Cyber War: The Whole Story

About The Security-Ray: The Security Ray is a non-profit organization which aims at portraying the latest hacking and security news. All news related to hacking and security from around the world can be found in The Security Ray. The Security Ray was initially started by two security experts from Bangladesh during December, 2011. Since then, TSR has been trying to bring the latest news to the people. We try to publish the truth and aware the people about internet security.

The TSR Team: Isti Ak Ahmed(Admin) Maruf Alam (Admin) Zihan Rgt (Senior Editor and a very important person for TSR) Raiyan Ahmed (Editor) Circuit Burner Anan (Graphics Designer) Proshed Barmon (Pyash) (Senior Search Engine Optimizer) Arm Maksudul Haque (Head of Planning)

Content:

1. Why this war? 2. How it all started. 3. India's attack. 4. The First retaliation from Bangladeshi hackers. 5. Messages from Bangladesh Cyber Army and Bangladesh Black Hat Hackers for Indian Government. 6. The Beginning of the DDoS attacks. 7. Shutting down of Indian Stock Exchange sites. 8. Indian Media's failed attempt to spread rumors. 9. War stopped by 3xp1r3 Cyber Army and Bangladesh Black Hat Hackers. 10. Another massive attack by Bangladesh Cyber Army. 11. The return of Bangladesh Black Hat Hackers. 12. Bangladesh Cyber Army sends messages to webmasters about increasing website security. 13. Black Hat Hackers goes down, reason found to be internal feuds. 14. The results of the war: Heroes and Martyrs. 15. A little interview with Shadman Tanjim, the founder of Bangladesh Cyber Army

Chapter 1: Why this war?

The war was actually much needed for the interest of Bangladesh. There were a number of reasons for the war to start. Firstly, the torture and brutality of the Border Security Forces (BSF) of India rose to the extreme level. A huge number of innocent Bangladeshi citizens fell victim to their brutality. Many innocent lives were lost. Besides, some decisions of the Indian Government greatly damaged the interest of Bangladesh. Not only these, the Indian hackers were also engaged in attacking Bangladeshi sites reasonlessly. The reasons of the war can be clearly understood by taking a glance at the demands put forward by Bangladesh Cyber Army-

"1. Stop hacking Bangladeshi websites and stop all types of access to Bangladeshi Cyber Space completely... 2. Stop killing innocent Bangladeshi citizens at BD-India borders... 3. Stop Tipaimukh Dam... 4. Sign the "Teesta Water Sharing Treaty"... 5.Either stop broadcasting of Indian Media in Bangladesh or let Bangladeshi Media enter India... 6. Stop all Anti-Bangladesh activities of BSF and punish all offenders for their deeds against Bangladesh... 7. Last but not the least, India has to stop all activities which go against Bangladesh in any possible way... "

For all these reasons, the war had to start, be it now or then. Many Indians said that the people who were killed in the border zones were either smugglers or illegal immigrants. But as we see it, there is no evidence or any way to prove the validity of their accusation. And even if the accusations were correct, there are no laws of directly killing people brutally for such activities infact. And besides, this was only one of the reasons for the war to begin.

Chapter 2: How it all started

At first, Bangladesh Black Hat Hackers and 3xp1r3 Cyber Army started attacking Indian sites. At one stage, Indian hackers started attacking back. Ashell From Indishell Said, "Indians are attacking BD sites because of hackers from bbhh and expire. BCA is not involved in this and always there to protect the country". After saying this, around 200 Bangladeshi Government websites suffered hacking attacks. Then, Bangladesh Cyber Army joined the war to protect their cyber space. The war actually started after Bangladesh Cyber Army started the attacks. Huge attacks one after another came over the Indian Cyber Space and this is how, the two countries came to see a cyber war. As India was in a state of war with Pakistan as well, Pakistani hackers also supported Bangladesh at first. Indonesian hacker Chliz Aceh also supported Bangladesh. Many other hackers did. But at the end, it was only the Bangladeshi hackers.

Chapter 3: The First retaliation from Bangladeshi hackers.

