Jump to content

Hacker Hits World Trade Organization, Leaks Personal Details


Karamjit

Recommended Posts

Server for WTO training site compromised via SQL injection

A hacker affiliated with the Anonymous hacktivist movement managed to extract information from databases stored on a server administered by the World Trade Organization (WTO).

The incident resulted in exposing personal data belonging to more than 2,000 WTO officials and staff members on a public messaging board that allows publishing information anonymously.

Some leaked data belongs to government workers

The web server attacked was “ecampus.wto.org,” a training hub with online courses on various trade-related matters, including international trade law. At the moment, the website is down for maintenance activity.

As per the data dumped into the public domain, the hacker found a total of 15 databases, which stored details about administrators, as well as individuals enrolled in online courses.

The leaked info contains full names, email addresses (either personal or official), job titles and positions, phone numbers, dates of birth, physical addresses, nationality, access IDs and IP addresses.

Individuals whose details have been exposed are from a large number of countries, with the US, France, Brazil, India, Vietnam, China, Sri Lanka, Russia, Indonesia, Dominican Republic and Pakistan being on the list.

Some of the people impacted by the incident work in different governmental offices and institutions in charge of certain economic matters.

Risk of targeted attacks

Given the positions of some of the individuals in the government structure of their country, an attacker could use the leaked information for phishing attacks that may lead to compromising sensitive computer networks.

The same applies for WTO, since plenty of the email addresses, phone numbers and access IDs belong to users with administrative rights for some of the organization’s resources.

As for the method used by the hacker to reach the databases, online sources indicated the use of SQL injection, a technique that relies on insufficient sanitization of SQL queries inserted by a client for an application on the targeted server.

Attacks of this kind can lead not only to retrieving the content of a database but also to modifying the entries.

From: http://news.softpedia.com/news/Hacker-Hits-World-Trade-Organization-Leaks-Personal-Details-480166.shtml?utm_source=spd_bottombubble&utm_medium=spd_bottombubble&utm_campaign=spd_bottombubble

Link to comment
Share on other sites


  • Replies 2
  • Views 902
  • Created
  • Last Reply
emerglines

Bla bla bla, how about I leak some useless document say that some hacker did it, then get support from governments to restrict public information, also public liberty to express WTO corruption.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...