Tuesday, 6 December 2011

Another UN Site Is Hacked

My blog entry for yesterday now appears almost prophetic as reports emerge today that another UN site has been hacked using, guess what, a SQL Injection vulnerability. 

The site belongs to the UN refugee organisation (ACNUR) based in Spain.  Not much point in attacking them you might think.  This organisation does only good works helping refugees from beleaguered countries in Africa.  However, the data that their servers hold is far from valueless.  Think of the high profile people who have dealings with the UN and their contact details are an obvious target.

Sure enough the hackers were able to obtain email and phone details for people such as Barack Obama. 
Luckily the password to the President's email was encrypted within the data store so it wasn't totally compromised - at least whilst the hackers try to decrypt the password Mr Obama has time to change his password.  Email addresses and phone numbers take a little more doing.

I would not at all surprised to find that this vulnerability was exposed using the techniques described in the blog below.  Having had a high profile intrusion only a few days ago you would have thought that the UN would be taking particular care of their systems, especially when they obviously do contain very sensitive information that none of us, never mind the US President, would wish to be compromised.  Or maybe their claims that the group "Team Poison" had compromised only an old system with no data of value, is not quite the full story.  Is this a continuation of the first attack?

This latest attack appears to again be a collaborative effort.  This time a group called "Sector 404" has said that they have come together with the well know group "Anonymous" to mount the attack.  Which group found the vulnerability and which mounted the attack is unclear but as I've said before such sharing of information to break into systems is becoming increasingly common.

Hopefully the UN will now call in some help and audit their systems.