A hacker has busted the security of eight Victorian Government websites in a string of minor attacks on Sunday.
Purportedly hailing from an Indonesian hacking group, the hacker made unobtrusive defacements by inserting a text document into the homepages of six local council sites and two libraries.
The hack is only accessible by locating a text file in a subdirectory from the home page. It states:
“hacked by 3n_byt3 @ Indonesia Hackers
Anti Goverment Sites :P”
The affected sites are still hosting the text file.
Penetration testing company Securus Global CEO, Drazen Drazic, said defacements are typically “low-hanging fruit”.
“I’d estimate that about 90 per cent of websites have major vulnerabilities… like Cross Site Scripting and SQL Injection which allows [a hacker] to get access to confidential information,” Drazic said.
“That hasn’t changed over time for first-time testing, but there is a big improvement for those that seek professional assistance.”
He said many security managers are unaware of the vulnerabilities present in their websites and applications until they are hacked.
The defacements follow a spate of similar attacks, hitting nine Western Australian government agencies, and most recently an under construction home page of Queensland Senator, Jan McLucas.