Hacker Attacks British Parliament Website

A hacker invaded the website of UK's Parliament through the exploitation of SQL-injection vulnerability. The incident is unfortunately indicative of questionable and poor practices of password security by the website administration.

The hacker belonged to Rome and called himself Unu. He examined high profile and reputed websites regularly for probable security flaws. The websites he particularly broke into were of BitDefender, Kaspersky, Symantec, F-Secure, The Telegraph and British Telecom, and The International Herald Tribute, to name some and recently, Yahoo!Local.

Unu said - the flaw in the UK Parliament website is relatively simple to identify. Further, it (flaw) exists in a PHP code embedded on the site's lifepeeragesact.parliament.uk portion that fails to adequately disinfect components transferred to the website. Consequently, attackers gain the privilege of running SQL requests straight into the site's content through a URL manipulation.

Further, Unu published screenshots that showed how the related online server was using Debian 4.0 (Etch) Linux software while there was a database backend of MySQL 5.0.32 form. The database on the website is named parliament_live.

Meanwhile, researchers state that the disturbing issue pertaining to the hack is the revelation of database supporting the administrative accounts of the website.

Owing to the website hack, a particular account named "fullera" possibly of Alex Fuller's, who, as per his profile on LinkedIn, is presently engaged as a senior web creator at the British Parliament. Two more web accounts drawing the attention of researchers are "moss" and "reida," but it could not be said with certainty whether these were of Conservative MP Malcolm Moss and Liberal Democrat MP Alan Reid.

According to Unu, he has always been involved in vulnerability disclosure quite responsibly. However, for security reasons, he has blotted potentially sensitive details from the screenshots in the current instance.

Moreover, it is worth mentioning that hacker Unu hasn't harmed the website. A hacker is different from a cracker because he is ethical with non-destructive intentions. Consequently, the website administrators of the parliament were saved from some serious problems.

Related article: Hacker & Virus in MySpace

» SPAMfighter News - 9/18/2009