The First shot came when Bangladesh Cyber Army attacked for the first time. The result was the defacement of over 500 Indian websites and the shutting down 30+ high-profile Indian websites, all done in one night. The Indian hackers surely did not expect things to get this serious. They packed up and stopped attacking any further. But the Bangladeshi hackers brought up the border issue. This was a reflection of the rage of the Bangladeshi people. They rose from the ashes and started protesting for the safeguard of their rights. In this first attack, Bangladesh Black Hat Hackers and 3xp1r3 Cyber Army also played great roles. On the very same issue, they started protesting. Shadoow008, a Pakistani hacker hacked around 2000 Indian sites to show his support for Bangladesh.

Chapter 4: Messages from Bangladesh Cyber Army and Bangladesh Black Hat Hackers for Indian Government.

After the first payback attack, Bangladeshi hackers started sending messages to Indishell and the Indian Government through YouTube. At first, Bangladesh Black Hat Hackers sent the message. They mentioned the reasons of the hacks in the video. Afterwards, Bangladesh Cyber Army sent their message. Their message portrayed the current situation of the two countries and how Bangladesh was under a great pressure because of different decisions of the Indian Government. They also mentioned the killing of innocent Bangladeshi's at the India-Bangladesh border zones. They also mentioned their 7 demands which you already read in "Chapter 1". Afterwards, many other video messages were released on different occurrences.

Chapter 5: The Beginning of the DDoS attacks.

While Indian hackers were just defacing Bangladeshi Government websites, Bangladeshi hackers had the idea of shutting down the whole server. Distributed Denial-of-Service attacks were started by the Bangladeshi hackers. The first target was the website of Border Security Forces of India. Who brought it down first is still a mystery; it may be either Bangladesh Black Hat Hackers or Bangladesh Cyber Army. This website was brought down several times during the war. The server of National Informatics Centre, Ministry of Information Technology, Set India fell victim to the DDoS attacks of Bangladesh Cyber Army. The website of NDTV suffered from DNS failure being attacked by Bangladesh Cyber Army. The website of Reserve Bank of India also went down but it was recovered within a very short time. Afterwards, a huge number of other Indian sites were also shut-down. But the hackers were not contented with DDoS attacks only, they kept on defacing the sites as well. The site of Directorate of Economics and Statistics of India, NE TV were hacked and defaced by Bangladesh Cyber Army. 3xp1r3 Cyber Army rooted one server containing more than 700 Indian websites. The efforts of some members of Bangladesh Black Hat Hackers did not go un-noticed. While 3xp1r3 Cyber Army kept defacing sites on a regular basis, Bangladesh Black Hat Hackers were engaged in both DDoS and defacement.

Chapter 6: Shutting down of Indian Stock Exchange sites.

The first demand of the hackers was to stop brutality in the border zones. But even after the start of the war and publishing the demands in public, two Bangladeshi citizens were captured by BSF. This triggered another massive attack. Bangladesh Cyber Army released another video message in YouTube where they mentioned that they would the stock market of India soon. Many people thought it to be a fake message and doubted the abilities of the Bangladeshi hackers. But proving them wrong, the hackers brought down National Stock Exchange of India for a short time and Delhi Stock Exchange was down for around 8 hours during peak time. This might have caused damaged in the financial sector of India as one of the characteristics of Indian stock exchanges are the online transactions which was also closed as the websites were closed. In this attack, not only did the main core members of Bangladesh Cyber Army took part, but also other patriotic Bangladeshis with an intention to raise their voice for justice took part. Being united as a single power, they attacked all together and succeeded.

Chapter 7: Indian Media's failed attempt to spread rumors.

After suffering from severe attacks from Bangladeshi hackers, Indian hackers were at a loss, they even stopped attacking Bangladeshi sites any further. During this time, some Indian media and news website thought it would be their duty to stand beside the Indian hackers. While they would have done it normally, they took a rather complicated way which no-one would support. They started making up rumors to stop the Bangladeshi hackers. The rumors included the arresting of many Indian hackers which was done to demoralize Bangladeshi hackers. Some media sites even mentioned that Bangladeshi hackers had a different reason to start the war which was fame. They skipped the whole matter of the BSF brutality, though these attempts of Indian media ended in smoke. Besides, those media sites lost their respects because of these which they actually don't deserve.

Chapter 8: War stopped by 3xp1r3 Cyber Army and Bangladesh Black Hat Hackers.

