Contributors
Jeremiah Grossman
(WhiteHat Security)

Ofer Shezaf
(Breach Security) [Project Leader]

The Web Hacking Incidents Database
Last update:17 February 2008

List of Incidents for a Classification

Please note that classifications are a new feature and not all entries in WHID are already classified, so when you get a certain number of entries for a classification, WHID might have more records matching that classification that we did not classify yet. We hope to complete the classification process soon.

Select classification:
Attack Method, Country, Location, Origin, Outcome, Software, Vertical

Select criteria for classification "Vertical":
Education, Entertainment, Finance, Government, Health, Information Services, Internet, Marketing, Media, Politics, Retail, Security & Law Enforcement, Service Providers, Sports, Technology

List of incidents for which Vertical is Politics
4 incidents listed
WHID 2007-61: Another inconvenient truth: Al Gore's Web site hacked
Reported: 19 December 2007
Occurred: 26 November 2007

Classifications:

  • Attack Method: Known Vulnerability
  • Country: USA
  • Outcome: Link Spam
  • Software: WordPress
  • Vertical: Politics

Whether comment spam by itself is an application failure or a necessary evil for site allowing rich comments is an open question. However it is reported that in this case vulnerability in WordPress allowed the spammers to actually penetrate the site and modify pages and not just abuse comments.

References:

WHID 2007-45: XSS flaw makes PM say: "I want to suck your blood"
Reported: 10 October 2007
Occurred: 09 October 2007

Classifications:

  • Attack Method: Cross Site Scripting (XSS)
  • Country: Australia
  • Outcome: Defacement
  • Vertical: Politics

Using XSS on the sites of both Australian major political parties a security researcher nicknamed Bsoric caused the Liberal Party's Web site to read: "John Howard says: I want to suck your blood", while another script caused a window to pop up on the Labor Party's Web site, urging viewers to "Vote Liberal!"

References:

WHID 2007-39: Hacker sabotages Peru president's Web site
Reported: 30 August 2007
Occurred: 24 July 2007

Classifications:

  • Attack Method: Unknown
  • Country: Peru
  • Outcome: Defacement
  • Vertical: Politics

Defacements seem to start dominating this list. Alas, they are the most obvious web site hacks out there. While not every defacement is reported in the Web Hacking Incidents Database, key ones are. I included this one since the attacked web site is significant, and since it emphasizes what is becoming a major goal of attacking: politics and international affairs. As a side note, this incident is also interesting because it was repeated after discovered and presumably fixed, which goes a long way to show how much effort there is in protecting web sites and how difficult it cab be.

References:

WHID 2007-05: Hacking John McCain
Reported: 29 March 2007
Occurred: 27 March 2007

Classifications:

  • Attack Method: Misconfiguration
  • Country: USA
  • Outcome: Defacement
  • Vertical: Politics

An open source developer virtually defaced John McCain's MySpace page. He did not have to commit any crime, because the page pulled an image directly from the open source developer's site.

References:


This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
 
© Copyright 2005, Web Application Security Consortium. All rights reserved.