Obama Website Hacked: Users Redirected To Clinton Campaign
The attack, which took advantage of a cross site scripting vulnerability on Obama's Website, was launched on the eve of Pennsylvania's Democratic National Primary, which closes this evening. The attack was detected quickly Monday evening and shut down shortly thereafter.
While details of the prank are still unclear, experts say they believe the attacker took advantage of parts of the Obama campaign site, such community blog postings and political forums, which allows users to post extensive and varied content.
When a user contributes to an online discussion board, the text is stored in a database, and is then rendered onto the Web browser windows of the users visiting the site. However, instead of posting legitimate text to the Website, the attacker posted actual code. When users visited Obama's site and viewed the corresponding post, the Web browser executed the corresponding source code which it tried to interpret.
In this case, the attacker posted common HTML code that enabled the person trying to view the post to be immediately redirected to Hillary Clinton's Web site.
An individual identified as Mox from Liverpool, Ill. claimed to be the attacker in question who executed code redirecting Obama's visitors to Clinton's site.
"What I did was not hacking in the sense that I burrowed into some dusty server and change the Obama site and stole all your credit card numbers. All I did was execute poorly written HTML code," said the individual in a community posting on the Obama '08 campaign Website. "You also may be wondering, 'how did you get Hillary's site to appear where Obama's should be.' The answer to that is, through the magical world of Cross Site Scripting."
Members of Obama's campaign staff did not immediately return correspondence from ChannelWeb.
However, while it appears that the attack was not malicious, security experts say that these types of attacks could have far-reaching political consequences -- particularly if the attacker used malicious code. For example, instead of redirecting users, attackers could embed malicious code that could exploit vulnerabilities on their computers, security experts say. That kind of exploit could force users to unknowingly download malicious software, known as a drive-by download, could then install malware such as keystroke loggers and information stealing Trojans.
"People still fall for really basic kinds of attacks, let alone one that's coming from a site with a certain amount of trust," said Zulfikar Ramzan, senior principal researcher for Symantec Security Response.
Ramzan said that he had not seen extensive high-profile attacks exploiting the 2008 presidential race thus far. However, he said that users should anticipate increased attacks surrounding the campaign, such as Website defacement, campaign-related spam and malware, as the presidential race becomes more contentious closer to November.
"People will click on (malicious links) and see the latest thing. People are curious," said Ramzan. "Certainly you can imagine there are people who will find these kinds of vulnerabilities. If they're high profile, they know they can trick people in multiple ways."