United Nations hacked - email addresses and passwords leaked

by Graham Cluley on November 29, 2011 | 4 Comments

Filed Under: Data loss, Vulnerability

United NationsPasswords and login details belonging to the United Nations have been published on the internet by a hacking group who believe that the UN is guilty of corruption.

The TeaMp0isoN hacking gang has leaked over one hundred usernames, email addresses and passwords that appear to belong to individuals at the United Nations Development Programme (UNDP), Organisation for Economic Co-operation and Development (OECD), UNICEF, World Health Organisation (WHO) and other groups.

The gang noted, when publishing their stash on PasteBin, that some of the userids appeared to have a blank password, news which will make many a system administrator groan and roll their eyes in exasperation.

TeamPoison posted the password details on the internet

The suspicion is that the hackers were able to take advantage of a vulnerability on the United Nations Development Programme website to extract the IDs, email address and passwords of users.

UN Development Programme website

TeamPoison included alongside its haul of stolen login details a taunt directed at the UN's online security team:

// The question now is... how?... We will let the so called "secutiy experts" over at the UN figure that out. . . .
------ Have a Nice Day....-

The TeamPoison hackers has previously made the headlines by defacing the RIM Blackberry blog in the wake of the London riots, and publishing private information about Tony Blair.

TeamPoison recently announced they were joining forces with Anonymous on a new initiative dubbed "Operation Robin Hood", targeting banks and financial institutions.

For more information on securing your website download our technical paper "Securing Websites" published by SophosLabs. In addition to advice on common attack techniques including SQL injection, the paper also discusses establishing a secure foundation for your site and how to deal with external service providers.

Tags: , , , , , ,

4 Responses to United Nations hacked - email addresses and passwords leaked

  1. Interested Observer says:
    November 29, 2011 at 7:25 pm

    Like Lulzsec did and th3j35t3r does, Team Poison merely use an unpatched apache exploit to gain access to their sites.

    Reply Report comment
  2. Daniel Cooper says:
    November 30, 2011 at 12:54 am

    This is probably just usernames and passwords from some online community, rather than to email accounts. The UNDP runs hundreds of these and they're effectively unmanaged.

    Reply Report comment
  3. pr0f says:
    November 30, 2011 at 1:23 am

    Rubbish, Interested Observer. They use SQL injection, which is actual to do with database configuration as opposed to anything else, and isn't really a true "exploit".
    I cannot stand TeamPoison.

    Reply Report comment
  4. kick rox says:
    November 30, 2011 at 4:34 pm

    Script Kiddies.

    Reply Report comment

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

About the author

Graham Cluley has worked in the computer security industry for more than 20 years, developing anti-virus software and doing quite a lot of talking about internet threats. He's won awards for his blogging, but is proudest of the text adventure games he wrote when he was still wearing short trousers. You can learn more about those (the games, not the trousers) at grahamcluley.com. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.