The latest hacking incidents affecting Philippine websites are slowly waking companies to the reality that they also need to invest in security. Setting up a website and offering online services do not just end there. Companies must ensure that these platforms are protected against people who may want to gain access to their systems for whatever reasons.
Local hackers are also growing in number and are increasingly becoming even more dangerous as they learn new techniques to control online platforms and accounts.
Although most of these hackers are only after the fame (some only wanted to see their actions be aired in the news or even be posted and shared online), there are also some who are really concerned about how companies protect their digital assets.
One such hacker who contacted us is InFamouz. He maybe one of those who compromised websites to expose vulnerabilities, he’s also active to show IT personnel how security should be done.
Considered a new breed of hacker, InFamouz claims that he defaces a website to show that he’s able to compromise it, gain administrator privileges and later on update patches to avoid getting takeover by other hackers.
InFamouz recently defaced the website of the Bureau of Plant Industry‘s National Seed Industry Council & Plant Variety Protection Office (BPI NSIC-PVPO). This office reports under the Department of Agriculture.
According to his report, InFamouz was able to create a user with file upload privilege. He was able to bypass the upload function by changing a file extension.
Upon learning that he’s able to do these things, he later decided to deploy minor patches.
Asked if he’s part of any hacking groups, InFamouz said that he’s not although his defacement page shows that he’s affiliated with Pinoy LulzSec and Anonymous Philippines.
We will contact BPI NSIC-PVPO regarding this security incident as the defaced page remains up as of this writing.
While InFamouz‘s act was done out of goodwill, it doesn’t change the fact that it’s still illegal.
Want to report a security incident? Hit us up on Facebook. Note that due to the volume of messages that we are receiving lately, we will try to be as responsive as possible. Please bear with us.
- Phishing Email Analysis Landing Page - September 19, 2024
- BPI to hold Cybersecurity Conference to ‘Fortify Cyber-Resilience in an AI World’ - July 25, 2024
- New Smishing Campaign makes use of Globe SMS Sender ID - May 27, 2024
[…] provided in the report, the culprit behind this attack is InFamouz, the grayhat hacker we featured a couple of days ago known for his attempts to compromise websites and deploy the appropriate patches […]