Remember that awkward time when Rudy Giuliani was appointed to be Donald Trump’s chief advisor on cyber security and his website got hacked just a few hours after? Considering that one of Donald Trumps campaign websites was just hacked this weekend, it doesn’t appear as though Giuliani has mastered his craft quite just yet. At the time of this article the website remains offline.
As first reported by Sean Gallagher of Ars Technica 2/19/2016, “Someone calling themselves “Pro_Mast3r” managed to deface a server associated with President Donald Trump’s presidential campaign fundraising on Sunday.” Gallagher goes on to point out that while the website “does not appear to be directly linked from the Trump Pence campaign’s home page,it does appear to be an actual Trump campaign server” – pointing out that the sites “certificate is legitimate.”
As for the hacker, there is little information available on the attacker themselves and in all my adventures online, I have never came across someone specifically referring to themselves as “Pro_master.” What we do know is that this hacker has struck different websites in the past and claims to be based out of Iraq.
There is someone on the FBI most wanted cyber list whom goes by the name “The Pro” and has been known to work for the Syrian Electronic Army, a group of hackers that loosely went on to work with different branches of the “United Cyber Caliphate,” which mainly operates out of Iraq and Syria, but there does not appear to be any relation in this particular case.
Just to add some more information to the discussion, Mr. Gallagher of Ars Technica goes on to explain that the website was being protected by Cloudflare and that at the time of his article, he had reached out to Cloudflare for a comment on the hack. But what Mr. Gallagher does not seem to realize is that this type of attack, a website hijacking/defacement, is not covered by Cloudflare’s services – what a n00b, right?
Cloudflare generally protects against a large amount of internet traffic, usually associated with a DDoS attack, botnet, or string of a malicious IP’s that are known to generate an abnormally large amount of traffic on a websites server. When a hacker is able to deface a website such as this, it is completely unrelated to the websites traffic – other then the fact the hacker probably used a proxy server to conceal their identity. For example if you pay Cloudflare for protection but use a weak password to secure your account or the back-end of your website, you cant turn around and blame Cloudflare for anything – that’s all on you.
Whereas a DDoS attack can be launched by literally anyone and takes almost no skill whatsoever, a website defacement actually requires a fairly large amount of cyber skill – which should tell you a little something about the hacker themselves.
In attacks such as the one we just saw on secure2.donaldjtrump.com, the hacker is able to physically gain access to the website itself – usually the same level of access as a website administrator. In fact, in all probability, the hacker found an un-patched exploit on the website that allowed them to become website administrator for the breif amount of time it took them to deface the website.
My first question would be if the website was created through WordPress or not? If so there has been a zero day in the wild that allows hackers to gain access to any WordPress site which has not been updated within the last couple weeks – literally millions of WordPress sites have already been exploited because of this.
Regardless, I just want to point out that even though this was a “malicious cyber attack” in the literal sense of the definition, as no money appears to have been stolen and the hacker left with the message “peace from Iraq,” it does not appear like this hacker was trying to do anything actually malicious. More likely someone was bored and decided to have some fun on the internet, this is what hackers do for fun btw.
Remember, as I explained in my response to Donald Trump’s leaked Executive Order on cyber security, not every cyber attack is an act of War – even if it comes from a country currently at War.
This Content Was Created Under An Alt_Publishers License
Categories: Hacking News