A breach of the Hungarian Rights Foundation websites puts in danger the personal information of 20k accounts.
HHRF, Kapustkiy, and CyberZeist
The data breach was carried out by Kapustkiy and CyberZeist. The two hackers are known to break into various institutions and websites.
Kapustkiy claims that he’s a security pentester, a person who tried to find exploits so they can be patched. This is a dubious claim, as real pentesters usually cooperate with the site they’re hacking. There was no permission given from the HHRF.
Kapustkiy leaked a small portion of the accessed data. The dump contains names and email addresses. The phrase “In the name of Free Palestine” was included in the document.
The site of the Hungarian Human Rights Foundation Is Currently Down For Maintenance:
Softpedia got in touch with Kapustkiy. They write:
In a private conversation a few minutes ago, he told us that he already contacted them to report the flaw and the security team said it would investigate the breach, but for the moment, the website still appears to be up and running.
The Line between Pentesting and Hacking
Penetration testing is the best way to see if a cyber-system can withstand attacks. It’s a sort of trial-by-fire. Virtually all big-name sites include programs that reward successful pentesters.
The problem is that a lot of grey-hat hackers try to cover up their unethical work by claiming to be pentesters. Grey-hat activity is often harmless, like the hacking of Jimmy Wales and other Silicon Valley execs by OurMine.
The issue is that the hackers behind these attacks are often doing it to promote their own hacking brand. Just like in any business, reputation is very important in the cyber-crime branch. Breaches like the one of the HHRF are commonplace nowadays. Here are a few recent examples:
At this point, these hacks happen so often that they may seem inevitable. As bad as it seems, there is still hope. The problem with these breaches isn’t the lack of available protection, but of the disinterest in cyber-security most sites seem to show. Since so much of our information is floating around the web, it seems like a good investment to try to protect it.