Reported: 30 December 2007
Occurred: 15 December 2007

Classifications:

• Attack Method: Cross Site Request Forgery (CSRF)
• Country: UK
• Origin: Iran
• Outcome: Defacement
• Outcome: Blackmail

Many times we dismiss seemingly minor vulnerabilities in major web sites. Most notably, "yet another" XSS or CSRF vulnerability in a well known service is not considered news anymore. However the following story proves that no matter what, such vulnerabilities cannot be ignored.

The attack is simple, the result pretty frightening. An attacker, presumably Iranian, stole the domain name of David Airey, a graphic artist and a known blogger. The attack was very well timed with David's leaving to a long vacation. The goal was to extort money in order to return the domain. In David's case there is a happy end, as the attention he got helped him receive his blog back, with some loss in traffic, search engine ranking and time. But other victims of the attacker who steal domains for living may not be as fortunate.

References:

• When fixing is not enough
  Blog Entry, Securiteam, 28 December 2007
• WARNING: Google's Gmail security failure leaves my business sabotaged
  Victim's Report, David Airey, 24 December 2007
• Google GMail E-mail Hijack Technique
  Blog Entry, GNUcitizen, 25 September 2007
• Collective effort restores David Airey.com
  Victim's Report, David Airey, 27 December 2007

---

This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.