Elections website unharmed after hacker’s visit

| 06/03/2013

hacked.JPG(CNS): Officials from the Elections Office have confirmed that their website is functioning again following the unwanted breach by a hacker, which disabled the site Monday night and Tuesday morning. The hacker, who is understood to be a teenage school boy living in Morocco, uploaded three files onto the site, having exploited a flaw in the countdown script that was being used on the website. The teen then replaced the home page with his own but officials said that no usernames or passwords were exposed and all of registered electors' data was also safe as it is maintained in a separate location not publicly accessible outside of the web interface.

According to Cayman27, who contacted the hacker, he claims to be a 15-year-old schoolboy, who was raising awareness regarding the plight of Palestinians in the Middle East. Calling himself the Riad Spammer, the teenager uploaded his hip-hop song about the Israeli-Palestinian conflict in English and Arabic, but he told the TV news station that he did not interfere with the site, which he described as being easy to hack. The teen offered advice to the Elections Office, stating that the system they are using was not secure enough as it took him only 5 minutes to get into the site and suggested the system be upgraded.

The Elections Office website is not managed by government Computer Services in order to maintain the independence of the office. However, the site’s hosts have now checked all the files and found that none of them were modified.

Since the hacking experience the countdown counter, which was the weak link, has been disabled and the three files that were uploaded by the hacker have also been deleted.

See Cayman 27 report here.

Category: Local News

Comments (11)

Trackback URL | Comments RSS Feed

  1. Anonymous says:

    Really makes you wonder what other personal and private information the government holds on its citizens (addresses, names, health information, personal records, financial records) that may be at risk. 

  2. Anonymous says:

    I'm not sure the government has anything to do with this website. Apparently, the IT Manger of Cayman Airways is responsible for this website, but I defer to those people who know the facts.

     

    • Anonymous says:

      The IT manager does an excellent job with the resources provided by Government. Elections office underfunded for years and dedicated officers including said manager not paid in ages. Maybe the expert will provide his services free as the CFO in Deputy Govenor's office runs show and refuses to pay most bills.

  3. Anonymous says:

    I love how in the Cayman 27 news report they say that the server is secure and then the hacker states it took him literally 5 minutes to break into a GOVERNMENTAL website. Yeah, sounds secure….

  4. Truth Police says:

    Why would he do it?  Because whoever is "managing" that site is using an open-source platform that's at least 2 generations old ( i.e. not up-to-date) and known for multiple hack vulnerabilities.  It is all to easy to access the necessary files to make a quick change and boom, site down.  There is also likely no firewall software on the site whatsoever.  Nor were they updating their plugins regularly or they would have known about the vulnerability in advance…the info is out there for those who are well-versed on how to create these sites and protect them.

    It's not a host issue, it's simply the fault of whoever built/manages the site.  And if you buy what they're saying about emails and information being secure, that's BS.  Once you get control of that platform, you can easily grab access to the database and then pull a zip file of all the email addresses.  

    That's why do-it-yourself or amateur web management freelancers are not viable for a government site.  Call a professional.  I'm available.

     

    • Anonymous says:

      Since you're such an expert, why does open-source make it any more vulnerable?

    • Anonymous says:

      At any rate, how a firewall would have helped? since your such an expert

  5. Anonymous says:

    Why would he even do this?  I would have thought that he would not have even knew the Cayman Islands existed.  This needs to be investigated.  XXX This isn't a coincidence.  This has happened two times.

  6. Anonymous says:

    Hacking the site must have been a walk in the park seeing as when it comes to technology …cayman is still living in the 60's.

  7. Anonymous says:

    This doesn't sit well with Government Computer Services.