Iranian hackers defaced nine Web sites including the Students’ Association Web site and UR’s main Web site this past Monday. At 8:30 a.m. the original content of the Web sites was discovered to have been replaced with messages from the hackers.
“In addition to the hackers claiming to be Iranian hackers, the Internet address that the defacement originated from was from an Internet service provider in Tehran, Iran,” Director of Information Security Kim Milford said. “Once we determined where the defacement was originating from, we immediately blocked their access, which restored the correct content.”
The problem was entirely fixed by 9:10 a.m., and the webmasters for each individual Web site were notified of the incident.
The infiltration occured after a bug was discovered on Nov. 17 in the content management software, Mambo, that is used by the Web sites.
A security advisory was put out that day, and four days later a patch was released to help users fix the problem.
However, the next day, the full details of the exploit were published and released to the public.
“The problem was found, but instead of the people who discovered it notifying the company, they published something describing how to take advantage of the bug,” 2008 Class Council Webmaster Nate McBean said. “The Iranians used this information.”
This software was removed from the Web server.
“I am the university Webmaster, so my function is to observe the fact that we have a problem,” Information Technology Services Analyst and Programmer Dale Grady said. “We noticed it within 30 seconds. This is a very rare event. In the time that we have had a Web site, there have only been five incidences [like this].”
It appears that the hacking took place through the 2008 class council Web site, and McBean was notified.
“I have no idea what these guys are thinking,” Grady said. “If they applied themselves, they would make a good living. Instead they decide to do this.”
Grady and Milford are confident that this is an isolated event. “We are taking steps to ensure the use of secure Web programming applications,” Milford said.
“We are reviewing our Web server maintenance procedures to see if we can tighten up our protection,” Milford said. “We’re also researching application security devices to see if they may help us to stop intrusions in the future,” Milford said.
Those involved in and affected by the Web sites were impressed at how quickly Milford and her team worked to fix the problem
“It is an unfortunate situation that hackers were able to interfere with university Web sites,” SA President and senior Matt Goldblatt said. “However, the situation provides an excellent example of the university’s prompt and efficient response to a situation that could potentially have far-reaching negative effects. This is bolstered by the fact that many students were not even aware that such interference had occured.”
Bruml can be reached at abruml@campustimes.org
