The Unknowns
The Unknowns is a self-proclaimed ethical hacking group that came to attention in May 2012 after exploiting weaknesses in the security of NASA, CIA, White House, the European Space Agency, Harvard University, Renault, the United States Military Joint Pathology Center, the Royal Thai Navy, and several ministries of defense.[1] The group posted their reasons for these attacks on the sites Anonpaste & Pastebin including a link to a compressed file which contained a lot of files obtained from the US Military sites they breached. The Unknowns claim "... our goal was never to harm anyone, we want to make this whole internet world more secured because, simply, it's not at all and we want to help."[2] The group claims to be ethical in their hacking activities, but nonetheless lifted internal documents from their victims, posting them online. They claim this was because they had reported the security holes to many of their victims, but did not receive a response back from any of them. The whole point was to show that these government-run sites have loopholes in their code and anyone can exploit them. The group used methods like advanced SQL injection to gain access to the victim websites. NASA and the ESA have both confirmed the attack. They claimed that the affected systems were taken offline and have since been patched.[3] At the time this was one of the most wanted hacking groups in Europe and also wanted by the FBI, although they refused to tell if they were investigating the hacks.
Members
The team had 6 not 7 core members:[4]
- Pixiedust, founder, spokesperson, and leader,
- Mr. P-Teo, programmer
- Fabien Léac,a French researcher in computer faults and a white hacker
- MrSecurity, a black-hat hacker, programmer and ghostwriter of The Unknowns
- NeTRoX, a black-hat hacker, penetration tester and researcher. Joined to the team in late 2015 after the team reunited.
Jail
Zyklon B, who lives in France, was arrested by the French Intelligence Service on June 24, 2012. He was later released because he was just sixteen years old at the time. He has trials taking place in 2014 supposedly.[5] His life is related in a book written by his mother Sophie Léac L'histoire vraie d'un jeune hacker français (in October 2013) or the true story of a French teen-hacker. A second book is in preparation: Hack! There will be cyberwar!.[6]
Hacked websites and applications
The group has hacked many websites and applications using a series of different attacks. The most notable, however, being SQL injection.[7] There have been a lot of companies affected by the group, but some of the hacks even for big companies did not make the media (probably due to keeping the multi-country legal investigation a secret). However, the most notable hacks done by The Unknowns, mostly government related websites, did make mass media.[8] The group is still active, and the members are still working together, as they try to make the internet safer.
SQL injection attacks were used on the following:[7]
- Asian College of Technology
- Bahrain Defense Force
- California State University
- Christian Mingle
- Deutsche Federal Government
- European Space Agency
- ESET
- French Ministry of Defense
- Harvard University
- Jordanian Yellow Pages
- Lawrence Livermore National Laboratory
- United States Navy
- NASA
- New7Wonders
- Renault
- Royal Thai Navy
- Sempra Energy
- Social Democratic Party of Germany
- United Kingdom Ministry of Defense
- University of Rhode Island
- United States Military
- United States Air Force
- United States Department of Commerce
- United States Department of the Treasury
- PayPal, no information was released. The Unknown contacted PayPal with the exploits he/she found and received $1,000 as a reward.
However they have used different attacks:
- Two United Kingdom police servers were exploited and root access was gained to the systems. Not much is known about this attack.[9]
Abolished
The purpose of The Unknowns was to find security issues in high-profiled websites and to get them patched. The information from the hacked sites was released because The Unknowns attempted to make contact with all their targets informing them of the security issues, but they did not receive a response back from any of the websites targeted. Some data was leaked to force these websites to patch their systems.
After a period of hacking high-profile websites, The Unknown disbanded the group in 2012 but reunited it in the early 2015.
References
List of hacked websites/companies
- "NASA, ESA confirm they were hacked by 'The Unknowns'". NBC News. Retrieved May 7, 2012.
- "The Unknowns Pastebin post". Retrieved May 7, 2012.
- "NASA, ESA confirm hacks; The Unknowns says systems patched". ZDNet. Retrieved May 7, 2012.
- "An article about the group". Retrieved January 18, 2014.
- "Zyklon B claiming to have been arrested". Retrieved January 10, 2014.
- https://wordpress.com/page/sophielac.wordpress.com/2
- "A news article talking about the use of SQL injection attacks". May 4, 2012. Retrieved January 10, 2014.
- "A news article about the group by ABC". ABC News. Retrieved January 10, 2014.
- "A news article talking about UK police servers getting hacked by The Unknowns". Retrieved January 10, 2014.