Ministry of Justice Hack Claimed By Lone ‘Security Consultant’
MoJ hack was not an Anonymous operation, but the work of a lone supporter, the claimed culprit told TechWeekEurope
A hacker claiming to be a security consultant has taken responsibility for the hit on the Ministry of Justice website over the weekend.
The hacker, who contacted TechWeekEurope today, goes by the Twitter handle of @On3iroi, and claims to be a supporter of Anonymous, but not part of the main group. On3iroi had issued a tweet at 10.26pm reading: “Target Down: Ministry of Justice.” The MoJ confirmed yesterday that disruption on the site started at 10.30pm.
The Anonymous Operations Twitter account, which has the handle @Anon_Central and was widely cited as a source for announcing attacks on UK Government sites over the Easter weekend, confirmed On3iroi was behind the attack on the MoJ. Separately, the Home Office and the Prime Minister’s websites were hit as part of widespread strikes.
DoS not DDoS
On3iroi said the attack was not a distributed denial of service attack (DDoS) but a denial of service (DoS) hit. The site was taken down due to a common Apache vulnerability, the hacker said. “At 370 threads, rotating thru tor [the anonymity network], the site became unreachable for two hours,” a Twitter message read. The MoJ said the disruption only lasted for 30 minutes.
At the time of publication, the MoJ had not confirmed or denied whether the details of the hack were accurate.
On3iroi is a security consultant currently studying to attain a Certified Ethical Hacker (CEH) accreditation, he (or she) told TechWeekEurope. The hacker also claimed to be a “lone wolf” and not part of Anonymous, but supported some of its aims. “I’m not always in support of Anon, but do offer aid if I agree with an operation,” On3iroi said.
“Outside of that, I down Jihadist websites, other hacker group sites (LulzSec, etc) and spammers.
“Not all are limited to denial of service, however. Database breaching, SQLi [SQL injection] & ftp-related hacks are not displayed here unless it is relevant to the operation and no one is in any type of physical danger or monetary loss.”
As for their motivation, the hacker said they supported Anonymous’ calls for altered extradition laws. The government has faced criticism for handing over too many suspects to the US, including Richard O’Dwyer, a British student accused of copyright infringement across the pond.
This would not be the first time a security worker has been involved in hacktivism. When the FBI issued warrants for people it suspected of being involved in LulzSec in March, it emerged one of them was working for a non-profit in Ireland dedicated to making websites more secure.
Anonymous has been hammering government websites across the globe. Its latest attacks were on the UK and China.
Think you know security? See how much you know with our quiz.