|
The Web Hacking Incidents Database
Last update:17 February 2008
List of Incidents for a Classification
Please note that classifications are a new feature and not all entries in WHID are already classified, so when you get a certain number of entries for a classification, WHID might have more records matching that classification that we did not classify yet. We hope to complete the classification process soon.
Select classification:
Attack Method, Country, Location, Origin, Outcome, Software, Vertical Select criteria for classification "Outcome":
Blackmail, Chaos, Deceit, Defacement, Disclosure Only, Downtime, Extortion, Identity Theft, Information Warfare, Leakage of Information, Link Spam, Loss of Sales, Monetary Loss, Phishing, Planting of Malware, Political Defacement, Spam, Worm
List of incidents for which Outcome is Defacement
25 incidents listed
Reported: 17 February 2008Occurred: 31 January 2008
Classifications:
- Attack Method: Unknown
- Country: Greece
- Outcome: Defacement
- Vertical: Government
This is yet another case of defacement of a governmental web site. It is amazing to note it is nearly never the large commercial and financial web sites that are defaced. It is either small mom and dad shops or government and political web sites. Don't you get the feeling the government IT is run like a mom and dad shop? Do you wonder if it is only the IT part that is run that way?
References:
Reported: 17 February 2008Occurred: 23 November 2007
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Country: Global
- Outcome: Defacement
- Vertical: Technology
The standard disclaimer that we do not cover each and every defacement is relevant to this entry as well. So why do we include the defacement incident this time? First and foremost, it is known to be an XSS abusing a WordPress zero day bug. Secondly, it is a targeted attack aiming to deface only Mac related web sites. Usually targeted defacement attacks are carried out against political targets. Did attacking apple become a political issue? Was Apple transformed into a nation overnight? Well certainly into a cult.
References:
Reported: 12 February 2008Occurred: 11 February 2008
Classifications:
- Attack Method: Unknown
- Country: Ecuador
- Outcome: Defacement
- Vertical: Government
Was it defaced or not? In this extraordinary incident, a hacker broke to the web site of the Ecuadorian president and said nice things about him. So nice in fact that the presidential office had to apologize in front of the opposition leader. Was it a hack or an over enthusiastic marketing person?
References:
Reported: 28 January 2008Occurred: 06 January 2008
Classifications:
- Attack Method: SQL Injection
- Country: USA
- Outcome: Planting of Malware
- Outcome: Defacement
- Vertical: Government
You dfon
References:
Reported: 22 January 2008Occurred: 20 January 2008
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Attack Method: SQL Injection
- Attack Method: Denial of Service
- Attack Method: SQL Injection
- Country: Global
- Country: USA
- Outcome: Defacement
- Outcome: Downtime
- Outcome: Defacement
- Vertical: Entertainment
The web site of RIAA, the Recording Industry Association of America was attacked twice using SQL injection over the weekend. First a query that takes particularly long time was posted on a social network web site causing a distributed denial of service attack against the site. Later on hackers found and abused additional SQL injection and XSS vulnerabilities resulting in major defacement of the site.
References:
Reported: 22 January 2008Occurred: 20 January 2008
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Attack Method: SQL Injection
- Attack Method: Denial of Service
- Attack Method: SQL Injection
- Country: Global
- Country: USA
- Outcome: Defacement
- Outcome: Downtime
- Outcome: Defacement
- Vertical: Entertainment
The web site of RIAA, the Recording Industry Association of America was attacked twice using SQL injection over the weekend. First a query that takes particularly long time was posted on a social network web site causing a distributed denial of service attack against the site. Later on hackers found and abused additional SQL injection and XSS vulnerabilities resulting in major defacement of the site.
References:
Reported: 01 January 2008Occurred: 07 November 2007
Classifications:
- Attack Method: Unknown
- Country: India
- Outcome: Defacement
- Vertical: Service Providers
Yet another defacement, but this time at a very major telecommunication provider in India. These are the guys in charge of our network after all!
