Government website passwords published by Anonymous
As the moment when the new legislation for defending the rights of copyright holders regarding online sharing will be discussed is coming near, the Irish politician pushing it and the government itself are being repeatedly attacked by the hacker collective Anonymous.
The group stated a campaign dubbed “#OpIreland” and mounted DDoS attacks against the websites of the aforementioned politician and junior minister Se??n Sherlock, and the Departments of Finance and Justice last week, downing them for a while.
After this “warning shot”, last night the hackers turned their sights towards a number of websites tun by the Department of Foreign Affairs, but this time they took it upon themselves to do more damage.
The attack resulted in the breach of the servers hosting the site and the theft and subsequent publication on Pastebin of account and login details and personal information of 19 users of the Irish Aid website, the government’s aid programme for developing countries.
According to The Journal, 17 of the 19 compromised accounts belong to staff of the Department of Foreign Affairs, while the remaining two are used by the company that designed the site.
“A quick look at those passwords shows that despite repeated warnings users still use insecure passwords,” pointed out Brian Honan, the founder and head of Ireland’s first CERT team and owner of BH Consulting. “Three of the accounts had ‘password’ as their password with one other being more advanced at having ‘password1’. So clearly some user education needs to be done for those users or better alternatives to authorize users are needed.”
A spokesman for the Department of Foreign Affairs confirmed the breach but said that other servers belonging to the Department were not compromised. The Irish Aid website is still down as the Department’s IT specialists are investigating the matter.
“But before we start pointing fingers at the Department of Foerign Affairs and the weak passwords of those users, we should not forget that they are the victim of this attack,” says Honan. “There are no winners in this particular situation but I urge people to view it with a clear head and realize that no matter what vulnerabilities were used to breach the website, the Department and the affected users are victims of a crime.”
Also attacked last night was the website of Sherlock’s Labour party, but except being made inaccessible for a while during the night, the organization sustained no other damage.