Thursday, January 28, 2010

Multiple Congresspeople websites defaced

National Journal's Hotcall reported around 3:20 AM on Thursday, January 28 that various congress people's (both republican and democrat) websites were defaced.

The message was crude and simple:
"F--- OBAMA!! Red Eye CREW !!!!! O RESTO E HACKER!!! by HADES; m4V3RiCk; T4ph0d4 -- FROM BRASIL," the messages read.

Praetorian Prefect has some screenshots and what seems to be a pretty complete list (perhaps compiled by going through the sites manually around 4 AM!)

A few committee sites were affected as well:

Ironically, one of the first defacements discovered was on Congressman (R-SC) Joe Wilson's site, who (in)famously yelled "You Lie!" at Obama. Mr. Wilson gave one of the first live responses to Obama's SOTU speech.

The websites are maintained by the House IT staff, and most of them run on identical systems and software. So it is not surprising that after the first site was found to be vulnerable, the attackers found a rich array of soft targets.

As a result, the serial defacement does not surprise me--if anything, I am surprised they did not hack 500+ sites.

Praetorian Prefect identified the Joomla CMS as the one common factor on all the defaced websites (but not all Congressional sites running Joomla were defaced)

It seems a particular Joomla component or module was vulnerable and was exploited. I just hope the knee-jerk reaction to this is not to go back to some proprietary CMS.