zone-H name and because this is the only way we have to make clear to the general public that we have nothing to do with Mr. Zaki Qureshey bogus proposals.
This is a crypto-message for E2-Labs Mr. Zaki Qureshey. Are your *skills* good enough to decrypt it? If not, stay tuned and the solution will be revealed to you (and to the Indian community as well…)