Endwall 08/29/2016 (Mon) 23:41:00 No. 458 del
Hacker Interviews – New World Hackers
http://securityaffairs.co/wordpress/50716/hacking/new-world-hackers-interview.html
August 28, 2016 By Pierluigi Paganini
New World Hackers is one of the most popular groups of hackers, it conducted several hacking campaigns against multiple targets.
Did you conduct several hacking campaigns? Could you tell me more about you and your team? We have been dedicated to operations, such as taking down BBC, Donald Trump, NASA, and XBOX. I started out as just a kid wanting to mess around with a few games, later on, I realized I was more skilled than the average child. I began learning how to program in Python and Ruby. I, later on, became a Certified Network Security Analyst but did not take the offer to work for the Federal Bureau. Could you tell me which his your technical background and when you started hacking? Which are your motivations? My motivation for hacking is the excitement of being able to tell someone a security flaw they may have missed. What was your greatest hacking challenge?  The greatest hack I’ve done would be breaching an entire DNS server which held 30,000 domains back in 2014, sadly I only got the chance to deface about 20 domains and left the rest alone. 70% of all DNS servers around the world are still vulnerable to the 0day till this day. Which was your latest hack? Can you describe me it? The latest series of attacks are against celebrities actually! Our team is observing celebrity websites and we are shocked that most celebrities don’t secure the website nearly 50,000 people visit in an hour. Recently http://Adele.com  was held offline an entire day August 20th during a concert. The page for a short period of time displayed some of her domain login information. What are the 4 tools that cannot be missed in the hacker’s arsenal and why? 4 tools: 1. I would say is a dynamic proxy chain which hides you’re ip. You would rather be safe than sorry. 2. Secondary ICMP range vulnerability  scanner. This tool can be found on TOR and can be used to scan multiple domains at the same time finding XSS vulnerability, but also SQLI vulnerability. 3. Scaled shell, not many people have heard of this. It can’t be erased from a server you have just brute forced, or has been SQL injected, thus allowing you to deface or steal data from the specific web server multiple times. 4. A 0day; 0days can’t be found unless you tell it. Make your own, or buy one. Which are the most interesting hacking communities on the web today, why? Hacking communities nowadays aren’t as common, within our boundaries we would state the Turkish Hackers, Greek Hackers, Ghost Squad Hackers, and Tactical Team Hackers, and Ourmine as far as web security are some of the most interesting groups out there at this point in time. Did you participate in hacking attacks against the IS propaganda online? When? How? Yes, participate in hacking attacks against IS, in my former group we use to take down ISIS twitter and facebook accounts and after that I personally took a few down and DDoSed some websites. Where do you find IS people to hack? How do you choose your targets? We did participate in the attacks against the Islamic State back in December, through June we defaced IS propaganda websites and jacked Twitter accounts. I’m going to do a bit of a leak because it isn’t really hacking when you are jacking ISIS Twitter accounts. People located in Saudi Arabia doesn’t need emails to register on Twitter. @ctrlsec on Twitter tweets out vulnerable ISIS accounts every 5 minutes. Since they don’t need an email to register Twitter automatically defaults their email to Gmail, so the email would be [email protected]. All we have to do is make that email which isn’t valid and recover the account. 30% of Twitter is vulnerable to the 0day, have fun jacking ISIS Twitter accounts! We often hear about cyber weapons and cyber attacks against critical infrastructure. Do you believe it is real the risk of a major and lethal cyber attack against a critical infrastructure? Yes, we think a big risk not taking the necessary steps when you are securing your critical infrastructure. The potential threat of hackers is just around the corner.