In a hack that security experts say could have been easily prevented by following the simplest of security measures, a hacker going by “Casi” has released what he claims are vulnerabilities in the United Nation’s system.
MyFoxNY reports that the firm Identity Finder said the U.N. was not following basic security procedures on the web, allowing it to be hacked by SQL injection (SQLi):
“It’s web security 101,” Aaron Titus, Chief Privacy Officer for Identity Finder says. “This breach seems to be a very simple attack. If this breach was real, they could have prevented this very easily and should have prevented it.”
He says Identity Finder is not able to independently verify the legitimacy of the information but the hack appears legitimate.
The data in the release included a list of vulnerable points and a detailed map of the inside of the UN’s database.
“It’s making the rounds in the hacker community and is spreading fast,” Titus says.
Casi, who appears to be involved with the hacking group TeaMp0isoN, posted the vulnerabilities on a Pastebin site because he is “fighting for Internet Freedom, equality & rights for all.” MyFoxNY reports that Identity Finder reached out to the U.N. to inform them of the attack but has not heard back.
In Nov. 2011, TeaMpoisoN (Team Poison) was credited with hacking the U.N.’s server, releasing email addresses and passwords. Passwords do not appear to be apart of this most recent hack.