The defacement of the Our Planet subdomain on the United States Department of State website by Indonesian hacker Dbuzz shows how vulnerable the vast majority of web properties are to subversive idealogues.
The nuisance attack -- reported by hackread -- is akin to spraying graffiti on a business or agency front door: "Hacked by Dbuzz" in the case of the State Department's webpage.
On around the same day when he hacked the US Department of State website, Dbuzz also reportedly breached and defaced the official blog domain of USEmbassy.gov.
And earlier this week, the hacker is credited with defacing websites of the Indonesian government and ones of a Malaysian educational institution.
"This is further demonstration of the way that complex infrastructure is easy to attack," says Dr. Mike Lloyd, CTO, RedSeal Networks. "What's unusual in this case is that we knowabout the attack - that the page was defaced in a way we can see."
Lloyd says that it probably wouldn't take a high level of hacking skill for DBuzz, or someone other low-level hacker, to "put invisible code onto a site like this that infects any machine used to view the compromised site."
Observes Lloyd: "The challenge for defenders is sprawl - our attack surface grows as our online infrastructure increases. As we know from national events, we are increasingly dependent on online infrastructure. This might be okay if a 'typical' machine was well hardened and ready to withstand attack, but the opposite is true - the number of exploitable defects grows faster than defenders can keep up. Attackers can use automated search tools to find any defect that the defenders miss, and it leads to incidents like this."
Source : USA Today
No comments