Hackers warn Turkmenistan cybersecurity dreadfully low

Jan 31, 2013
12 Comments

On January 25th, the database of nic.tm, the domain name registrar responsible for all .tm domain names, was breached. The full database of usernames and passwords was posted on the hackers’ website ha.cker.ir.

In addition, the hackers defaced the .tm homepage of some of the biggest Internet companies: youtube.tm, gmail.tm, google.tm, officexp.tm, windowsvista.tm, orkut.tm, xbox.tm and others.

defaced-google-tm

 A screenshot shows the calling card left behind by the two hackers.

The hackers, two cybersecurity experts from Iran named Yashar Shahinzadeh and Morteza Khazamipour, had no political motives with the hack, and only targeted Turkmenistan’s NIC because of its weak protection. Their goal was to point out security flaws so future malevolent attackers would not be able to abuse them.

In the meantime, the UK company responsible for the management of .tm domain names has plugged the security gaps, but dangers remain for Turkmen webmasters and surfers.

When asked about the attack via e-mail, Yashar explains: “I think all of Turkmenistan’s domains are in danger and they may be compromised. Since all passwords were saved in plain text, it is not safe for users and website owners. We highly recommend them to change their domain passwords, especially if they are similar to their NIC passwords.”

The vulnerabilities in the .tm domain have been fixed, but all passwords can still be accessed from the hacker’s website. This means that a criminal can reroute the domain name to another server hosting a phishing page, and use it to capture usernames and passwords of the users. This way he can gain entry to the real website or the accounts of users on different websites.

Knowing all this, one question remained: Why did the two publish the passwords on their website if exposing security flaws was their only goal?

Yashar replies: “At first we did not want to put passwords on the Internet. But when we saw that all passwords were stored in the database in plain text, we could not refrain from sharing them. In other words, we considered this an error not worthy of forgiveness.”

As an extra, the hack gives everyone an insight in the password strategy of some of the biggest companies on the web. The results are unsettling: passwords include easy-to-hack combinations like google99, laser19, motor, Norma, wendy, becool1, and sunshine.


About the Author

Steven Hermans

Steven Hermans is a freelance writer. His blog focuses on Central Asia.
  • Twitter feed loading...