QLD senator's site defaced in hack attack

Website defaced, home page crippled

The defaced site.

The defaced site.

The online presence of Queensland Labor Senator, Jan McLucas, has been defaced after a hacker broke into her website.

The attack occurred last week and replaced the home page, currently under construction, with an image displaying the hacker’s moniker and a link to a forum warez page.

At the time of writing, parts of McLucas’ site, janmclucas.com.au, were operational, while others triggered a web browser forgery notification. The home page link redirected to an alternative site, janmclucas.net, which was displayed normally as the page has not yet gone live.

The defacement included a series of pop-up windows, which greeted visitors with:

“Hellow! You Going To be Surprised To See This,Because (sic) You G0t Hacked by --==TH3_Z@K==-- Site Fu**eD Up Welc0me t0 --==TH3_Z@K==-- Property !!!”

The hacker noted that “nothing is deleted” and the defacement is “just for show off! [sic]”. The page even left visitors a farewell message popup: “Have A nice Day ! G00d Bye”.

Another hacker, who was not involved in defacing McLucas' site, told Computerworld such attacks are relatively simple.

“Everyday, dozens of security flaws are discovered using techniques widely publicised,” the hacker said. “Many administrators also do not care a bit with security issues.”

The hacker has breached websites using a range of flaws discovered as early as the 1990s.

The hacker said breaching a server requires “technical knowledge and a bit of malice”, using techniques including attacking web applications with SQL injections in MySQL; Access; MSSQL; Local File Inclusion, and Remote File Inclusion. The hacker also uses brute force attacks through FTP and SSH, and exploit server software flaws.

It follows a string of attacks against Kellogg’s, Nutri-Grain, Vogel’s, and Specialty Cereals on Sunday, and the mass defacement of more than 70 Australian websites, the bulk originating from a single hacking entity.

McLucas’ office did not respond to questions by the time of publication.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags hacking

More about MySQLSSH

Show Comments
[]