MISCELLANEOUS

Defacing public institutions

Hacking trends for winter 2009-2010

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

MicrosoftInternetExplorer4

st1:*{behavior:url(#ieooui) }

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:”Calibri”,”sans-serif”;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:”Times New Roman”;
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:”Times New Roman”;
mso-bidi-theme-font:minor-bidi;}

The last days of 2009 and the beginning of 2010 reveal the
latest frenzy for hackers – vandalizing the official sites of public
institutions.

The first attacks hit several official Philippines
government Web sites, prior to Christmas and New Year’s holiday. December 17th,
users visiting the Department of Health homepage could find a defaced picture
of the Health Secretary Francisco Duque III. If, in the original picture, he
was blowing on a “torotot“,
in the vandalized picture he was apparently holding male genitals towards his
mouth. Other porn words were written next to the picture.

Next day, the official site of the Department of Social
Welfare and Development was the target of hackers. A couple of days later, the Philippines
National Disaster Coordinating Council’s official Web site was also under
attack.

This trend seems to continue in 2010: the very first days of
January brought new victims – the Spanish EU presidency site and the official
site of the Iranian president.

January 4th, hackers took advantage of the XSS
vulnerabilities to compromise the Spanish presidency, replacing the photo of the
Spanish prime minister Zpatero with the lookalike Mr. Bean’s funny image.

Next day, the Iranian presidency Web site was
vandalized, the intruder posting a message
which called for President’s death: “Dear God, In 2009 you took my favourite singer –
Michael Jackson, my favourite actress – Farrah Fawcett, my favourite actor –
Patrick Swayze, my favourite voice – Neda. Please, please, don’t forget my
favourite politician – Ahmadinejad and my favourite dictator –
Khamenei in the year 2010. Thank you.”

Although the
damages were just related to some official (and institutional)”images”, although
the problems were soon solved, these attacks are prompting Internet security
experts to question the officials’ ability to protect sensitive information and
remind users worldwide that no Web site is 100% hackproof.

About the author

Sabina DATCU

Sabina Datcu, PhD has background training in Applied Informatics and Statistics, Biology and Foreign Languages and Literatures. In 2003 she obtained a master degree in Systems Ecology and in 2009 a PhD degree in Applied Informatics and Statistics.
Since 2001, she was involved in University of Bucharest's FP 5 and FP6 European projects, as researcher in Information and Knowledge Management field.

In 2009, she joined the E-Threat Analysis and Communication Team at BitDefender as technology writer and researcher, and started to write a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases.