For about one year now, I’ve been covering the hacktivism of a self-identified Moroccan hacker known as ElSurveillance (@ElSurveillance on Twitter). Other media outlets have been starting to pay more attention to him recently, too.
As he had explained to me in December, ElSurveillance defaces and hacks sites advertising escort services or that have adult themes for religious reasons. Such services violate Islam, he tells me.
Out of all the hacks and hackers I have covered on this site, I think ElSurveillance’s activities are probably one of the purest examples of hacktivism that I have seen. I may not share his goals, but I never seen any indication of malice or greed on his part (I’m referring to ElSurveillance as “he,” but of course, I can’t know for sure). I’ve seen no evidence that he is using the data for any purpose other than trying to shame or force sites to stop what he considers to be morally unacceptable conduct. And occasionally, he diverts to other attacks, like his recent attempt to get the attention of a town in the UK that was vulnerable to SQLi.
This week, ElSurveillance contacted me to tell me about four of his more recent attacks and data leaks.
One leak consisted of 12,738 records containing username, email address, and passwords (all plaintext) from afrikadating.com. Because the site did not appear to me to be an escort service but rather, just a dating site, I asked him why he targeted it. In private communications on Twitter, he replied:
I’m after any site that claims to be providing any sexual services in the Islamic Countries, That site had around 33 profiles who claim to be providing sex services in Algeria, Tunisia, Egypt, I asked the admin to remove them, They refused, So I took Control of it, I removed these profiles and published the users login details.
He added:
I don’t usually go after these websites, But when they cross the line. They get punished.
In another incident, ElSurveillance attacked reaach.com and dumped a member’s table with 1,489 records with ID, username, email address, hashed passwords, and other personal details. As is this site’s policy, I am not linking to any of the data dumps, but inspection of this one revealed that some people uploaded pictures, resumes, and other personal information.
Reaach.com advertises itself as a one-stop business profiles site for the UAE. ElSurveillance informs DataBreaches.net that he had contacted REAACH a few months ago about some escort profiles on their web sites. “They removed them but only from the search engine and not from their database,” he stated. Inspection of the leaked database confirmed that there were still such listings in there.
In a third incident, ElSurveillance attacked an Australian adult dating site with 67,122 users — adultsinglesites.com.au. Leaked data did not include any names, but did include IP addresses, email addresses, and hashed passwords.
But not only did he attack adultsinglesites and leak data in three data dumps, ElSurveillance redirected their home page to his Twitter account, @ElSurveillance. As of today, the site does not appear to have regained control over that, even though the hack was no later than July 1.
And in one more incident that he shared with DataBreaches.net, ElSurveillance attacked PinkDate in the UK. That leak included 1,638 records with email addresses and MD-5 passwords, many of which appear in plaintext, too.
One of the more unusual aspects to ElSurveillance’s hacktivism is that he does seem to contact entities first and request that they remove escort service listings. In his Twitter timeline, I saw mentions of other recent attacks of his, including keeping one site knocked offline for at least four days now for “promoting escort services in Dubai:”
#KilELSlar – https://t.co/ZnzBwlaUWM – Has been down for 4 days straight, For promoting #escort services in #Dubai– #EscortsOffline#Islam
— ◖المـــراقــــــبة◗™ (@ElSurveillance) July 14, 2016
Perhaps the most surprisingly civil exchange was one ElSurveillance had with @ConnectBuzz, who have seemingly agreed to revise their system to remove offensive listings.
Of course, not everyone will agree with ElSurveillance’s mission, and some people have challenged him on that. Others, however, appear to be cheering him on and suggesting other sites for him to look into.
I don’t know if ElSurveillance will have any significant impact on the presence of online escort services, but he certainly seems to be on a one-man campaign to get entities to not market such services in Islamic countries. When I asked him if he thought he was having an impact or making a difference, he replied:
Yes definitely especially for the reputation of my religion, People and culture, Many of these websites claim to be based in the Islamic Countries which we never welcome any such a behavior, And also I make a difference by reporting the vulnerabilities to the good guys instead of abusing them.
DataBreaches.net will continue to follow his hacktivism and campaign.