I am sick of all this bullshit talks going around like Oooo some one hacked !! India!! shit like that ,Jio was it hacked ? Yes!! read posts here if you don't believe. ~~~ embed:india/comments/6m793g/jio_user_data_leaked/ lots of users checked and confirmed the hack you can see all users from all states,what was the motivation for hack ? if the wanted to prove a point lots of Indian government server are so unsecured why Jio ? where is the hype by hackers ? whats are we missing ? read the post you will understand all drama by yourself….so this is how everything started through feb / jul 2017 simple a group or company or a person approaches jio for providing them with security and stuff. reddit metadata:fGluZGlhfGh0dHBzOi8vd3d3LnJlZGRpdC5jb20vci9pbmRpYS9jb21tZW50cy82bTc5M2cvamlvX3VzZXJfZGF0YV9sZWFrZWQvICAgICAgICAgICAgICAgICAgIGxvdHMgb2YgdXNlcnMgY2hlY2tlZCBhbmQgY29uZmlybWVkIHRoZSBoYWNrIHlvdSBjYW4gc2VlIGFsbCB1c2VycyBmcm9tIGFsbCBzdGF0ZXMsd2hhdCB3YXMgdGhlIG1vdGl2YXRpb24gZm9yIGhhY2sgPyBpZiB0aGUgd2FudGVkIHRvIHByb3ZlIGEgcG9pbnQgbG90cyBvZiBJbmRpYW4gZ292ZXJubWVudCBzZXJ2ZXIgYXJlIHNvIHVuc2VjdXJlZCB3aHkgSmlvID8gd2hlcmUgaXMgdGhlIGh5cGUgYnkgaGFja2VycyA/IHdoYXRzIGFyZSB3ZSBtaXNzaW5nID8gcmVhZCB0aGUgcG9zdCB5b3Ugd2lsbCB1bmRlcnN0YW5kIGFsbCBkcmFtYSBieSB5b3Vyc2VsZuKApi5zbyB0aGlzIGlzIGhvdyBldmVyeXRoaW5nIHN0YXJ0ZWQgdGhyb3VnaCBmZWIgLyBqdWwgMjAxNyBzaW1wbGUgYSAgZ3JvdXAgb3IgY29tcGFueSBvciBhIHBlcnNvbiBhcHByb2FjaGVzIGppbyBmb3IgcHJvdmlkaW5nIHRoZW0gd2l0aCBzZWN1cml0eSBhbmQgc3R1ZmYufA== ~~~
Jio asks them to fuck off or that they do not need any such stuff you know! i don’t want to offend any one but Indians are stubborn, I accept that they always say they are well secured and use free antivirus thinking that will make them “safe”,
Lets analyze what was jio’s mistake , jio’s everything i mean everything of company was on same domain and sub domains of a same domain name example cafapproval.jio.com , pertnerreg.jio.com , there are more than what you expect it to be they did everything on the same domain name all the subdomain information is leaked on google as expected and i checked few mins ago the IP block 49.40.8.0/24 or we can just say everything from 49.45.0.0/24 ,116.50.0.0/24,49.40.0.0/24 is jios netblocks or reliance netblock.you can use this link to see all the domains and ips of domain here , after the attack all server are taken down , or made off-line or non accessible through only accessible through there cloud only , we need to know what really happened so lets forget this now if we try to understand the type of attack and disclosure , being a hacker i can understand they don’t wanted much attention , they didn’t make noise it was silent, once the news break out everything was shutdown and all statements were ready for press .
T
alking about maigcapk.com well no much of a code , simple html php code .all it did was a http request to retrieve the information of the given number , simple site no js not complex security was shit , well if i had hacked into a telecom this big i would have done more than that, even though i fear the consequences , so the news broke out 9th morning about this jio breach the server had a high load on 9th and that last time any one who made accessed it was on 7th of the same month where he changed some sever setting can be seen on sever below is the image of how easily sql port was left open and more.
who is m00n$hine ?
A guy who posted on Darknet that he is selling a 120m user data of a telecom company , i am sure you have herd about this , but what no one noticed this is he has posted more in other German forums he is also the same user lkcf23f of reddit he posted this pic which showed some user called m00n$hine is selling jio data on dark web and shared it on reddit India forum was he trying to help ? hell no!!, and more than that his English resembled magicapk web content,observe how he uses short words thn , jst , prsnl , dtails ,
I noticed that doesn't mean he don't know English but it leans he just don't care and also if you notice the title of magicapk website the title of the website was “wlcm” again short form which show he was not totally interested or not much fluent in English while making it , and also the home page consisted of “echo coe back soon” before may be for testing. you can check all this by just typing “site:magicapk.com” in google. more exact date moonshine posted this pretend to be selling post was was on march 8th , fake post !!!
