A group of malicious hackers calling themselves UGNazi claims it took down Twitter late last week for about 40 minutes. Despite reports confirming the attack, Twitter denied that UGNazi was responsible for the outage, calling it a “cascading bug.” Who is UGNazi?
When it comes to tracking the “hacktivist” types, the best way to get an overview of who they are and what they do is to visit their Twitter accounts. For UGNazi, its Twitter activity shows a group of at least four people that are interested in using DDoS attacks to take down prominent websites and to hack into other sites to deface them.
In and of themselves, DDoS attacks and defacement are simple, and perhaps juvenile, pastimes for young hackers looking to make a name for themselves. But, UGNazi also has an agenda that could be far more harmful to its targets. The group has been linked to a breach at WHMCS, an online billing and client management platform, that exposed about 1.7 GB of company data, including credit card numbers and passwords.
“Hackers claiming to be part of UGNazi have been involved in a number of attacks against websites (defacements, data leaks and DDoS attacks, that kind of thing),” said security expert Graham Cluley of Sophos. “One of the attacks they have been linked to targeted WHMCS, and resulted in the exposure of half a million usernames and passwords. It's claimed that they exploited a zero-day vulnerability to break into web-hosting software that uses WHMCS.”
The WHMCS attack was reportedly done through a SQL injection, a technique used by malicious hackers to force their way into databases and extract information. SQL injections have been known to be favorite techniques of both Anonymous and LulzSec.
According to the UGNazi Twitter account, the group has aligned itself with the infamous anti-security group Anonymous, if at least on a tangential basis. Groups such as LulzSec, Anonymous and UGNazi are not centralized administrations, but rather disparate groups of hackers that have loosely aligned around a common purpose, usually against governments, companies and security agencies that the groups perceive to have committed some type of wrong.
This particular group appears to consist of four males that go by the handles JoshTheGod, Mr0sama, Cosmo and CyberZeist. The language the group members use in their Twitter accounts is similar to what Anonymous and LulzSec members use - often immature rants and bold claims of dubious truth. The catch phrase for these hacktivist groups when they perform a successful DDoS attack is “Tango Down,” which UGNazi used when it claimed it had taken down Twitter last week.
It was reported that the so-called leader of UGNazi – Cosmo – was arrested by the FBI at the end of May in relation to the WHMCS attack.
UGNazi has a published a list of companies and websites it wishes to attack, for a variety of reasons. That list includes Google.com (“for the lulz”), gas station company WaWa, BP.com, WePay.com and 4Chan.com. The group has claimed to deface or hack sites such as Six Flags, Michigan.gov and regional Comcast sites.
Will UGNazi take off into prominence the way that Anonymous and LulzSec have before it? Perhaps. It will depend on how successful this small group of hackers becomes. As for Twitter’s outage, that is a he-said, she-said type scenario, in which UGNazi takes responsibility but Twitter denies it.
When a company has the chance of deniability, they will take the chance to do so.— UGNazi (@UG) June 22, 2012
Cluley, for one, is not sold.
”Of course, we have to take everything that a group like UgNazi claims on its Twitter feed with a pinch of salt,” Cluley said.