At one point during the war, 3xp1r3 Cyber Army stopped their attacks and announced that they would leave the war. Following them, Bangladesh Black Hat Hackers also left the battle field. Their reasons for leaving the war were that India had accepted their demands. But that actually did not happen. Probably the reasons for them to leave were organizational disorders. Black Burn Moonlit, also known as, Angel Irine, who is the admin of Bangladesh Black Hat Hackers and an ex-member of Bangladesh Cyber Army even hacked Bangladeshi Government websites showing reasons that Bangladeshi Government was supporting India. Whatever it may be, hacking own sites is no sign of "patriotism". The whole TSR team wonders where his patriotism went while hacking the sites of his own country. It is to be noted that this hacker was previously kicked out of Bangladesh Cyber Army for breaking terms and trying to trap the members of his own group using a stealer. Even after these two groups left, Bangladesh Cyber Army stayed in the war, trying to bring some changes and to stand for their demands.

Chapter 9: Another massive attack by Bangladesh Cyber Army.

Bangladesh Cyber Army never stopped their attacks. This attack was a big one and they consider it to be the third phase of the cyber war. They attacked the sites of Central Bureau of Investigation (CBI), Border Security Force (BSF), Jute Corporation of India (JCI), Central Institute of Plastics Engineering and Technology (CIPET), IDBI Paisabuilder and many others. R3x0Man of Bangladesh Cyber Army hacked 3 Indian Hacking blogs in total. HackerIndia, Go4Hacking and Crazyhacker's websites fell victim to his attacks and were defaced. Another around 500 Indian sites were hacked by other hackers of the group but as those were not the much-important ones.

Chapter 10: The return of Bangladesh Black Hat Hackers.

The general mass was not happy about Bangladesh Black Hat Hackers leaving the war. Actually, Bangladeshi people were too pissed off at the Indian and they were hungry for attacks. Bangladesh Black Hat Hackers came back again into the war considering all the matters. They mentioned the reason to be Team Grey Hat's hacking of Bangladeshi sites. Team Grey Hat's attack was triggered by 3xp1r3 Cyber Army. 3xp1r3 Cyber Army hacked and defaced the site of Team Grey Hat for an open challenged. It is supposed that Team Grey Hat entered the war to take revenge of that but they could not do much and left the war after some small attacks.

Chapter 11: Bangladesh Cyber Army sends messages to webmasters about increasing website security.

With Team Grey Hat attacking Bangladeshi websites, Bangladesh Cyber Army thought that it would be necessary to protect their own sites as well besides hacking the Indian sites. They started sending messages to Bangladeshi webmasters about increasing their website security. The steps which they mentioned in their message arePrevention: System and Network security: 1. Firstly, you have to check if there is any vulnerability in the server where the website is hosted. If there is any, it is to be fixed. As fast as possible, you should upgrade to the latest web server. If possible, you should upgrade to the latest version of the operating system. If on the Linux server, the kernel is to be updated and any present security patch is to be installed. 2. The firewall is to be checked and made more powerful. Firewall should be used for both network and application. DDoS Protection is to be used in the server. 3. The unused ports and services are to be closed. Service applications are to be updated regularly. Good IDS/IPS and web proxy should be set up. 4. The websites/web-application's vulnerability is to be checked. Mainly, SQL Injection, Cross Site Scripting, Cross Site Request Forgery, File Inclusion, Remote Code Execution, Web Backdoor, Remote File

upload vulnerabilities are to be checked and fixed if there is any. Those who are new with these can take the help of vulnerability scanners. 5. If the website is not based of any framework like as, Wordpress, Joomla, PunBB, MyBB, then it is to be updated to the latest version and security patches are to be installed. All the plugins in the CMS are to be checked for vulnerabilities and exploits. If exploit is present, it is to be fixed or some other plug-in is to be used. Go to CMS's Config File and from Cpanel, change Chmod to 640 or 600. 6. Admin and Cpanel passwords are to be changed and made stronger. Passwords should have a minimum of 12 characters and should contain numbers, capital letters and small letters. 7. There should not be write access in any file, mainly the configuration files to be precise. There should be no write access in drives as well. Directory listing and brute forcing should be closed. If needed for any purpose, these are to be closed again as soon as the work is done.

Remedy: 8. Site backup should be kept regularly. Backup file should be kept in a secured place so that it cannot be found through directory browsing. It is best to keep it offline or out of the Public_html directory. 9. If the site gets hacked, all site contents are to be deleted and. Then the whole site should be started again from the backup. As the hackers can keep malicious code in directory, you cannot be satisfied deleting only the defacement page. Besides the admin and Cpanel passwords are to be changed.

10. How the site got hacked must be found out, the server log can help in this case. And the site is to be patched following that so that it cannot be hacked any further.

Chapter 12: Black Hat Hackers goes down, reason found to be internal feuds.

Bangladesh Black Hat Hackers, the team which claims to have started the war started falling because of internal feuds. They have mentioned that the account of one of their admins, BD Xtor was hacked and their pages were hacked. But when we started investigating this, something different came out. It seemed like some of the members had a plan of moving out of the group and form another group which they did. That group is now called Bangladesh Grey Hat Hackers. It is possible to write a whole magazine on what actually happened there and how they presented it. Due to various internal feuds, some of the members "betrayed" and the group fell down. Though BD Xtor claimed that his account was hacked but using a little device, you can find that it was not the case. The device you need is a "Brain" only. Hunger for power, how this thing can make people go totally nuts can be understood here.

Chapter 13: The results of the war: Heroes and Martyrs.

There actually are no heroes yet. The war still did not end. Bangladesh Cyber Army is still fighting and according to a recent video release, they would not stop until ALL their demands are considered. And who says that the war did not help? It did help. 8 members of BSF were sentenced to 3months in prison for their brutality. 2 Bangladeshi channels are also being broadcasted in Kolkata now. Aren't all these supposed to be a great success for the Bangladeshi hackers? All of the hackers and the supporters too are the heroes. They did not lose hope, they worked hard and look here, we are already getting the results. The martyrs, this award will certainly go to the Black Hat Hackers. Groups with internal feuds never last long. Though they exist no more as no able members are there to run the group now, during the war they played their parts. Be it small or large, they did something. The war still continues and it reflects the hopes of the people. The Bangladeshi people are standing for their rights. Probably the Indian Government will soon consider the whole matter and bring an end to this cyber bloodshed.

Chapter 14: A little interview with Shadman Tanjim, the founder of Bangladesh Cyber Army

Who do you think is responsible for starting the war? - Obviously the Indians. BSF's brutality and the fault of some of the Indian hackers led to the war.

Wasn't there any other way than this war? - Maybe there was. But after what India was doing, we felt it was necessary for us to do something. This was a good way as we all are related to the cyber world. So, isn't it obvious that we would protest this way?

Yes, that it is. So, how much success did the hackers get according to you? - A lot. Because we are getting a good response. Indishell already left the battlefield as the way Bangladeshis attacked were not expected by them. When they realized there was nothing they could do to cope up and were losing the whole thing, they quit. BSF has been warned by Human Rights Commission. And some Bangladeshi channels are also being broadcasted in India now. This can be considered as a positive side of the war. So, from this side, the hackers are completely successful.

Which were the major attacks by Bangladesh Cyber Army in the war? - Massive amount of Indian sites were hacked. Even sites like Indian Stock Market, CBI were brought down by Bangladesh Cyber Army. Except these, some corporate sites, news sites, TV Media sites, Business sites, Bank sites, Telecommunication sites, political sites, BSF's site and other Government and Non-Government site faced the attacks and the attacks are still continuing.

Is there anything you would want to say to everyone who'll be reading this? - I want to say that this war between India and Bangladesh has proved that Bangladeshis can protest as well, that's what they are doing now. And this is a warning for India, if India continues their activities against us, we will take revenge. And I'd like to thank my fellow countrymen for staying with us and for all their support. InshAllah, we will do our best to stay worthy of your love and respect forever.

Thanks a lot for spending some of your valuable time reading this. Be with us and keep up your supports. You can also send us your feedback atmagazine@security-ray.com Special Thanks to TUNERPAGE and ACADEMY OF CLOUD for their contributions. For more information related to hacking and security news, stay tuned to The Security-Ray.

Regards The Security Ray (TSR) Team