Wednesday, July 26, 2017
Home / Security / Breaches / Shell, BP and other oil companies hacked #SaveTheArctic

Shell, BP and other oil companies hacked #SaveTheArctic

A hacker that goes by the name @le4ky has put out a statement after a few weeks silence to release a leak from yet more oil giants.  The leak is dubbed as #SaveTheArctic – Phase 2 and has set his sights on Shell, BP, gazprom and rosneft.

The attack was announced via twitter and was dumped to pastebin.com with a short message. All leaked data put into one file and the total accounts leaked was around 500+ accounts including usernames and encrypted passwords.  The leak also had some basic server and target information.

This comes not long after the first attacks on major oil giant Exxon in which administration accounts and other server information was leaked by @le4ky.

Stats of the hacks:

  • All accounts appear to be from the Pakistan shell domain and contains 25 emails and encrypted passwords.
  • The BP attack was on subdomain http://globalmba.bp.com/ and contains 450 accounts in the format of emails and encrypted passwords.
  • Leader of Russia’s petroleum industry and the attack has seen emails and encrypted passwords leaked totalling 80.
  • GazPorn is a self claimed global energy company, the breach has seen 191 accounts in the same formats , emails and encrypted passwords.
  • The leak has been uploaded to pastebin and also mirrored on le4kys website.

The message le4ky posted:

 `-:/+++++++/:.` `:+++/-.` ``-:++o/.` `/o+- ./oo-` .++. `/s/` .o+`  `` ``````.````` ` :s/` :s.``/ss. ````````` ` ```````` `/yo.``+s. ++`ooymo````````````:::``````` `` :hd+y.-h- ++-/N/ys-`` ` .`-//d.``  `` ``oyoyh:-h. -s-momys.`` ````  ``  `/`  `  ````  ``/yhmos:h y.+N/yy/`` `` .```:s````` . `.yyysd`y/ .y:oNhh+ . ` . `-`  `` . ``-yddyo/y :ooyyhs+ .````````.:/o :y.-o-.```.```````hom+m-d :s-Noym. ` ``ydmNMo `s `NNdhys. `` ym/ms.d .y:odN+s ` `+MMMMMy :m`:MMMMMM: ` //mdy+/y y/dsh/M- `  ``dMMMMMN/+M-dMMMMMMo`  `` hyyshoh: -y:mdoM++``` -MMMMMMMNdMmMMMMMMMh  ``-:Nhyms/y /o+yhNyss```oMMMMMMMMMMMMMMMMMMN`` :m/Ndhs:h. /oodhy/mo:-yMMMMMMMMMMMMMMMMMMN-::msohdy+y. :s:+hhhNysdMMMMMMMMMMMMMMMMMMMhsmdhhy:os` `+o+yhyyyhNNNMMMMMMMMMMMMNmNdsyyhyo+s: .+o//soooymMMMMMMMMMMMMmhsooso:+s:` `:+oo+++NMMMMMMMMMMMMd/++oso+. `-/+NMMMMMMMMMMMM+++:. `.-//+++++/:-` /\ /  \ _ __ ___  _ __  _ _ _ __ ___ ___  _ _ ___ / /\ \ | '_ \ / _ \| '_ \| | | | '_ ` _ \ / _ \| | | / __| / /__\ \| | | | (_) | | | | |_| | | | | | | (_) | |_| \__ \ /_/ \_\_| |_|\___/|_| |_|\__, |_| |_| |_|\___/ \__,_|___/ __/ | |___/ --------------------------------------------------------------- #OpSaveTheArctic #SaveTheArctic #GreenPeace --------------------------------------------------------------- This is #OpSaveTheArctic - Phase II (Final), continuation of Phase I (http://pastebin.com/1ca3BR19). Reasons and targets can be found at http://pastebin.com/1ca3BR19
 " We know we’re going up against the most powerful countries and companies in the world.
But together we have something stronger than any country’s military or any company’s budget. Our shared concern for the planet we leave our children transcends all the borders that divide us and makes us - together - the most powerful force today. "
 Similar to #OpSaveTheArctic - Phase I (http://pastebin.com/1ca3BR19) , The listed targets where breached and as a punishment, The employee accounts of the concerned Corporations where used to sign the petition at http://www.savethearctic.org/ .
After the full operation, a total amount of 96K petitions where signed at http://www.savethearctic.org/ (96,176 to be precise).
This is the statement of the concerned hacks and to give out a message to the Corrupt Corporations that are harming our environment!
 Note : Regarding Exxon hack, the leaked account details where used for phishing attacks so in this paste, only few account details are released. If anyone wants Cracked MD5s, contact me on twitter.com/le4ky This Operation is carried out by Anonymous and isn't anyhow affiliated to GreenPeace!  We are just supporting their cause
ShoutOut : Anonymous Operations Sweden (twitter.com/AnonOpsSweden)
 Backup - leakster.net/leaks/arctichack ===============================================================================================================
Target 2 : Shell Petrochemical Corporation (shell.com)
IP:94.236.83.64
 Universal OS: Linux Ver. 2.6.x
IP Switch : Raritan Dominion KX-II
Corporation Router : RedBack SmartEdge 5.0.3.2
 Vuln : http://www.gsevents.shell.com/shell/index.asp?recs=10%27&invert=&sorting=bydate&ID=&etype=&what=&condition=after&searchday=&searchmonth=1&searchyear=2007&archiveyear=&region=&page=4&offset=0
 Index File Location : D:\websites\gsevents.shell.com\shell\index.asp
Software : IIS 7.5

source: http://www.cyberwarnews.info/2012/07/14/oil-giants-shell-bp-and-others-hacked-and-data-leaked-by-le4ky/

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Top Massachusetts hospital suffers a data breach

One of the United State’s leading hospitals, Massachusetts General (MGH), has fallen victim to a …