ANCYL website hacker tells all

The ANC Youth League (ANCYL) website has been a victim of numerous security breaches over the last few months, including two defacements this week.

The latest defacement occurred on Monday (25 July 2011) and featured a picture of president Jacob Zuma and ANCYL president Julius Malema with the headline “Dumb & Dumber”.

ANCYL  spokesperson Floyd Shivambu told the M&G their website was under attack by right-wingers. “There are some right-wing white people who are always hacking that website — even the web developer has said such people are doing that,” Shivambu said.

Duncan Harford, business development manager at Unwembi, the company responsible for the web development and hosting of the ANCYL website, disputed Shivambu’s statement: “You can’t ascertain the colour of a person from an IP [internet protocol] address. So, no, I never told Floyd it was white people.”

Will the real hacker please stand up!

A person claiming responsibility for the recent hack on the ANC Youth League’s website has now contacted MyBroadband anonymously to clarify the details surrounding the security breach.

“People on Twitter have it wrong and so does Unwembi [the website developers and hosting providers],” the anonymous hacker wrote. “It has nothing to do with passwords or insecure open source software.”

According to the hacker, who chose not to disclose any personal details in order to guard their anonymity, the hack was “an accident of sorts,” and the timing of the hack to coincide with the ANCYL press briefing “a stupid mistake”.

“I forgot Julius Malema was meeting the press today [Monday],” he said, adding that he contacted Unwembi, the developer and hosting provider of ANCYL’s website, to offer assistance in fixing the problem.

The hacker said that he discovered three possible vulnerabilities on the ANCYL website, none of which related to easily guessed passwords or insecure open source systems.

In the end the hacker said he exploited a vulnerability that allowed them to insert code via the “user-agent” string, a piece of data in the Hypertext Transfer Protocol (HTTP) header usually meant to tell the webserver which browser it is receiving requests from.

This hole in the website’s security allowed the hacker to overwrite the website’s default page and replace it with one that displayed the “Dumb & Dumber” image.

The image itself was selected at random from a Google image search for “Julius Malema jokes,” the hacker said.

Contradicting Shivambu’s claims that hacks on the ANCYL website are committed by “right wing white people,” the hacker said the motivation behind the hack was curiosity, not politics.

“The site has been hacked so many times that I wondered if I could also do it,” the hacker said. It is worth noting that the hacker made these statements in response to questions before Shivambu’s claims about right wing whites were in the media.

Asked whether they were behind any of the previous hacks on the ANCYL website, the hacker said that he was not involved and didn’t know who was either.

The hacker also reported that he was working with the Unwembi server administrators on Monday to locate and patch the vulnerability that they had exploited.

According to the hacker, they had discovered that the vulnerability was injected into the site on 10 July 2011 and they had ‘just stumbled on it by sheer luck’. “Obviously the original hackers wanted an easy way back in,” they said.

The hacker said that the backdoor they used to get in had been removed, but they were unsure how it was created in the first place.

Confirmation

A South African security expert who wished to remain anonymous examined the statements made by the hacker to help determine the legitimacy of the individual’s claim.

Though the information provided by the person wasn’t proof that they were the hacker, it was in-line with the result of the hack, didn’t make any outlandish claims, and demonstrated a level of technical knowledge that would be required for a hacker to deface the ANCYL website the way it was on Monday.

Unwembi was contacted to confirm whether the hacker had emailed them, but could only reveal that ‘someone’ got in touch about the Monday morning hack. “He/she did pass on some info to us, some of which was factually incorrect and some of which was helpful to us,” Unwembi said.

Latest news

Partner Content

Show comments

Recommended

Share this article
ANCYL website hacker tells all