Un.org hacked by Activists
It is good to see that the UN has seen this as a prank rather than an act of “cyber terrorism”. To often these simple attacks are suddenly blown up by the media into some kind of terrorist act and suddenly teenagers are spending 20 years in jail for defacing a website.
Not that I condone website defacements, I just think these things should be kept in perspective.
A simple SQL injection allowed the text on the front page of the UN.org to be alerted. SQL injection is a common web application attack that has been known about for years but still websites are being defaced and accessed through these holes. Other risks associated with SQL injection include the downloading of database data. Many websites customer list or credit card database have been gathered by this method.
Ironcove.net’s new partner organisation HackerTarget.com is able to do basic sql injection testing against websites along with full host scans using Nessus Vulnerability analysis scanner.
At the Web site M0sted.org, there is a list of websites that have been hacked by this group other than the UN. Sites such as Harvard and other universities, Norfolk and Norwich University Hospital in the United Kingdom, and some international Web outposts of Michelin, Toyota and Nestle.
“Hacked By kerem125 M0sted and Gsy That is CyberProtest Hey Ysrail and Usa dont kill children and other people Peace for ever No war” was the line repeating itself over and over on the affected pages, according to published reports and screenshots taken by bloggers. The perpetrators appear to have used a well-known and highly preventable technique called SQL injection, which takes advantage of flawed database programming to activate malicious lines of code.
Hackers apparently exploited security holes in the SQL code at the U.N. secretary-general’s main Web site over the weekend. (Credit: Giorgio Maone, hackademix.net)
The defacements, which affected the front page of the secretary-general’s site and pages containing statements by the secretary-general and press conference summaries, occurred sometime early Sunday morning, UN spokesman Alex Cerniglia told CNET News.com on Monday. The sites were “cleaned up” by about 9 a.m. PST on Sunday, he said.
