The private details of many Celebrity's have been leaked on a website :" http://www.exposed.su/ (Currently Going in and out of service)"
This is the list of celebrities exposed: Michelle Obama, Kim Kardashian, Joe Biden, Robert Mueller (FBI Director), Hillary Clinton, Eric Holder (U.S. Attorney General), Charlie Beck (LAPD Chief), Mel Gibson, Ashton Kutcher, Jay Z, Beyonce, Paris Hilton,Britney Spears, Sarah Palin, Hulk Hogan, Donald Trump, Arnold Schwarzenegger, Al Gore, Kanye West, Kris Jenner, Stacia Hylton (U.S. Marshals Director), Mitt Romney, Tiger Woods
When this site went viral online and gained lots of media attention the FBI got involved and is now investigating.
Data seems to be from credit reporting agency's TransUnion, Experian and Equifax. All of them admitted they were compromised.
TransUnion, Equifax and Experian have a common website called annualcreditreport.com, where customers can get a free copy of their credit report by entering personal information – such as address, social security number and date of birth –, and by answering a few multiple-choice questions.
“What it appears happened is that personal identifiable information was evidently accessed or somehow obtained by the fraudsters who therefore were able to go into annualcreditreport.com and get some pieces of information on some individuals,” Equifax representatives told Ars Technica.
Here is an exclusive analysis of the site:
The website is running behind Cloudflare (CDN). Using Cloudflare has a lot of advantages .
The hacker seems to be a fan of the TV series "Dexter" which is about "A likeable Miami police forensics expert who moonlights as a serial killer of criminals who he believes have escaped justice" .
First the Quote on the main page "If you believe that God makes miracles, you have to wonder if Satan has a few up his sleeve"
It is from the same TV show (Episode 12: "The British Invasion")
Second the background music embedded in the site links to : (Music from the TV show) https://www.youtube.com/watch?v=e2xxizpHuoo
The website also does not contain any images hosted within itself . All the images are taken from other sites that have already hosted them.
The use of .su domain seems be an diversion to try to shift the attention to Russian hackers.
Whois data:
domain: EXPOSED.SU
nserver: dave.ns.cloudflare.com.
nserver: fay.ns.cloudflare.com.
state: REGISTERED, DELEGATED
person: Private Person
e-mail: exposed@allperson.ru
registrar: REGTIME-REG-FID
created: 2013.03.06
paid-till: 2014.03.06
free-date: 2014.04.08
source: TCI
The some of the pages also have youtube videos embedded in them (Most of them have something to do with the person exposed in the page)
Michelle Obama -- https://www.youtube.com/watch?v=rhN7SG-H-3k
Robert Mueller -- https://www.youtube.com/watch?v=ANeWYnArWXk
Charles Beck -- https://www.youtube.com/watch?v=1M8vei3L0L8
Paris Hilton -- https://www.youtube.com/watch?v=srP5twK-9Dw
Britney Spears -- https://www.youtube.com/watch?v=kHmvkRoEowc
Donald Trump -- https://www.youtube.com/watch?v=WD729yIKskU
Mitt Romey -- (Broken Link in site) https://www.youtube.com/watch?v=DrR4G5HHPxY (recovered)
Though the attack is very well planned the website itself seems be done in a hurry. And there seems to be no "pattern" to the hacks except that all of the victims are celebrities.
Note: Will update this post if I find anything else.
TransUnion, Equifax and Experian have a common website called annualcreditreport.com, where customers can get a free copy of their credit report by entering personal information – such as address, social security number and date of birth –, and by answering a few multiple-choice questions.
“What it appears happened is that personal identifiable information was evidently accessed or somehow obtained by the fraudsters who therefore were able to go into annualcreditreport.com and get some pieces of information on some individuals,” Equifax representatives told Ars Technica.
Here is an exclusive analysis of the site:
The website is running behind Cloudflare (CDN). Using Cloudflare has a lot of advantages .
- It hides the actual IP address of the site thus it will slow down attempts to trace and take down the original server.
- Keeps the site content on cache even if it is taken down by DDOS etc.
- Even a small server will be able to handle lots of traffic.
The hacker seems to be a fan of the TV series "Dexter" which is about "A likeable Miami police forensics expert who moonlights as a serial killer of criminals who he believes have escaped justice" .
First the Quote on the main page "If you believe that God makes miracles, you have to wonder if Satan has a few up his sleeve"
It is from the same TV show (Episode 12: "The British Invasion")
Second the background music embedded in the site links to : (Music from the TV show) https://www.youtube.com/watch?v=e2xxizpHuoo
The website also does not contain any images hosted within itself . All the images are taken from other sites that have already hosted them.
The use of .su domain seems be an diversion to try to shift the attention to Russian hackers.
Whois data:
domain: EXPOSED.SU
nserver: dave.ns.cloudflare.com.
nserver: fay.ns.cloudflare.com.
state: REGISTERED, DELEGATED
person: Private Person
e-mail: exposed@allperson.ru
registrar: REGTIME-REG-FID
created: 2013.03.06
paid-till: 2014.03.06
free-date: 2014.04.08
source: TCI
The some of the pages also have youtube videos embedded in them (Most of them have something to do with the person exposed in the page)
Michelle Obama -- https://www.youtube.com/watch?v=rhN7SG-H-3k
Robert Mueller -- https://www.youtube.com/watch?v=ANeWYnArWXk
Charles Beck -- https://www.youtube.com/watch?v=1M8vei3L0L8
Paris Hilton -- https://www.youtube.com/watch?v=srP5twK-9Dw
Britney Spears -- https://www.youtube.com/watch?v=kHmvkRoEowc
Donald Trump -- https://www.youtube.com/watch?v=WD729yIKskU
Arnold Schwarzenegger -- (Broken Link in site)
Mitt Romey -- (Broken Link in site) https://www.youtube.com/watch?v=DrR4G5HHPxY (recovered)
Though the attack is very well planned the website itself seems be done in a hurry. And there seems to be no "pattern" to the hacks except that all of the victims are celebrities.
Note: Will update this post if I find anything else.
No comments:
Post a Comment