Why would anyone want to hack U.N.? And how did they do it?

So why would anyone hack U.N.? There seem to be an answer to the question “how”, as for “why” it’s still pretty unclear (save for some strong language):

# Why did you hack it ?
I fuck actually system… I fighting for Internet Freedom, equiality & rights for all. You’re FREEDOM my brothers & my sisters ! <3

At least we know who it is – a hacker or group called “Casi”. They also posted the list of website’s vulnerabilities at pastebin.

Here is a quick example:
http://www.un.org/chinese/News/focus.asp?focusID=20+AND+1=1
Basically in all examples they just add
+AND+1=1
to the query string and it does the job (of showing the hole, not hacking the website). I tried it (was really curious, sorry) and there seem to be a real problem – helpful error reporting is on and its reports tell us, that under the hood happens something like that (in MS syntax):

"SELECT * FROM `some_table` WHERE `id` = ".$_GET['id'];

To put it simple – U.N.’s security needs help big time…

1 thought on “Why would anyone want to hack U.N.? And how did they do it?

  1. Pingback: Few words about legal hacking | Bcat's Blog

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.