Jan 09

Fine Gael New Website Defaced

by in Hosting, security, Techie :: Techno ::

Fine Gael's new website has been defaced.
Screenshot below:

fine-gael-defaced.jpg

They were the only major political party to still host their website in Ireland up until very recently.

UPDATE 2135: The Fine Gael site is now completely offline with this default holder up instead:

Screen shot 2011-01-09 at 21.37.21.pngBy the sounds of things the defacement was due to bad coding. People were able to post comments including Javascript which was actually executed, instead of being stripped out. As Homer would say - doh!

UPDATE 00:20
There is now a more official looking holder page up:

Screen shot 2011-01-10 at 00.23.55.png

Wait for the wonderfully vague (and inaccurate) excuses and explanation from Fine Gael spokespeople in the coming days ...

Update 0930
The Fine Gael website is back up and running with no evidence of the defacement in sight. It's also not clear whether they have taken any measures to improve the coding of the site to stop the kind of attack that that happened last night. It seems that they had another message on the site during the night which tried to spin the hack (via Kieran Lane) :

fine-gael-spin.jpg
I have a few problems with this message and the total lack of any message on the site at present.
To start with trying to spin the defacement in this manner is really not that bright. Either they think we're all dumb or their spin doctors are more naive than I thought.
Secondly it's not clear if the defacement's attack vector has been patched properly or not. Under normal circumstances I would assume that it had, but considering how simple the "hack" was I wouldn't be overly confident of them having fixed it.

UPDATE 1038:
It now transpires that the defacement was a lot more serious and several thousand people's contact details may have been compromised. No mention of any of this that I can see on the Fine Gael site.. And their WHOIS data doesn't exactly instil any confidence in them ..

UPDATE 1135
the spin continues.
Fine Gael are now claiming that the site was "professionally hacked". Even though several people have pointed out how the site was easily compromised they seem to be ignoring this completely.
They sent the following email to their "supporters" with the subject line: FG Website Professionally Hacked / Authorities Notified

finegael-compromised-data-email.jpg

Update 20:05
At some point today, probably after they sent out the email above (?) the Fine Gael website was taken offline and the following message put up:

Fine Gael holding page - "professional hack"

It's basically the same text as they used in their email.
Some sources are stating that the FBI has now been contacted. This is quite normal and has nothing to do with the site's profile.

Update Tuesday 11 January 19:25

At present Fine Gael does not have a functioning website. The .ie (finegael.ie) which they had been using for years is still redirected to the .com, which has been offline since yesterday. FineGael.com is currently pointing to a default IIS7 page.
So the main opposition party in Ireland is basically "offline"

UPDATE Wednesday 12 January 17:45

While searching for an article related to this incident I got the following (click to enlarge) :

fine-gael-google.jpg

You'll not
ice a couple of things:

  1. Fine Gael are paying for Google Adwords to drive traffic to a holding page. I've no idea how much they're paying per click, but it's a waste of money at present due to the site being completely offline.
  2. The link to Enda Kenny's page on the Fine Gael website no longer works, as they've redirected ALL traffic for *.finegael.ie to the new site, which is still offline. Oddly enough Fine Gael sub-sections in the format www.politicianname.finegael.ie are still working.

According to an article on Forbes the Anonymous group are denying responsibility for the hack and have also given some very plausible explanations as to why they could not have been involved. Worth reading.

UPDATE Friday 14 January 19:00

The Fine Gael website is back online. It's now carrying a message from Enda Kenny about the hacking incident:

A couple of weeks ago I said that I wanted to hear from you and despite the recent interruption to the website, I still do.

You may be aware this website was hacked on January 9, 2011 and Fine Gael is now assisting the relevant authorities in their ongoing investigations. We very much regret that contact data that the public supplied as part of an open and genuine conversation about the future of our country was accessed in the course of this hacking incident. For now we have removed the email and mobile phone sections of the Comment forms but we still want to hear your views, opinions and concerns about the issues facing our country.

This video I recorded at the end of last week was a response to the overwhelming participation on the site, since going live. The message in the video remains the same, even if we have been delayed in posting it to this site.

I am looking forward to hearing your comments on what's needed to change our country once more.

I'm a little confused by the removal of the email and phone sections of the comment forms. Does this mean that they still haven't secured the site completely, or is this some kind of attempt to make people feel that they're being more careful about personal data?

Speaking of Enda Kenny .. ...

Googling for him at the moment gets some rather "interesting" results.

His page on the Fine Gael site is not reachable, as mentioned before. However it is quite easy to get to endakenny.com. You'd think this was either his site or that of the folk singer based in Australia. It's not. It's a Bebo page which is obviously a "spoof site" setup by someone who doesn't particularly like Enda Kenny or Fine Gael ..

Related Posts:

Tags: , , , , , ,

10 Responses to “Fine Gael New Website Defaced”

  1. From Stewart Curry:

    I wonder if someone had stuck a Joker playing card up instead of Anonymous would they have said they were attacked by a crazed villain but were working with Batman to rectify the situation?

    Posted on January 10, 2011 at 9:46 am #
  2. From Anon:

    “professionally hacked”
    Hilarious.
    That’s like going on holidays for 2 weeks, leaving your front door wide open, then complaining that your house was invaded by a gang of sophisticated “professional thieves”.

    Posted on January 10, 2011 at 11:59 am #
  3. From Stewart Curry:

    I saw a comment on twitter to do with how the fact that it’s not hosted in Ireland might impact a Gardai investigation … do you know any more about this?

    Posted on January 10, 2011 at 12:19 pm #
  4. From Michele Neylon:

    Stewart
    If they have to get all the server logs then it’s a cross-border issue. In order to maintain the proper chain of evidence etc., they’d need to make sure that the entire process was “squeaky clean”, so I suspect they’d have to get their US counterparts involved if they were doing it properly.
    When we get contacted by the gardai about an issue that requires logs they’re able to do that quickly and efficiently and directly with us.
    Michele

    Posted on January 10, 2011 at 12:25 pm #
  5. From Christian Hughes:

    I love how they said in the now un-viewable statement that all data was fine, yet the news coverage would now seem to suggest otherwise.

    Posted on January 10, 2011 at 3:26 pm #
  6. From Claude:

    I am stunned and also find the term “professional” very funny in that context.
    Have FG blocked some wikileaks accounts?

    Posted on January 10, 2011 at 8:41 pm #
  7. From Fake name:

    @Claude: the “offical” Anonymous channels just seem confused by this.

    Posted on January 12, 2011 at 11:22 am #
  8. From Allan Cavanagh:

    The AdWords thing is crazy.

    Posted on January 12, 2011 at 6:56 pm #
  9. From Michele Neylon:

    Allan
    I wish it was an isolated incident, but I keep seeing Adwords campaigns for a wide variety of companies pointing to dead links, promoting December specials (in July) or advertising products to Irish users that they won’t ship ..
    Michele

    Posted on January 12, 2011 at 7:28 pm #
  10. From reda:

    You may find a mirror of the defaced page in zone-h ; I can be an sql injection attack

    Posted on December 7, 2011 at 2:42 pm #

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

css.php