When the People's Association (PA) website and its 15 affiliated websites got hacked in December 2012, the news made headlines in Singapore. The hackers were HighTech Brazil HackTeam.
Now, a study reveals the exact technical reason behind their being hacked.
According to the case study published by IT community Knowledge Republic, HighTech Brazil HackTeam had targeted various vulnerabilities of the affected websites in the following content management systems used by the websites.
1. Joomla 1.5
2. Joomla 1.7
3. WordPress 3.1.3
4. WordPress 3.3.1
The study clarified that the vulnerabilities in the content management systems come with exploits scripts which are 'readily available through hackers' forums'. This means that hackers needn't have sophisticated hacking skills to do the job.
According to the report, based on these vulnerabilities, the "HighTech" Brazil HackTeam had clearly either defaced the PA websites site through direct SQL injections or XSS.
Could such vulnerabilities be detected earlier? According to security firm Imperva, the answer is yes. The company said that such vulnerabilities could have been identified and addressed by monitoring and detecting aberrant behaviour in the systems.
"Hacktivists are always on the lookout for vulnerabilities in any system and server that websites and organisations use, usually in order to attack and humiliate them," said Stree Naidu, Vice President of Imperva, Asia Pacific and Japan. "Websites that have high visibility are especially prone to such illogical attacks. It is time for all organisations in Singapore to take action in protecting themselves before another incident like this happens."
For more details, the case study is available on http://www.knowledge-republic.com/CRM/2012/12/case-study-on-www-pa-gov-sg-being-hacked-by-hightech-brazil-hackteam/.
Sign up for CIO Asia eNewsletters.