Calling themselves "CyberProtest," a group of hackers initiated what security experts believe was a SQL injection exploit on the Web page of United Nations Secretary-General Ban Ki-Moon. The hackers changed some text in one of Ban's speeches to include text accusing the United States and Israel of killing children.
A group of hackers infiltrated the United Nations' Web site over the weekend, defacing the page of Secretary-General Ban Ki-Moon with antiwar political graffiti.
Hackers reportedly replaced portions of recent speeches made by Ban with accusations that the United States and Israel are killing children. An Italian software developer first reported the hacked Web site, which was out of commission for most of Sunday as the UN scrambled to scrub it of the insertion. By Monday it was operational again.
By all accounts, the attack appeared to have been a SQL injection exploit, allowing the hackers to add their own HTML code to the Web site. The graffiti on the Web site suggested that at least three hackers that use the name CyberProtest were involved.
The Next Step
Beyond some embarrassment, political graffiti does not cause much harm either in cyberspace or in the real world. However, the fact that hackers were able accomplish their goals could have deeper ramifications, Sophos security consultant Ron O'Brien told TechNewsWorld.
"The concern about the ability to hack public Web sites is increasing because in addition to defacing the Web site, it is also possible to embed malware," he commented.
No malware was embedded in the UN site during this attack, he added.
The Latest Vector
It is becoming increasingly clear that infecting public Web sites is the latest preferred vector for hackers, he said.
"We are asking everyone who owns or runs a Web site to make sure they are not vulnerable in that respect," O'Brien said.
The best way to ensure a Web site is free of malware is to scan it at the server level, he noted.
From 5,000 to 29,000
Over the last month there has been a huge surge in such attacks on Web sites, he added -- from 5,000 per day a month or so ago to an average of 29,000 per day now.
More worrisome is that some are legitimate and well-trafficked Web sites. Besides the UN, the IRS and the U.S. Department of Transportation have had their Web sites hacked recently, according to O'Brien.
The typical end goal for these attacks has been to establish armies of zombie computers that can be used in subsequent attacks.
More Than Just a Prank
Over the July 4 weekend, for example, a large malware campaign circulated using e-greeting cards.
"You clicked on the card and were redirected to the Web site that contained the malicious code," O'Brien said.
Last week, the cyberspace community saw the first fruits of that campaign: the largest spam cycle to date, according to O'Brien.
The attack helped further a pump-and-dump stock scheme that Sophos called one of the largest to date.
Postini CEO Quentin Gallivan, Part 1: The Challenges of Compliance August 13, 2007
"To reduce litigation risk many of the large enterprise customers with whom we
are speaking are implementing an online digital archiving strategy to improve the
speed and accuracy of search results when it comes to responding to a regulatory
inquiry or a lawsuit investigation," said Postini CEO Quentin Gallivan.
Related Stories
The Woes of WiFi, Part 1: Insecure by Default August 11, 2007
All too often the conglomeration of WiFi hotspots now frequently found in public spaces comes with an unexpected cost for mobile device users hungry for an Internet connection -- especially a free one. The proliferation of WiFi accessibility is seriously affecting security. More hackers are targeting WiFi as user numbers grow.
Related News Alerts
More by Erika Morphy
Ballmer Gives Shareholders - and Dell - Cause for Optimism November 20, 2009
Microsoft CEO Steve Ballmer was all smiles at the company's shareholders meeting, as he touted the early success of Windows 7. Ballmer's cheer may have been contagious; after posting a massive earnings decline for the third quarter, Dell needed some good news to latch onto, and the prospect of broad enterprise adoption of Windows 7 could spur PC sales.
AA.com Sucks the Fun Out of Trip-Planning November 20, 2009
Using AA.com to book a flight was a painful experience. Densely packed, disorganized information was displayed in an unattractive format. On the plus side, it did seem as though the deals American Airlines advertised were real and not mere bait-and-switch lures. For anyone who wants a travel-planning Web site to inject a little pleasure into the experience, though, I say look elsewhere.
Salesforce.com Pumps Up Volume of Workplace Chatter November 19, 2009
Salesforce.com has developed a collaboration platform that puts social networking to work. Salesforce Chatter facilitates employee collaboration on projects through Facebook-like profiles, status updates, feeds and groups. The question remains whether employees will be as open to social networking in the workplace as they are in their personal lives.
Headline Feeds
Talkback: 
