On September 8, many websites in Lebanon, including governmental ones, were hacked by an alleged Iranian hacker. After a quick analysis, the SMEX tech team found that all the hacked websites are hosted on the same server managed by Terranet, a local Lebanese ISP and hosting provider. A deeper look into Terranet’s network infrastructure shows that the company has multiple and potentially vulnerable servers. Vulnerabilities in servers allow hackers to compromise a system, obtain partial or full access over the system, and thereafter control it.
The SMEX tech team confirmed that the targeted server, which is owned by Terranet and was the main target of the attack, is outdated and suffers many vulnerabilities. We recommended that the entities responsible for this server take the necessary measures to update and enhance the protection of their other websites and servers.
The following day, with the help of Masaar’s tech team from Egypt, we dug further into Terranet’s hosting server (Terra.net.lb) and identified many other vulnerabilities within it. This website provides information about the company and allows users to log into their internet subscription accounts.
After our investigation, we can conclude:
- Terranet’s website shares the same IP with more than 350 other domains, including governmental websites. Any vulnerability exploited in this website, could affect other websites.
- The website uses a very outdated framework, that suffers from many vulnerabilities (that could affect the Terranet website but not necessarily its users), and an outdated web server software version.
- Its servers use an outdated operating system.
We are disappointed by the disregard for security shown by a leading ISP. We demand Terranet update its servers, websites, and all of its infrastructure, in order to protect its customers’ and users’ data, personal information, and websites, including governmental, commercial, and personal websites.
Terranet should also have a clear policy about protecting and securing customers’ and users’ information, and be more transparent about the safety and security of their infrastructure. Terranet have not yet published any public statement regarding the September 8 hack of their servers.