US Congressional Websites Hit By Mass Defacement Attack
Over thirty websites of various Representatives and House Committees fell victim to mass defacement yesterday. The incident occurred shortly after President Obama gave his State of the Union address.
The attack seems to be politically motivated as it contained an offensive anti-Obama message. All affected websites are from within the house.gov domain and most of them served House Representatives. However, a few, such as gop.cha.house.gov, republicans.financialservices.house.gov, republicans.oversight.house.gov or resourcescommittee.house.gov, correspond to House committees.
According to Web defacement archive Zone-H, the Red Eye Crew is a prominent hacking group responsible for more than 45,000 defacements in 2009 alone. Around 2,000 of the affected websites are listed as special, meaning they belong to governments, military organizations or important corporations.
Determining a specific point of entry for these attacks without any insider knowledge is hard. However, security researchers from Praetorian Security Group determined that all compromised websites use the Joomla content management system. “But not all of the Joomla CMS web sites [on the same server] are affected. This might indicate that it is a Joomla component that is to blame, however that is just speculation,” they write.
It is worth noting that a significant number of websites within the house.gov domain were defaced last August by a different group. At the time, there was information to suggest that the compromise was the result of default passwords that were left unchanged.
“Unfortunately we won’t know that until someone who manages house.gov provides some details. Server access seems unlikely, because while the sites we checked are hosted on dcserver1.house.gov, not every site hosted on that server is defaced (example congressman Joe Sestak’s web site was fine). The sites are not redirecting anywhere,” the Praetorian Security Group experts conclude.
Credit: Softpedia.com News
More on CyberInsecure:
February 8th, 2010 at 11:12 pm
http://www.thetechherald.com/article.php/201004/5160/Congressional-sites-defaced-after-State-of-the-Union-address
According to tech Herald the Joomla! hasn’t been updated for long time. Site was running on version 1.5.5 although the latest version is 1.5.15. So seems that the site admin is to blame, not the developer.