Investigation - Telegram Hacktavist Group
Telegram Hacktivist groups Today's group, Efendina1 or 'Islamic Resistance Organisation'.
There has been a number of these groups that have claimed to be these big scary hackers, super elite guys that shouldn't be messed with. I saw this and had to investigate, are these guys the real deal or are they just a bunch of script kiddies tryna make a name for themselves. Lets start with what we see, supposed leaks, attacks and a lot of big threats from some important people, lets break it down and go through the list.
Leaks
These guys(not to assume anyone's gender), have a plethora of leaks with scary titles, we have everything from alleged Israeli cameras, to Leaked US people and MILITARY BASES! Now all drama aside these could be some potentially damaging stuff, and valuable stuff too. Anyone would think that Leaked Military bases and info would be bad stuff, damaging to the US and overall a threat. But not in this case. Upon viewing the actual contaminants of these files, you will be surprisingly, disappointed. These files contain a few basic coordinates and names of US bases, which you can later realise that are all publicly available via https://catalog.data.gov/dataset/military-bases1 and a lot of other places, the US government is pretty open about this stuff, not a big deal.
Alright Johnny Xina, I get it, what about that other stuff though, bank records? Israeli Cameras? Well we can start with cameras, 'hacking' cameras is a very broad topic as it varies a lot, there's cameras like inside of buildings belonging to randoms but the way the are setup can all vary a lot. Many of the millions of cameras around the world are setup very weak and are literally publicly accessible, not by normal means but by Shodan. You can search 'Shodan Ip cameras' on google and you'll get thousands from around the world, this list is simply a filtered version of greater lists easily accessible to anyone willing to find them. This cameras don't reveal any private or sensitive stuff and there isn't enough to really stalk or follow anyone like those satellites the FBI uses.
So cameras and Bases, not bad, those leaked US people are again repackaged public records, you just lookup people search US, that's what they've downloaded. The final one to write of the leak list, the Bank. All it takes is a quick look of the data as a whole to see that its most likely not real and fake, I sorta saw the pattern here and didn't wanna bother going to triple check but the inconsistent emails lack of valuable information infers that this information is likely mostly fabricated and again some repackaged public information.
DOS (Denial Of Service)
This channel is full of Dos attacks, these attacks are pretty frequent and they seem to pride themselves on these attacks, they seem to think they are a big deal. Now DOS attacks are where you get a program, you design it to send a message to someone's site, or a segment of it, and you send it with millions of requests to slow it down or crash it. This attack alone isn't super disruptive, it stops stuff from working but it only usually lasts a few hours. These attacks weren't significant enough to have anything written on them or any articles. There are no reports or currently available information aside from their little screenshots. Now its worth noting that big Dos attacks are very expensive, its sort of like your computer power VS theirs. Despite their capabilities it costs them loads of money to do these attacks energy wise, and without doing a whole lot, they aren't really effective. There's not much evidence for their attacks being real, I've looked up details for the following and haven't had any luck finding any information on these attacks aside from their own. Long story short, they've spent a lot of money doing attacks, they've attacked some big sites but they've only been down for a few hours and haven't given them any recognition.
Exploiting
Here's the scary bit, real attacks. Whilst there isn't many, there is a few cases where it looks that there has been some real compromised sites. The attacks performed haven't been horrible, the extent of this groups exploiting is uploading a page to the site to a random section. None of their attacks have been on any main pages, just areas that someone would have to manually type. But yet again there is no evidence of these attacks elsewhere, the source of information is limited to the channel itself. By the looks of these attacks considering the locations of the pages and such, I can only assume that these are exploits. An exploit is like a premade attack that someone else has worked hard to figure out, its a way into something or a way of hacking something, these are usually 'Patched' or fixed when a program updates. These attacks look like they are simply just other peoples exploits on outdated systems, or intentional features. You cant tell me a site saying 'Youve been hacked' in a file uploading directory, is any sort of attack(Yes they did this and claimed it to be an attack).
But at least we know they are capable of using someone else code to do an attack. The pages they make all seem to have their old name 'Efendina' and seem to attempt to convey the message of 'This site is hacked', like that but without the grammar. With the lack of evidence of these attacks, and the lack of severity, we can rule out these guys ability to exploit well, but I think they are still capable, so I would advise any site owners to keep their plugins and site stuff up to date.
Smack Talk and Motives
This group has posts that explain their motives and intentions which makes things much easier. This post pretty much sums up what they intend to do and why they have done the attacks they've done. For anyone who doesn't like images, here's what we've got. "We, the Islamic Resistance Organization group, declare loudly and clearly: Any target that supports or supports Israel will be under our target. We have the ability to reach any party that cooperates with the Zionist entity, and we will not hesitate to take the necessary measures to protect our cause and support the rights of the Palestinian people. We warn governments, companies, and organizations against involvement in any form of support for Israel, whether material, political, or technical. This warning is serious, and we will not tolerate any complicity or support for this usurping entity. We have the resources and expertise to implement our threats, and we have repeatedly proven our ability to achieve our goals. We call on everyone to carefully consider the consequences of their actions before providing any support to Israel, because the consequences will be dire and there will be no exceptions. We are here to protect human rights and defend vulnerable people. Our ultimate goal will remain to achieve justice and hold accountable everyone who contributes to injustice and aggression. Long live free and proud Palestine." So some things that stick out there, they only target Israeli or those who support Israel, they aim to stop them or attack them. Their motives are political which means by definition they are classified as a terrorist group. The fact they are using the words Zionist also tells us that its not just Israel, its jews. But yeah the deal is, they are terrorists even if they are insignificant ones.
Summary
Efendina1 or 'Islamic Resistance Organisation', the worst of the worst, you thought those Mexican cartels where bad? You haven't seen bad. I'm kidding, these guys are pretty trash, to sum it up they have a lack of skill and haven't done anything original or any real attacks, If they had performed some exploits that weren't file upload vulnerabilities or actually caused harm Id have to give them credit for coordination. As for their big Dos attacks, its a mere slowing people down temporarily, it costs them more then it costs the targets, another ineffective method for a group without a lot of funding. And finally the leaks, to the average person, its all fake or public information, these people aren't a threat unless your afraid of having your site crash for a few hours. Its safe to say these guys are not all that, they aren't scary, and they are all pussies, not gonna do shit. Despite this, by definition they are still terrorists. Send me an email if there's anything similar you'd want me to investigate, I should have more terrorist investigations soon, some big deal ones, ones that actually do shit and physical crimes. FBI hire me I guess. But in the end, don't take my word for any of this, supposedly "I'm just a guy on the internet", here's the telegram to check it out for yourself, I even put the link here for you so its a little easier. Efendina Telegram
Like what you see? Wanna see more? check my other socials.
A little listen for your stay, might change it up from time to time.