Friday, February 10, 2012

UN Website Hacked!

Updated: Thursday, 09 Feb 2012, 6:33 PM EST
Published : Thursday, 09 Feb 2012, 11:54 AM EST
By LUKE FUNK
MYFOXNY.COM

MYFOXNY.COM - A hacker has apparently targeted the United Nations (UN) website, releasing a list of the organization's potential vulnerabilities.

Information purported to be stolen from the organization was posted on the site Pastebin on Thursday morning.

The alleged hacker, who goes by the name Casi posed a message along with the information saying: "?I fighting [sic] for Internet Freedom, equiality [sic] & rights for all.?", but gave no other motivation for the attack.

Martin Nesirky, a spokesperson for the Secretary General of the United Nations, confirmed the breach.

"A case of unauthorized access to the UN website is still being investigated," Nesirky said in a statement. "Whoever sought access was able to read some data from databases but was not able to modify content and was not able to prevent public access to the website."

New York based Identity Finder says it appears the UN was not following the most basic web security.

The hacker used a SQL injection attack (SQLIA) to fool the computer into revealing its secrets.

"It's web security 101," Aaron Titus, Chief Privacy Officer for Identity Finder says. "This breach seems to be a very simple attack. If this breach was real, they could have prevented this very easily and should have prevented it."

He says Identity Finder is not able to independently verify the legitimacy of the information but the hack appears legitimate.

The data in the release included a list of vulnerable points and a detailed map of the inside of the UN's database.

"It's making the rounds in the hacker community and is spreading fast," Titus says.

It is difficult to determine the actual risk the UN is facing, according to Titus. It appears passwords were not exposed in the hack.

But he says, "For anyone wanting to perpetrate an attack on the UN internal database, it is a gift."

Titus says his company has reached out to the UN to alert it about the hack but has not heard back from the organization.

This apparent breach follows a November attack in which more than 100 email addresses and log in details were posted on Pastebin.

No comments: