As a security researcher and an information security enthusiast, I am always intrigued by underground hacker groups and that’s why I do some research about them. In this article, we will talk about Kosova Hacker’s Security in order to understand their ideals and the essence of their existence as a group by mentioning some of their cyber-attacks plus an exclusive interview with their leader.

The Kosova Hacker’s Security (KHS) is a hacktivist group of Albanian hackers from Kosovo, which have compromised both government and private websites of Israel, Serbia, Greece, Ukraine, etc. The KHS crew is led by Th3 Dir3ctorY together with two core members ThEtA.Nu and x|Cripo.

Below are some of the known attacks they spearheaded and in which they have taken part:

1. #OpIsrael

It was the Anonymous collective that spearheaded and coordinated a series of cyber-attacks against the government of Israel and other Israeli private organizations and companies. The operation is dubbed as #OpIsrael or Operation Israel. The first wave of cyber-attacks came from a Turkey based Marxist hacker group named RedHack and some Anonymous groups, where they targeted Mossad (The Institute for Intelligence and Special Operations) which is an Israeli Intelligence Agency.

KHS together with some of the Albanian hackers attacked several important Israeli government and commercial websites such as the Civil Aviation Authority, Israel Police, Ministry of Health and many more. They were able to leak more than 35,000 personal information of Israeli citizens.

Th3 Dir3ctorY, the leader of Kosova Hacker’s Security and the famous Hotmail Mail Server hacker also added, “Israel is attacking Gaza without any proper reason, so if they don’t stop doing that we will attack in the energy sector & nuclear area of Israel and we will attack Israel with very bad viruses…

Th3 Dir3ctorY, ThEtA.Nu, and X|CRIPO of the KHS crew have also leaked more than 7000 Israeli credit cards with full credentials and details like the full name of the card holder, CCV, credit card number, expiry date, etc. before they leaked more than 35,000 personal information from Israeli citizens and before their participation with Operation Israel.

2. Interpol Takedown

Last October 2012, the Kosova Hacker’s Security group claimed responsibility for taking down the website of Interpol (International Criminal Police Organization) for two days in protest against a controversial Anti-Islamic “Innocence of Muslims.” They took down the website by using more than 700 botnets in order to perform a series of DDoS (distributed denial-of-service) attacks.

3. IBM Research Website Hacking

The KHS crew was able to deface the official website of IBM (International Business Machine) Research Website through SQL injection and remote code execution and has a Zone-H mirror of the defacement. The Voice of Greyhat News Website added in their report, “according to the KHS spokesman, another hacker group named Teamgreyhat figure out this vulnerability which allowed KHS to breach the server and deface the index page“.

4. Operation Greek

The hacker collective, Anonymous started the #Operation Greek last 2012 and uploaded a video with the following message:

Greetings Government of Greece, we are Anonymous.

We are watching events in Greece and we are really overwhelmed.

4 thousand suicides, 2 million unemployed, 5 hundred thousand homeless, hospitals without the necessary materials, salaries and pensions at risk of hunger and we can go one.

And the only thing to you do is indifference. Challenging your people by inviting Merkel, right now it in collaboration with your Greeks arrived on the verge of destitution. You should be ashamed! Threaten your people with security measures only fit keeper status.

8 thousand policemen, stainless steel fences, frogmen sewers, all security forces on alert and curfew on the capital’s streets … Where differ you exactly from a Junta! The people protested and apparently you fear your own people.

We, as Anonymous are next to the Greeks claiming their freedom. We are next to a people who have fought against the German occupying forces.

We already provide dial up lines because we know that your fear will try to silence the Greeks. This will not be tolerated.

While you will get your mind to do the sake of your friends bankers, we will be alongside Greeks protesting for there democratic right to live free and without poverty. The eye of Anonymous now focus on Greece. Citizens of Greece, Anonymous now fighting with you.

We are Anonymous,

We are Legion,

We do not forgive,

We do not forget,

Expect us.

At first, some of the members of Anonymous carried out a series of distributed denial of service attacks against the Greek Ministry of Justice and then KHS followed. KHS breached the OTE – Greek Telecom Service and exposed more than 10,000 user credentials (with obfuscated passwords for the users) including administrator details. Most sources say that the main reason for the group’s attacks against Greece is a retaliation against some Greek hackers who hacked Albanian websites. According to the Voice of Greyhat News Website, KHS also attacked the Greek Ministry of Education, and Lifelong Learning and Religion websites.

KHS also successfully hacked the official website of the President of the Republic of Macedonia and have created a deface mirror or notification in Arabzone.

5. Ukraine Cyber Attacks

Last 2011, Kosova Hacker’s Security has defaced more than 600 Ukrainian websites which includes the Ukraine Police Website, Gazeta.ua (Ukraine’s Largest News Portal), Gaysinfarm.ua, Panika.net.ua, Iloveshoes.com.ua, and many more. The cyber-attacks are motivated with true patriotism according to a KHS spokesperson.

