Oregon University System Spreading Message Planted by Hacktivists

By June 25, 2009

Visitors to Oregon University System's Web site were re-routed to a message criticizing the protests in Iran yesterday. The 89-word declaration categorized as a "screed" by MSNBC today contained demands to President Obama to "mind his own business" regarding the election results and claimed that "We never cheated in elections." The full text was only available for ninety minutes while traffic was being redirected. For a page with less than a thousand daily hits, the consequences seem few. The infiltrators used a security weakness in un-updated third-party software that tracks the number of visitors to the site, according to university spokesperson Diane Saunders quoted in Geek.com yesterday. But while the number of OUS site visitors are small, the subsequent news ripple is getting the word out much more effectively.

The incident is also helping to familiarize the public with the practice of "hacktivism." This subset of illegal hacking is not aimed at disrupting company operations for profit, but instead at promoting a political message. Industry experts such as Graham Cluley, senior technology consultant with computer security software company Sophos compares the practice to subway graffiti.

Since this particular iteration of hacktivism involves the Iranian presidential election dispute, it is a good example of the arbitrary nature of the practice. Instead of targeting a government site, here in the United States or elsewhere, the site was chosen because it was an easy target. Any page with security flaws is more attractive for compromising than a more robust one.

The online nature, even more than the international nature, of this security breach makes finding the responsible parties extremely difficult. In addition, the only goal of this act was to promote a message, since there was no detected attempt to load malicious software onto site visitors' computers. For these reasons, it is unlikely that law enforcement involvement will be a priority, not to mention successful.

Legal mentions © L’Atelier BNP Paribas