April Lulz Day 2019, popularly known as #AprilLulz2k19, is an annual three-day international hacking operation launched by LulzSec affiliates all around the world.
As of today, April 2, hacking groups LulzSec Argentina, The Lulz, LulzSecITA and Pinoy LulzSec are the most active in sharing on social media their hacks and exploits. There are also local hacking groups who joined this event. Pinoy ClownSec exposed more than 700 local FB accounts while FilTech Hackers Philippines shared defaced pages and user accounts on their social media page.
I was told that Pinoy LulzSec has been holding on an information about someone or something important. The info according to the rumor would “rock” the foundation of cybersecurity in the country. Pinoy LulzSec is still considering if they would release it tomorrow, the last day of the April Lulz event.
The Pinoy LulzSec team believes that the first day was a success. They got the attention of government and educational institutions and because of #AprilLulz2k19 event, social media users are now aware that it is important to secure passwords. They however said that it is not their goal to make people realize their tech mistakes or be recognised, all they want to do is “to have fun, just for the Lulz of it.”
Hundreds of websites and social media accounts were tagged as #TangoDown yesterday and the group said that more FB accounts would be taken over, a lot of websites would be defaced and hundreds of user information would be made available public today and tomorrow.
The Facebook page of Pinoy LulzSec was reported and was unpublished early Tuesday, a member of the group said they are now on Twitter as @PinoyLulzSec_ and would put another FB page soon.
In an interview, a Pinoy LulzSec member claimed they did not use any hacking tools to scan for vulnerabilities in websites. They simply used Google Docs information gathering and Google searches. They added that many sites have vulnerabilities, making them susceptible for zero day exploits – cyber attacks carried out on the same day as the vulnerability being discovered. Most of the website hacks are done with SQL injections – an old method of hacking that is easily learned online. SQL injections can allow the attackers to collect the contents of the website’s database, tamper with existing data, can void transactions or change balances, destroy data, or make the attacker administrators of the database.
For Facebook accounts, they claimed it was all simple phishing attacks.