References:
Reported: 30 December 2007Occurred: 15 December 2007
Classifications:
- Attack Method: Cross Site Request Forgery (CSRF)
- Country: UK
- Origin: Iran
- Outcome: Defacement
- Outcome: Blackmail
Many times we dismiss seemingly minor vulnerabilities in major web sites. Most notably, "yet another" XSS or CSRF vulnerability in a well known service is not considered news anymore. However the following story proves that no matter what, such vulnerabilities cannot be ignored. The attack is simple, the result pretty frightening. An attacker, presumably Iranian, stole the domain name of David Airey, a graphic artist and a known blogger. The attack was very well timed with David's leaving to a long vacation. The goal was to extort money in order to return the domain. In David's case there is a happy end, as the attention he got helped him receive his blog back, with some loss in traffic, search engine ranking and time. But other victims of the attacker who steal domains for living may not be as fortunate.
References:
Reported: 20 December 2007Occurred: 20 December 2007
Classifications:
- Attack Method: SQL Injection
- Country: USA
- Origin: Indonesia
- Outcome: Defacement
- Vertical: Security & Law Enforcement
Just like WHID 2007-60, this hack is probably a representative of many other incidents. The Indonesian hacker Hmei7 has left the message "Hmei7 has touched your soul" on the Web site of the police department in Tucson, Arizona. Only unlike regular defacement, this time it is not the front page but rather the news section that was modified.
As many you know, the news section is one of the few database driven parts in many mostly static sites, as it allows the site owner to add news without requiring a web designer. Therefore it came as no surprise that the attack was identified by a public source as an SQL injection attack.
References:
Reported: 10 October 2007Occurred: 09 October 2007
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Country: Australia
- Outcome: Defacement
- Vertical: Politics
Using XSS on the sites of both Australian major political parties a security researcher nicknamed Bsoric caused the Liberal Party's Web site to read: "John Howard says: I want to suck your blood", while another script caused a window to pop up on the Labor Party's Web site, urging viewers to "Vote Liberal!"
References:
Reported: 03 September 2007Occurred: 29 August 2007
Classifications:
- Attack Method: Unknown
- Country: Spain
- Outcome: Defacement
- Vertical: Government
Yet another defacement, and as usual in the political arena.
However, this one is worth a note as the attack is very targeted, while
usually such political defacements are carried quote randomly against
sites loosely related to the opponent and usually has little to do with
the actual message the attackers want to convey. In this case the
defacement seems to be a direct response to the hot debate about
housing prices in Spain.
References:
Reported: 02 September 2007Occurred: 20 August 2007
Classifications:
- Attack Method: Known Vulnerability
- Country: USA
- Outcome: Defacement
- Vertical: Government
Defacements seem to dominate the list recently, probably because they reach everywhere. Two important conclusions from this particular one are that patch management is a key problem and that it is a problem mainly at government sites across the world.
References:
Reported: 02 September 2007Occurred: 29 August 2007
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Country: New Zealand
- Country: New Zealand
- Outcome: Defacement
- Vertical: Media
Still defacement but this time with a twist. This was a genuine XSS rewriting attack, and was carried out by well known people as a stunt. No information is provided on how the XSS vector found its way to the victim computers.
References:
Reported: 30 August 2007Occurred: 24 July 2007
Classifications:
- Attack Method: Unknown
- Country: Peru
- Outcome: Defacement
- Vertical: Politics
Defacements seem to start dominating this list. Alas, they are the most obvious web site hacks out there. While not every defacement is reported in the Web Hacking Incidents Database, key ones are. I included this one since the attacked web site is significant, and since it emphasizes what is becoming a major goal of attacking: politics and international affairs.
As a side note, this incident is also interesting because it was repeated after discovered and presumably fixed, which goes a long way to show how much effort there is in protecting web sites and how difficult it cab be.
