Hackers Replaced Spain’s PM with Mr. Bean on Official Website
Hackers, who attacked Spain's official website, briefly replaced the country's prime minister with a fictional comedy man, Mr. Bean.
Officials on behalf of Prime Minister 'Jose Luis Rodriguez Zapatero' said that the defacement had occurred on www.eu2010.es, but they ruled out any data compromise on the website, as reported by The Register on January 5, 2010.
In addition, the government in a statement stressed that the attack was not directly on the site rather it was a home page screenshot taken by an unknown hacker to create a tableau of photographs.
The attack involved the exploitation of XSS (cross-site scripting) vulnerability by inserting malicious code or unauthorized content into the flawed site.
The security researchers have explained that the hack was not very damaging but XSS flaws could be abused for inserting malware into users' Web-browsers. By inserting malicious code, hackers could compromise a visitor's authentication details or divert him to a malware ridden website.
When visitors accessed the prime minister's website, they briefly found a picture of Rowan Atkinson, an actor who played Mr. Bean. Actually, it has been a joke for long to compare the Spanish leader's appearance with the clown.
In the month of August 2009, hackers found XSS flaws on the website of Britain's Ministry of Defence (MoD). The miscreants, by exploiting those flaws, managed to display a hacked website's content within a pop-up box, which seemed as though it was from the Ministry.
Ultimately, security researchers stated that the cross-site scripting vulnerability was extremely serious with respect to e-commerce or banking websites. The reason cited was that it helped to cause more credible phishing assaults. Moreover, the vulnerability could be embarrassing if it appeared on reputable or government websites like those of Spain's official site or the MoD, the researchers added.
Related article: Hackers Redirect Windows Live Search to Malicious Sites
» SPAMfighter News - 15-01-2010