Hacker under the pseudonym "DuckyMummy" sells access to Greek Police webmail accounts on the Dark Web and the breachforums.st website. The price is set at 200 $. Unfortunately, while the credentials of Greek Police email accounts, through which thousands of sensitive information of Greek citizens are shared daily, are under the hammer, it is not known if the competent authorities have noticed the breach!
What happened?
Hacker DuckyMummy, a well-known figure in the cybercrime underworld, has taken out the auction of access credentials (username and passwords) to the webmail system of the Hellenic Police. The webmail of the Hellenic Police is accessible exclusively by members of the Hellenic Police as it is the point of contact with citizens who request any document concerning them. This unauthorized access could potentially expose sensitive communications, internal documents and operational details that are critical to the safety and functionality of the authorities.
The hacker confirms his attack by posting screenshots of some of the stolen credentials and accesses to the Greek police systems. The news was even made public online via the social networking platform X (formerly Twitter) in order to inform interested parties who may not have access to the Dark Web about the sale.
First report of the cyber attack was made by the account Dark Web Informer, a twitter profile of cybersecurity researchers who aim to identify illegal activities on the dark web and then inform the public through the X-platform.
In addition, the platform threat intelligence SOCRADAR, sent an information message to its subscribers on 20 May 2024 (4 days before), with details of the attack:
The attack, according to the Twitter posts, must have taken place 2-3 weeks ago, while it is unclear whether it is a leak of a single webmail account or several. Also, it is not clear from the post whether the hacker advertising the sale of passwords has administrator rights or if they simply leaked passwords from personal computers of EL.AS officials. The account the attacker appears to have access to reads “ΜΕΤΑΝΑΣΤΕΥΤΙΚΕΣ ΡΟΕΣ” στο subject του κειμένου απο οτι μπορεί κανείς να αντιληφθεί, καθώς και λέξεις οπως “REPORT”.
See the video below for more information:
Potential risks from account hacking webmail of the Greek Police
Exposure of sensitive information: Unauthorised access to police email could lead to the leakage of confidential information, including ongoing investigations, covert operations and personal details of officers and informants.
Theft of citizens' personal data: With access to internal communications, hackers could disrupt police activities and steal all communications on sensitive matters that may have taken place between authorities and Greek citizens. It is also important to mention that hackers, by accessing the systems, could also steal databases with personal data of the entire nation (ID/passport number, contact details, residential address)
Public safety concerns: Information about police strategies, patrol programmes and emergency response plans could be exploited by criminals to avoid detection or plan escape routes, posing a direct threat to public safety.
Lack of strengthening of systems by the competent authorities
Despite the seriousness of this violation, it seems that the Greek Police and the Ministry of Citizen Protection have not yet implemented adequate security measures to mitigate the threat.
The webmail depicted by the attacker whose passwords were leaked probably did not have 2 Factor Authentication enabled. All modern webmail services (Google, Microsoft, etc.) have the possibility of activating double authentication so that when accessing the service, a password is requested by SMS, APP or anything else (as is the case with the transaction process in Greek banks). This technical shortcoming is worrying and indicates a potential gap in the current cyber security within the Hellenic Police. Citizens are urged to remain vigilant and take preventive measures to protect their data, as the likelihood of further breaches remains high.The authorities have not issued a press release regarding the incident to inform citizens and in particular whether the breach resulted in the leak of personal data. It is not possible to know whether visible measures have been taken to address the breach.
Similar breaches or potential incidents of additional breaches that may be relevant to this case underscore the urgent need for robust technical cybersecurity solutions, strengthening of existing protocols, training of staff, and rapid staff actions to defend against cyber threats.
Steps protection to citizens
Given the breach, citizens should remain vigilant and take steps to protect their own digital security:
Be aware of the attempts electronic fishing: Cybercriminals often use stolen data to create convincing phishing messages. Be wary of any suspicious emails, even if they appear to come from official sources.
Secure personal information: Regularly update your passwords and use them two-factor authentication to protect personal accounts from unauthorised access.
Report suspicious activity: If you receive unusual communications purporting to be from the police, verify the source before responding or providing any information.Contact the ELAS directly for more details.
For more updates on this, stay tuned.
Update1-24/5/2024: The forum on which the advertisement in question was posted breachforums.st is down (probably after actions by law enforcement authorities) and inaccessible.
Πιθανολογούμε οτι η ιστοσελίδα “κατέβηκε” μετα απο την δημοσιοποίηση, έρευνα και άμεσες ενέργειες της Directorate of Cybercrime, που σε ανάλογα περιστατικά έχει δράσει εξαιρετικά γρήγορα, αποτελεσματικά και χωρίς “τυμπανοκρουσίες” για την προστασία προσωπικών δεδομένων του κοινωνικού συνόλου. Σε κάθε περίπτωση παραμένει το ερώτημα των πολιτών για ενημέρωση/δελτίο τύπου αναφορικά με τι είδους email διέρρευσαν, αν και κατα πόσο η επίθεση ήταν μεμονωμένη σε ελάχιστα mail επικοινωνίας καθώς και αν η πρόσβαση των hackers ήταν μόνο στο συγκεκριμένο σύστημα.