The Hacker of Iran’s government website got arrested. “The man who has hacked Iranian websites gained access to government website databases and had access to 3 million payrolls,” said Mostafa Alizadeh, Revolutionary Guard Cyber Defense Command’s spokesman.
The hacker who has introduced himself as “Mafia Hacking Team” is responsible for hacking dozens of government websites. The hacker found a security hole in the Content Management System(CMS) of the outdated websites and took advantage of it for getting into the databases. It’s interesting to know that the hacker had tried to inform the organizations of their security holes to fix them but they hadn’t paid attention to the hacker.
In addition to accessing the CMS systems of government websites, the hacker also has accessed databases of some organizations but according to him, he hasn’t had criminal intentions, he hadn’t published these pieces of information, even the 3 thousand payrolls information.
The accused had accessed three thousand websites that 38 of them belongs to the government organizations with the .gov domain name. “This hacker could have accessed Ministry of Roads and Urban Development, National Organization for Civil Registration, The Islamic Republic of Iran Customs Administration, Minister of Industry, mine and trade and 370 university websites,” said the Revolutionary Guard Cyber Defense Command’s spokesman. The hacker has defaced the websites which is the lowest level of crime in cyberspace.
In addition to websites bugs, these websites had some other problems such as: They didn’t update the version of CMS that they’ve been using, they hadn’t ordered [to outsource] to reputable companies for design and development of these websites, they hadn’t used firewalls, they hadn’t used experts and enough specialists and finally they hadn’t used standard hosts in cyberspace to build their databases.
This is a surprise that Iran with its cyberspace power got hit like this. But with Revolutionary Guard Cyber Defense stepping in we think that they would put an end to these attacks.
For more information on these attacks, you can check this post on TechRasa.