4/27/08

AP: Hillary Backer Hacked Barack's Web Site


Not nice, really.
Hack into Obama campaign site exploited a coding flaw
By JORDAN ROBERTSON

SAN JOSE, Calif. (AP) — A simple flaw in the coding of Sen. Barack Obama's Web site led to a hacking switcheroo of presidential proportions just days before the important Pennsylvania primary.

Some supporters who tried to visit the community blogs section of Obama's site started noticing late last week they were being redirected to Sen. Hillary Rodham Clinton's official campaign site.

Security researchers said a hacker exploited a so-called "cross-site scripting" vulnerability in Obama's Web site to engineer the ruse.

Netcraft Ltd. said the hacker injected code into certain pages in the section — code that was then executed when subsequent visitors tried to view the community blogs section. The vulnerability has since been fixed.

While the hack appears to have been a prank, researchers said the breach underscored that candidates risk exposing their supporters to computer viruses and identity theft if they don't secure their Web sites. For instance, a similar mechanism could be employed to redirect campaign site users to a site that steals personal information from visitors.

"With people closely watching the heated contest to determine the next U.S. president, you can bet that this won't be the last time such attacks happen," Symantec Corp. researcher Zulfikar Ramzan wrote on the company's official blog.

Neither campaign responded to e-mail messages seeking comment.

The community blogs feature is working normally again this week. The link that took visitors to Clinton's site now directs visitors to the appropriate page, which is populated with blog postings from Obama supporters around the country.

No comments: