BLOG

Incoherent ramblings, devlogs, edgy philosophy and other topics of interest


[#62] [Sat, 04 Jan 2020 18:04:32 CST][tech]
■ The war for cyberspace

Hackers managed to claim fdlp.gov less than 24 hours after the death of Soleimani, a high ranking Persian general that apparently had quite a following back home.

I was lucky enough to take a screenshot of the colorful changes the hackers made, a minute later the page defaulted to a generic MySQL error and finally a Cloudfare 404.
fdlp.org post pwn

The reactions I've seen so far have been surprising, as the matter has been mostly disregarded as a laughable response to America's direct attack. Vandalizing the Federal Depository Library Program website (regardless of the message, which was clear enough) may seem pointless to the uninitiated on such subjects, the truth is that the security of federal servers is a governmental responsibility that indeed failed. The true deterrence lies on how it was that they broke into the server, if they used a zero-day exploit the fact is that they could've been using similar methods to penetrate federal cybersecurity for who knows how long.

The source code itself was quite straightforward, consisting of just two images and some text, but interestingly enough there was a Google Analytics API call embedded as an inline JS script.
thanks google

It's worth pointing out that the images the site used were locally referenced, in other words, although it's not clear how they defeated the system, it's evident they could at least dump files into the server's filesystem.

This opens up a world of possibilities for some serious shenanigans...