The Middle East conflict has literally clawed on one of the highest echelons of global peace-keeping effortsâ??in cyberspace, at least. Last weekend, a group of hacker-activists (or hacktivists) calling themselves â??Turkish Defacers,â?? claimed responsibility for the defacement of the official Web site of the United Nations (UN) Secretary-General Ban Ki-Moon.
Statements posted by the UN Secretary-General were replaced with repetitive pacifist messages, accusing the United States and Israel of killing children. The exact message read, “Hacked By kerem125 M0sted and Gsy That is CyberProtest Hey Ysrail and Usa dont kill children and other people Peace for ever No war.” The UN was forced to pull down the site and conduct repairs, and eventually restored the original content of the affected Web site.
What is apparently surprising is that the manner of attack on such a high-profile Web site used a rather well-understood and preventable method. The hacktivists used an SQL injection vulnerability that takes advantage of flaws in database programming to activate malicious lines of code. Although the site has since been patched up and restored, it is still very much susceptible to future cyber attacks.
On their Web site, these “Turkish Defacer” have listed similar feats involving several prominent sites, including top-notch universities and international corporate outposts. If the veracity of their claims is proven, we have not yet seen the last and most damaging of hacktivism-related attacks.
Attacks on legitimate Web sites connected to high offices of government are nothing new. There have been instances of phishing sites hosted on servers of government domains, and hacked .gov sites that lead to porn. Because these sites are supposed to hold authority and get a lot of traffic from users who believe these are secure, these have become prime targets of their very targets. This only shows that the halls of power are not so august online, and even security enforcers must look out for their own security because there are no sacred cows when it comes to cyber crime.
Updates will be posted as soon as they are available.