A well-known Turkish hacker group claims to have stolen the passwords of a public electricity company, writing off the debts of a number of bills, but authorities say no data was compromised and the debt was already collected.
“We dedicate this action to the villagers of Yırca, to those who resist in Validebağ, and to those who know that there are things more important than money and status in this life,” RedHack said in a tweet Nov. 14, referring to two hotspots in the recent wave of environmental protests in Turkey.
The hacker group published the valid usernames and passwords for the management panel of Turkish Electricity Conduction Company (TEİAŞ). An accompanying video appears to show a hacker infiltrating the system and writing off debts worth 1.5 million Turkish Liras ($670,000) in electricity bills.
“Go and write off your own debts before they shut [the website] down,” RedHack added via Twitter.
Turkey’s Energy Ministry, on the other hand, announced Nov. 15 that the website of TEİAŞ was under a cyber attack, but no data was compromised. “Our system doesn’t allow a bill to be deleted permanently. The original copies of bills are stored at TEİAŞ. The debt that is allegedly written off was collected on Oct. 27,” the ministry statement said.
Its interesting as its a major utility that got smacked for maybe a lot of money.
When you are a hacker there are two words you live by, penetrate and pivot. For example in the Target attack they phished a HVAC subcontractor and then pivoted that into a successful attack on Target, don’t let your IoT devices be that penetrated point that hacker pivot into a major compromise against your customer.