The John Wick group hacked the Indian Prime Minister’s Twitter account and the site of the popular Indian news channel News18 to deny involvement in the PayTM hack.
According to BleepingComputer, a hacking group claims to have hacked the CNN-News18 news site in India to use it to disprove claims of a PayTM Mall hack earlier this week.
News18 is an English-language news channel that provides Indian and local news through the Indian Broadcast Network, as well as international news in partnership with CNN.
In their quest to debunk claims that they were behind the PayTM hacks, "John Wick" had also previously hacked the Indian Prime Minister ‘s Twitter account.
Background: PayTM Mall hack
Paytm Mall is an Indian e-commerce platform with over 5.5 million daily active users, 80,000 merchants and a product portfolio of 110 million items according to the 2018 online report.
The company suffered a major data breach when a group of hackers were able to gain unlimited access to the entire company database. Cyble, an American cyber risk analysis platform, claims that the John Wick hacker group is to blame for everything.
According to Cyble, "John Wick" hacked several Indian companies and received ransomware from various Indian entities including OTT platform Zee5, fintech startups, Stashfin, Sumo Payroll, Stashfin, i2ifunding using other aliases such as "South Korea" and " HCKINDIA".
"John Wick" was able to upload a backdoor to the Paytm Mall app website and gained unlimited access to all databases, and then demanded a ransom of 10 Ethereum (ETH), equivalent to $4,000, which the hackers called "help fee".
Get ready, the story begins…
In August, "John Wick" emailed BleepingComputer asking them to refute a report released by Cyble that attributed the PayTM Mall hack to a group of hackers.
The attackers then claimed to have hacked the Cyble website amibreached.com to download its database and install a remote access tool in a public directory. However, Cyble CEO Binu Arora said they could not find any indication that they had been hacked or that traces of remote access programs had been downloaded.
Hack other sites to disprove one hack
Determined to prove his innocence in the PayTM Mall attack, "John Wick" first hacked the Twitter account of the Prime Minister of India, telling the world that they were not the perpetrators of the PayTM hacks.
“There is no other intention to hack this account. Recently there was fake news about our name saying that PayTM Mall [was] hacked by us. So we sent out an email to all the news publishers in India [that] it’s not us, but no one answered us, so we decided to publish it," one of the tweets posted on the Prime Minister’s official Twitter account.
The images below show that hackers may have hacked the Indian news channel News18 and sent push notifications to their subscribers to deny they were involved in the PayTM hacks.
Push notifications allegedly sent by the "John Wick" hacker group from the News18 website Source: Bleeping Computer
The push notification says "Paytm mall John Wick has not been hacked by our team."
In an email sent to BleepingComputer by John Wick, the group included internal IP addresses, ports, usernames, passwords, and a JSON request with an authentication token they supposedly used to send browser notifications to News18 subscribers.
John Wick’s email to BleepingComputer showing the JSON payload to trigger push notifications Source: Bleeping Computer
Clicking on these notifications opened a page in PasteBin in the browser that once disproved claims that PayTM Mall had been hacked by attackers.
Additional screenshots provided by the group themselves show folders for the various language feeds of the News18 . group.
Folders that can contain data from different TV channels News18 Source: Bleeping Computer
It should be noted that the authenticity of these screenshots has not been verified and, at the time of writing, News18 has not commented on this alleged hack.
As with the ZEE5 hack, when "John Wick" allegedly took control of the company’s codebase, the hacker group provided screenshots showing the code commit history for the News18 codebase in a similar fashion.
Possible code commit history for News18 provided by John Wick Source: Bleeping Computer
Of course, in this case, John Wick’s motivation was not to collect donations. However, in an attempt to prove their innocence with competence, they hacked many more systems and accurately became accomplices in other crimes – all in order to disprove one claim about the PayTM hack.