Anonymous hacks Armscor website with simple SQL injection
Anonymous has struck again under the banner of Operation Africa, and this time the victim is South Africa’s defence material provider Armscor.
With a simple SQL injection, the group managed to breach Armscor’s Settlement and Invoicing system – and has leaked 64MB of data to the Dark Web.
The leaked data mainly contains the ordering and payment records for different suppliers, which includes companies such as Boeing, Fulcrum and Rolls Royce.
There are also invoices made out to Vodacom, Telkom and Microsoft.
While it may not sound like a significant hack (it did after all only perform a SQL injection to the invoicing page), the worrying aspect about it is that the hackers also found 19 938 IDs of suppliers, names and plaintext passwords.
Speaking to HackRead, the person responsible said that the website had a good number of bugs and that it “allows anyone to open a settlement by simply using supplier ID without the password.” It also stands to reason that the hacker has information on just exactly what was purchased and for what amount.
This isn’t the first time that the hacker involved had a quick look-around at defence websites.
The publication reports that the hacker is the same person who hacked two Israeli arms importers and leaked client details in public for operation OpIsrael.
But this hack does coincide with the ideals of those behind Operation Africa.
Late last month the group claimed responsibility after it hacked into 14 South African websites, and in February a number of government and private websites were breached.
In April the group release 1TB of data from a hack against Kenya’s Foreign Ministry, dumping confidential and non-confidential PDF and .docx files onto the internet.[Image – CC by 2.0/Nils Geylen]