On Sunday August 12, 2007 portions of the United Nations (UN) website were defaced by what appears to be a group of Turkish hackers. In particular, the section of the UN website that hosts speeches by the Secretary General Ban Ki-Moon was hacked and the following text was inserted on the page:
HACKED BY KEREM125 M0STED AND GSY THAT IS CYBERPROTEST HEY ÝSRAIL AND USA DONT KILL CHILDREN AND OTHER PEOPLE PEACE FOR EVER NO WAR. (source)
According to security experts, this attack was caused by a SQL injection attack that exploits vulnerabilities in the database layer of a web application. This is not the first time a major website has been attacked via an exploit of an SQL injection vulnerability. In June 2007, Microsoft’s United Kingdom (UK) website was defaced via a SQL injection attack. (source)
The CyberProtest Gang
British media sources have stated that the hackers ‘Kerem125’, ‘M0sted’ and ‘GSY’ are all part of a hacking gang known as ‘CyberProtest’. ‘M0sted’ stated that the goal of the defacement of the UN was to let it be known, “that the powerful have no right to oppress the powerless.” Another member of the gang, ‘Eno7’, said that the group was formed in response to the Israeli attacks against Lebanon last year. (source)
Defacement as a Road to Disinformation
While the defacement was quickly detected and removed, it is important to understand that future attacks may be more difficult to detect. For example, a clever attacker intent on waging a sustained disinformation campaign may choose to plant disinformation on well-known websites such as major media outlets. If the disinformation was professionally produced and did not include the obvious misspellings included in the recent UN defacements, it is possible the disinformation would not be noticed immediately. As a result, a substantial number of Internet users would possibly believe the stories posted on the affected sites – simply because the user trusts the “brand” of the well known website.
While it is strictly speculative to contemplate the effects of such an attack, it is at least theoretically possible that a disinformation campaign that planted false or misleading stories online could have a short-term financial impact. For example, if attackers posted articles detailing product failures and pending lawsuits against a well-known publicly traded company it is possible that investors may sell their positions in the affected company. Alternatively, a terrorist group may coordinate a disinformation campaign with an actual attack. This type of disinformation campaign could possibly seek to inflate the damage caused by the attack and further work to sow confusion and multiply the fears of the general public in the immediate aftermath of an attack.
Increased Reliance on Online Sources
A recent report by Online Publishers Association (OPA) and Nielsen/NetRatings helps frame the potential severity of an online disinformation campaign. According to the OPA’s newly released Internet Activity Index (IAI), a four-year-long study of online trends, users spend more time online reading and viewing content than any other activity such as communicating and shopping. Prior to 2003, users spent most of their time online communicating via tools such as email. However, according to the OPA in 2007 users spend more time online viewing content because of the explosion in availability of online content. Moreover, most users now routinely conduct activities that were previously conducted offline, such as reading news and checking weather, online (source).
The combination of this increased reliance on online sources for news and information in combination with a wealth of technical flaws that can in many cases be easily exploited creates a unique opportunity for attackers seeking to cause an increased amount of damage.
It is therefore incumbent upon website operators to ensure that their websites are secure. As demonstrated by the attack on the UN a single vulnerability can allow a malicious attacker to make untold unauthorized changes.