One thing But sad thing is any data of India is of no value for any of the forums he was posting in which were non regional > after failing to fake sell the data he made a website which was launched on 2017-05-18. but the mistake what he did was in this screen shot he posted in reddit , guess whats in it!! (Look at the upper right hand corner “Damn Son!” ) he has logged in as the same user who posted it and also notice the mail next to it legit!!!!
Said plan was different to scare reliance jio and get the security contract. website was bought on may but the it was hosted up and running with jio data on march.
Now reliance appoints a German hacker and security researcher same month march all of a sudden like “Boom”. which is later of attacks getting confirmed by inner admins and management , factorydaily.com makes a post about this on 16th march coincident ? read here . https://factordaily.com/karsten-nohl-hacker-cybersecurity-reliance-jio-telecom/
Now what is the connection between this turd and the attack? , the connection is magicapk.com and the server which they hosted it in ns1.cp-in-10.webhostbox.net , well they are smart i accept that , making a plot asking for helping a company out , when company said no. hack it and make them run back to you , its sad that the server which was used for hosting magicapk was also used for phishing eBay unfortunately 3 days ago , a active url scanner website called urlscan.io captures a request from a sub-domain of the same server which is being used for the attack. also another domain called m-login-account.com was hosted in same server a month ago you can also see it here . which was suspended by PDR Solutions FZC (yes the same PDR solutions all Indians are pissed of on because they let the hackers host there data to ruin all there privacy) because it was brought using there website , as a professional website caring there reputation may get hurt they suspend this website which was first hosted by Germans for phishing after that the Germans make a new sub domain to piss eBay of .de you can see first line in here
According to this image the phishing was conducted from this sever using http://ebay-kaeuferschutz.de/ < fake website to scam eBay German users , unfortunately the server is no longer responding , or maybe freezes after the work done . request goes through vs-r3.69.ip.vsenet.de (217.24.235.247) < Germany again its hosted now on an other server which is denying all requests , its hosted on 109.234.110.254 location > Germany saaraland > coincident again ? maybe not , and OK now you can ask me where is the connection , here let me show you
Fake domain name for Phishing was hosted in same server and again , it is still hosted in a German server after it was tripped from this Indian sever . for maybe connection problems, as we see now as its hosted in Germany we are not able to reach it .
Feb 2017 > German approach , March 2017 > Hack , March > 8th pretend selling posts in dark web, March > breach confirmation & appointing of new Security officer, but what was the reason for leak ? website hosted on 2017-05-18, because may be they demanded money from reliance and they had to do to prove that they were not related to the German hacker guy reliance has appointed , may be they wanted to act as a different body from nohlguy. to clear all the doubts of reliance that infact nohlguy is trying to fix things here but those guys are trying to expose poor nohlguy, something like that , reliance also knew that they will expose data but they didnt care , i think because we know “Big breach = Big Data insurance money coming there way” maybe. ok now we have made the connections now last things is the .de domain name the scammers used to phish using same server a month ago so that is .de ? de is domain name of deutschland if you dont believe me check yourself and where does this nohl guy is from ? OMG!! another coincidence maybe he needs some Berlin pretzels! this time to cover this up, sheeeettt…..maybe he hired them or they hired him . what ever it is , its a zero sum game.
last few words , only not all other country people are smart and capable in information security and other IT stuff there are lots of Indians , who are well capable , Indian companies must just try learn and to utilize the persons and make india more secured . and security does matter , also users may not worry about this servers are taken down , data will be flushed if it was hosted on same server , or as Nohlguy got the job and there plan worked out , they will keep the data safe until they are kicked of of reliance jio. so take a chill pill , you ask me why they did this ? 120 m customers 1rs profit from one customer is 120 million, jio was making loads of money this guys wanted a piece of it. simple as that -_- stop watching tv , get the fuck up and understand.
Before I go, I will say: Well played Karlsten Nohlguy and Team !
PS: Not all Indians are dumb! not all are sleeping! Sorry for the Bad English!
Truth_about_ indias_biggest_Telecom_hack_jio hack
Relance_jio_hack
Beautiful post
Congratulations @bitonymous! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!