It appears, according to the site defacement archive hosted at Zone-H, that on or around October 5th an NSA web site application was the victim of an SQL injection exploit resulting in a web site defacement. A web application in the careers section of nsa.gov loading a list of recruitment events at colleges was compromised.
The attacker, using the handle SQL_Master, is attributed on Zone-H to site defacements of Google Tokelau (a territory in New Zealand) and a Microsoft web property in Korea. He has been associated with the Jurm team, a Moroccan hacker group known primarily for web site defacements of the Israeli version web sites of major companies, for example Kia, Sprite, and Fanta.
A Microsoft defacement attributed to SQL_Master from July of this year references “Agd_Scrop, free him”. Agd_Scorp was part of a Turkish hacker group called Peace Crew that defaced NATO and U.S. military web sites as a political reaction to Operation Cast Lead, or as its more commonly referred to the Gaza War, where Israel and Hamas forces clashed starting December of 2008. The two hacker groups are known to have partnered in defacements at the beginning of this year during the conflict in what was termed a virtual war where a few thousand Israeli web sites were defaced. Agd_Scrop appears to have been arrested by Kayseri (central Turkey) police over the summer, and faces up to 20 years in prison on various cybercrime related charges.
National Security Agency
The NSA or National Security Agency is the cryptologic intelligence agency of the United States. Created in 1952 under President Truman, its primary initial responsibility was the collection and analysis of foreign communications. In 2008 President George W. Bush signed a directive authorizing the NSA to monitor the computer networks of all federal agencies, giving the agency a primary role in federal efforts around cybersecurity.
Because of this role and other factors, including the agency’s historical role with cryptographic systems and controversial domestic wiretapping programs, NSA networks and computer systems are an attractive target for crackers. Further, because of the agency’s role in cybersecurity monitoring, defacements such as this one are embarrassingly problematic.
Zone-H.org, a site hosted in France which has been around since 2002, hosts an archive of defaced web sites. In January 2007 the site itself was a victim of a pseudo defacement, when a team from Saudi Arabia gained access to the registrar’s administrative panel and redirected the zone-h.org domain name to a different IP. The site’s mission is very similar to the defacement archive that used to be maintained at attrition.org. Both have been the subject of criticism over the years, the suggestion being that hosting the archive is itself an incentive for site defacements. The counter to this is that without the central archiving of the evidence of web site defacements, the problem would be less known and understood by the security community. Companies may also try to sweep such episodes under the rug. Besides, the site defacements would simply be posted in other places (forums and similar web sites).
Filed Under: Web Site Defacement