assets LARGE t 420 985060

[EXCLUSIVE] New strong "hit" of [PAOK] at Α.Τ.Ε.Ι. Serres

photo_96

The confirmation once again that the computer systems of the educational institutions in Greece are COMPLETELY lacking in security and of them, he came to give us a new "hit" the famous Greek Hacker with the pseudonym ”[PAOK]” .

The "hit" took place at ATEI. Serres, which was once again attacked by [PAOK] as you can see here. Then he had clearly warned the institution about the that he was facing, through alterations to the original websites of some of the institution's departments. This time, however, he went even deeper into computing systems of ATEI. Serres, resulting in acquiring complete and not identifiable access to the database of the entire institution, even with rights Admin (Root / Administrator)!! . This practically means that [PAOK] had the ability to read and tamper with sensitive data such as usernames, passwords, student rankings etc. . The specific data is as understood critical to the smooth of the institution but also for its credibility with students.

The details of the attack

According to information provided by the [PAOK] to inform the staff of the institution, the method used to gain internal access was a weakness identified in one subdomains of the institution which allowed him to "post" a modified one php file, resulting in unauthorized access to the system. From the briefing we had on the matter, we learned that this is not the only weakness in the system as the [PAOK]  according to his statement he had identified another weakness of the press SQL injection in the central domain of ATEI. Serres.
[wdca_ad id = ”73652 ″]

We quote screenshots that were notified to us by [PAOK] EXCLUSIVELY about the attack:

A) Alteration to the institution's central website:

serres index deface

B) Below is the level of access to the central database of the Foundation. The information available to [PAOK] relates to user codes and administrators with full access to the institution's facilities.

teiserron1

teiserron2

teiserron3

teiserron4

teiserron5

(SecNews - We have concealed relevant information regarding user passwords and personal data for reasons of confidentiality)

 Below, some changes appear on the Foundation's main site pages, stressing that security gaps must be corrected:

 serres_deface2

 serres_deface_lib

According to his statement hacker [PAOK], "The next step now belongs to the state and should be the shielding of the information systems of educational institutions in Greece, by people with the appropriate knowledge and support from the Ministry of Education, so that they can implement data security plans for smooth operation and reliability of the country's educational institutions "

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

2 Comments

Leave a Reply
  1. The problem with university holes is chronic.
    Nobody cares because nobody just cares, so… "go free"!

    Also all the "ready" GR CERT type teams that are?
    Do they expect any reference to the dish from their site?

    Also, where are the famous critical infrastructure protection teams (we do not say names)? Do we know που to sell magic to the "neighbors"… to protect our own critical infrastructure… where are we?
    In transnational and NATO cyber-wars we are "manoles"…. 

    But I forgot, very few universities / universities are considered…. infrastructure!
    Good night and good sleep !!

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).