6. US National Weather Service Website (weather.gov) Pawnage

Last October 2012, the Kosova Hacker’s Security group took credit of exploiting weather.gov (US National Weather Service Website) through Local File Inclusion (LFI). The attack is a protest against American aggression against Muslim nations, including cyber-attacks.

According to THN (thehackernews.com), the hackers also pointed, “They hack our nuclear plants using STUXNET and FLAME like malwares, they are bombing us 27*7, we can’t sit silent – hack to payback them“.

KSH exposed the data and configurations from the following files:

/etc/passwd
/etc/groups
/etc/hosts
/etc/samba/dhcp.conf
/etc/apache2/conf.d
/proc/version
/proc/cpuinfo
/proc/self/mounts
/proc/self/status
/proc/self/stat
/etc/security/access.conf
/etc/ldap/ldap.conf
/etc/cups/printers.conf
/etc/gconf
/etc/syslog.conf
/etc/snmp/snmpd.conf
/share/snmp/snmpd.conf
/etc/ca-certificates.conf
/etc/mysql/conf.d
/etc/security/limits.conf
/etc/security/group.conf

7. Hotmail Mail Servers Owned!

KSH members, Th3 Dir3ctorY & ThEta.Nu claimed responsibility for compromising Hotmail’s mail servers last 2011.

Interview with Th3 Dir3ctorY

I happened to interview Th3 Dir3ctorY, the leader of the Kosova Hacker’s Security group and here are his replies to my questions:

What is the reason for the creation of the Kosova Hacker’s Security?

Kosovo people were violated from the Republic of Serbia. A war sparked between Serbia and Kosovo in 1999. They killed about more than 20, 000 people and raped more then 30, 000 women. Kosova Hacker’s Security was created to fight the Serbian country in the Cyber World.

When did you started hacking and defacing?

I started defacing and hacking in the year 2005.

Do you consider yourself a hacktivist?

Yes!

Want to learn more?? The InfoSec Institute Ethical Hacking course goes in-depth into the techniques used by malicious, black hat hackers with attention getting lectures and hands-on lab exercises. While these hacking skills can be used for malicious purposes, this class teaches you how to use the same hacking techniques to perform a white-hat, ethical hack, on your organization. You leave with the ability to quantitatively assess and measure threats to information assets; and discover where your organization is most vulnerable to black hat hackers. Some features of this course include:

  • Dual Certification - CEH and CPT
  • 5 days of Intensive Hands-On Labs
  • Expert Instruction
  • CTF exercises in the evening
  • Most up-to-date proprietary courseware available

What do you think were your biggest hack escapades and cyber-attacks?

We have hacked more than 20, 000 websites including government websites. We have hacked the IBM Research domain, we have hacked 90% of Serbian government websites, we took down Interpol for 2 days, and we have posted more than 7000 Israeli credit cards. For more info, you can find some of our job worldwide here: http://www.voiceofgreyhat.com/search?q=KHS

Have you been involved with Hacker Wars or Cyber Wars?

Yes we have been involved in many cyber wars .We have helped many teams in cyber wars like hackers from India ,Pakistan, Bangladesh, Algeria, and also we have created the cyber war between Kosovo and Serbia .

Who do you think is the most notorious defacer in the underground today?

Hmei7 and RedHack

What groups have you been associated with before you were involved with Kosova Hacker’s Security?

I was member of RedHack in the year 2006 then I created my team called Albania Security Clan (ASC), after some big attacks against government websites, the police arrested one of our members in Belgium then we change the team to Kosova Hacker’s Security.

What can you say about hacking and security?

Hacking is part of security, if you don’t know hacking you don’t know security. So if you want to be good at Cyber Security you need to know hacking.

Can you tell us some facts about Albanian Hackers?

Albanian Hackers display patriotism on the Internet. They display hacking Serbian Websites every day.

Do you really support Anonymous? What do you think about Anonymous?

We support Anonymous. Anonymous is not a team, it’s not a group so everyone can be part of Anonymous. If someone has any important information or if you hack something big and you want to stay hidden you can be Anonymous, it’s free.

References:

http://www.voiceofgreyhat.com/search?q=KHS

(I would like to thank this hacker news archive for the reports about KHS)

http://nakedsecurity.sophos.com/2012/10/19/national-weather-service-website-hacked-by-kosovo-hackers-security/

http://www.cyberwarnews.info/2011/12/26/ukraine-police-and-600-websites-hacked-and-defaced-by-kosova-hackers-security/

https://www.facebook.com/KHS.Cr3w

http://en.wikipedia.org/wiki/OpIsrael

http://hackmageddon.com/tag/kosova-hackers-security/

http://thehackernews.com/2012/10/sensitive-server-info-leaked-from.html