Hackers Alter Content on Sites of Liberal & Labor Parties
Hackers who exploited a security flaw to change the Website of the Liberal Party by displaying an indecent message referring to John Howard also used the same flaw in the Queensland Government and the Labor Party sites.
The hackers found a process by which they modified the postings on liberalparty.org.au and under the caption Liberal Party of Australia, they wrote, "John Howard says, "I like to s...d...!"
The loophole was apparently fixed on October 9, 2007 and the site restored to its original condition.
Media advisor Jim Bonner for the federal secretariat of the Liberal Party said he knew about the hack into the Website of the Liberal Party. Investigations were on to confirm the state of damage, he said. The Age site published this in news on October 10, 2007.
The attack on the site was through an HTML injection in which the hacker takes advantage of vulnerability underlying within the Website to change its content for display. Although the attack is a plain hack, it can lead to even more malicious XSS or Cross-Site Scripting attacks whereby corrupt data could be introduced into a victim's PC.
While this is not the first such attack on the Website, there have been many previous instances of HTML injections on it. Another HTML attack occurred on the transport enquiry page of the Queensland Government that showed modified content.
Earlier in 1998, The Liberal's Website faced an attack during the campaign for Federal Election when an employee for the Labor Party hacked The Liberal's site and added pornographic material. He also posted offensive remarks about a number of Liberal frontbenchers. Cyber analysts described the attack as the first ever "electoral cyber warfare" event in Australia.
The Liberal Party, which discovered a flaw in its site in August 2007, had fixed it in a short time. But this time, CIO of Australian Liberation Party, Dennis Perry, did not believe the same problem occurred, as per what he told ZDNet Australia on October 9, 2007.
These XSS vulnerabilities are commonplace in many Websites, especially those of corporations and government departments, said Chris Gatford of penetration testing firm Pure Hacking.
Related article: Hackers Redirect Windows Live Search to Malicious Sites
» SPAMfighter News - 25-10-2007