Barackobama.com 'hack' is a hoax
A hacker's claim that he compromised the successor to President Obama's campaign Web site appears to be a hoax, according to information that surfaced since the matter came to light early Monday.
The kerfuffle started when a hacker and blogger with a history of posting evidence of security vulnerabilities in popular and high-traffic Web sites published evidence indicating that poor security at barackobama.com had exposed internal databases at the site.
The hacker, identified only as "Unu," claimed that a security flaw in barackobama.com allows anyone to view the user names and passwords needed to administer the site. With that access, an attacker could view database information, upload content to the site - including malicious software - or simply deface the landing page with digital graffiti.
Barackobama.com is now managed by the Democratic National Committee's Organizing for America. Hari Sevugan, national press secretary for the DNC, dismissed the claim, and said the DNC has no evidence that the site is insecure or has been compromised.
"We take security seriously and look closely at any reported incident," Sevugan said. "Based on a number of incorrect assertions, the claim in this case does not seem to be credible. There has been no security breach."
Several tech bloggers seized on the claim, and at least one noted Web site security expert vouched for the hacker's prior exploits. Jeremiah Grossman, chief technology officer for WhiteHat Security, a Web security firm based in Santa Clara, Calif., said Unu's claims have a history of being spot-on.
"This Unu guy...I've been following him for a while, and his other stuff in the past seems to have been legit and checked out," Grossman said.
A screen shot posted by the hacker showing what appear to be user names and passwords for donate.barackobama.com suggests that the data in the picture belongs to faculty members at Roosevelt University in Chicago.
Indeed, Lynn Y. Weiner, dean of the college of arts and sciences at Roosevelt, confirmed that the partially obscured password in that image looked like hers. The same was true of Michael Ensdorf, associate dean and professor in the school's Department of Communication. and Julie Rowen, assistant dean of the school. All three acknowledged having donated to Barack Obama's presidential campaign.
Ensdorf said while they initially thought the credentials could have been the ones they picked when setting up accounts at barackobama.com, the school ultimately discovered that the user names and partially blacked out passwords were the credentials each faculty member uses to add items to Roosevelt University's online calendar of events.
Roosevelt's technology and security team is now investigating whether a university server was breached, Ensdorf said.
October 27, 2009; 12:45 PM ET
Categories: From the Bunker , U.S. Government | Tags: hoax, obama
Save & Share: Previous: FBI: Cyber crooks stole $40M from U.S. small, mid-sized firms
Next: Former anti-virus researcher turns tables on industry
Posted by: jo-ker | October 27, 2009 1:30 PM | Report abuse
Posted by: beezling | October 27, 2009 4:14 PM | Report abuse
Posted by: wng_z3r0 | October 27, 2009 4:16 PM | Report abuse
Posted by: Prefect | October 27, 2009 4:46 PM | Report abuse
Posted by: unu1234567 | October 28, 2009 2:45 AM | Report abuse
The comments to this entry are closed.