Jamie's Blog

Monday, August 13, 2007

UN Website defaced


It seems that a group of hackers from Turkey defaced the official UN website Sunday morning. They posted some random text attacking the US and Israel.

The interesting thing about the hack is that it was accomplished using a known and widely disseminated exploit. One that has been around for years. The hack is known as an SQL injection exploit and is accomplished by getting the database to execute SQL code out of input forms.

The vulnerability is easily countered, and these days is seldom found on a large and prominent website. So it is very surprising that an organization as big and important as the UN, would have it's website vulnerable to an attack like this.

Check out the story at BBC: UN's website breached by hackers, and for more detail at Hackademix: United Nations VS SQL Injections

Labels: , , ,

posted by Jamie Barrows at 8/13/2007 08:46:00 AM

7 Comments:

  • I don't understand nothing from that hacking with SQL injections etc.
    But those hackers seem with a rather small amount have reached plenty of advertancy.
    Realy strange that the UN offers such a good platform for such intentions. They should have a serious talk with their computer-specialists (" " ?)
    I suppose: they will.

    By Anonymous Anonymous, at August 13, 2007 11:20 AM  

  • I expect they will be having some very stern talks with their IT people. Especially since this attack is so easy to counter and has been around for so long.

    By Blogger Jamie Barrows, at August 13, 2007 11:23 AM  

  • Obviously till this day they hadn't had such an attack. I can't estimate how known this weak point should be for a specialist, or how high the risk for a similar attack should be regarded. But the security installations seem really not made very "professional".
    The other side is what high attention this news has gotten all over the world. I had just read it this morning (7 hours ago) in the german internet-news.
    In reality not very much or very serious happened... but the whole world is talking about and spreading the news - and the hacker's message.
    Apparently a very efficient way to spread messages over the world... will be a "good example" for others.

    By Anonymous Anonymous, at August 13, 2007 11:42 AM  

  • Trust me, this kind of attack is very well known in the computer world. Having your site hacked by it is embarrassing because it is so easily countered. Basically it is caused by poor coding and poor testing.
    The only real excuse for having a site vulnerable to this kind of thing, is incompetence.

    By Blogger Jamie Barrows, at August 13, 2007 11:55 AM  

  • The worldwide attention for a rather simple message (with many biting comments and the loss of honour)is the one.
    Is it even possible to do bigger harm with a hack using this method?
    E.g. could be done more than a message added, could the whole homepage be changed or integrated new functionalities (troians or other malware)?

    By Anonymous Anonymous, at August 13, 2007 12:08 PM  

  • It depends on the structure of the page and how much of the page is dynamically generated from content stored in a database. For some pages, yes. Others, no.

    By Blogger Jamie Barrows, at August 13, 2007 12:12 PM  

  • Thank you.
    Then it is evidently more than just "fixing an adhesive label".
    Really embarrassing that they have such a weak prevention in the UN!!
    Big disgrace.

    By Anonymous Anonymous, at August 13, 2007 12:20 PM  

Post a Comment

<< Home