References:
Reported: 13 August 2007Occurred: 12 August 2007
Classifications:
- Attack Method: SQL Injection
- Country: United Nations
- Outcome: Defacement
- Vertical: Government
Defacements are usually beyond the scope of the Web Hacking Incidents Database. We only publish those that stand out, and this one certainly stands out.
The site of the United Nations was broken into and defaced using a pretty basic SQL injection technique, and the referenced article has all the details
References:
Reported: 22 July 2007Occurred: 20 July 2007
Classifications:
- Attack Method: Unknown
- Country: Thailand
- Outcome: Defacement
- Vertical: Government
While defacements are usually not the bread and butter of this database, when it hits an important government site, especially of a ministry in charge of information technology, it is worth mentioning it.
References:
Reported: 01 July 2007Occurred: 27 June 2007
Classifications:
- Attack Method: SQL Injection
- Country: UK
- Outcome: Defacement
- Vertical: Technology
Yet another defacement, but with a very high profile target, and a detailed description of the attack which took advantage of an SQL injection vulnerability. The report even includes a video recording of the attack.
References:
Reported: 26 June 2007Occurred: 22 June 2007
Classifications:
- Attack Method: Unknown
- Country: Belgium
- Outcome: Defacement
- Vertical: Security & Law Enforcement
As you may know, defacement usually do not find their way to WHID, especially if the method used is not known. However, since in this case the victim was the Belgian police, I though it is worth including.
References:
Reported: 12 June 2007Occurred: 10 June 2007
Classifications:
- Attack Method: Unknown
- Country: India
- Outcome: Defacement
- Vertical: Government
The web site of the chief minister of Kerala (an Indian State) was hacked and defaced. The local police has contacted the Interpol to help in finding who is behind the web site hacking.
References:
Reported: 17 May 2007Occurred: 15 January 2007
Classifications:
- Attack Method: SQL Injection
- Country: Belgium
- Origin: Turkey
- Outcome: Defacement
- Vertical: Security & Law Enforcement
The site of the Belgian Defense Ministry was defaced by Turks who protested a pro-Kurdish remarks by the Belgian government.
References:
Reported: 06 May 2007Occurred: 03 May 2005
Classifications:
- Attack Method: SQL Injection
- Country: USA
- Origin: Saudi Arabia
- Outcome: Defacement
- Vertical: Technology
This incredible story from our friends at Zone-H shed light on one of those defacement attacks, which usually go unexplained. This time an infamous Saudi-Arabian hacker abused SQL injection vulnerability in Internet Explorer Administration Kit web site. And guess what type of SQL injection: A login form SQL injection!
References:
Reported: 05 April 2007Occurred: 09 February 2007
Classifications:
- Attack Method: Insufficient Authentication
- Country: USA
- Outcome: Defacement
- Vertical: Education
Two girls modified a schools home page by adding a note that school was closed due to a snow storm. The attack was probably done using a rouge admin accounts.
References:
Reported: 30 March 2007Occurred: 29 January 2007
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Country: Canada
- Outcome: Defacement
- Vertical: Technology
Nokia's Canadian Web Site was defaced using an XSS attack.
References:
Reported: 29 March 2007Occurred: 27 March 2007
Classifications:
- Attack Method: Misconfiguration
- Country: USA
- Outcome: Defacement
- Vertical: Politics
An open source developer virtually defaced John McCain's MySpace page. He did not have to commit any crime, because the page pulled an image directly from the open source developer's site.
References:
Reported: 04 April 2006Occurred: 17 March 2006
Classifications:
In this very interesting attack a hacker broke into the informational web sites of several smaller banks in Florida. He than changed the link on the informational pages that points to the outsourced transactional web site to point to his own phishing site.
While the vulnerability that enabled the hacker to penetrate the informational sites is not known, this is a very interesting example of a targeted web attack. It highlights the importance of protecting every web site and not just the core business logic.
References:
This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
|
