Share

Related Links

Related Stories

  • MI5 website hacked
    The website of the UK counter-intelligence and security agency MI5, has been hacked with the result that the identity of visitors could be stolen and viruses downloaded to their computers.
  • BBC creates a botnet of 22 000 PCs in investigation
    The BBC has drawn criticism for an investigation that involved its researchers creating a botnet swarm of around 22 000 infected PCs.
  • New version of L0phtCrack to be unveiled next week
    Seasoned penetration testers and security experts will recall that L0phtCrack, a seriously heavy-duty password testing utility, was quietly withdrawn by Symantec in 2006, after the IT security vendor reportedly became worried about export regulations of the high-tech software from the United States.
  • Google: crack our native client and win $8,192 (£6,000)
    Google is challenging the cracking community to rip apart its ActiveX alternative called Google Native Client.
  • Ukrainian ISP servers shut down
    UkrTeleGroup, an infamous internet service provider in the Ukraine, has had its primary IP connection "depeered" by FiberNet, the Miami-based uplink provider.

Top 5 Stories

News

Hacker group blamed for publicising MI5 site security flaws fight back against papers

03 August 2009

Team Elite, a `grey hat' hacker group blamed for revealing a potential hack on MI5's website last week, is reportedly very angry at reports in the national press that it was responsible for what some papers are reporting as a site hack attack.

According to weekend newswire reports, the hacking group was so incensed about the reports that it went on a public relations offensive against the websites of the Daily Express and the Telegraph.

Forum reports suggest that Team Elite - whose main role appears to be reporting on cross-site scripting errors on websites, and suggesting that site owners fix them - is upset that it have been associated with the MI5 site hacking issue.

Although the hacking group has previously been involved with XSS flaws on a number of sites, including Kaspersky Lab, Paypal and Symantec, it claim to have identified a non-persistent and minor security flaw on the MI5 website on 21 July.

Thesecurity flaw was subsequently patched, Infosecurity notes.

The story was apparently picked up in the Daily Express on 30 July but, say the hacking group, was significantly overhyped and distorted the threat issues involved.

Unfortunately for Team Elite, the Express story was picked up by other newswires, who apparently portrayed the hacking group as looking to attack site visitors and collate their personal data.

The story was also picked up by the Telegraph in a story headlined as "Identity theft hackers attack MI5 website."

`Vector,' a member of Team Elite, then posted details of an XSS flaw on the newspaper's website, which he illustrated by changing a site page to say: "Did you know our newspaper is full of lies? We call people who report errors 'identity thieves'? The only identity thieves are the news reporters from this website."

According to a weekend blog posting by Vector, he wondered why the Telegraph calls the group `Identity thief hackers' when they just report XSS bugs.

"So I searched their website for answers. This is the answer I found: their website is also vulnerable to same bugs."

The papers have not formally responded to the allegations, but in hacking the newspaper site, the group may well have overstepped the mark, as gaining unauthorised access to the newspaper site - for whatever reason - is a breach of the Computer Misuse Act, Infosecurity notes.

 

This article is featured in:
Application Security  •  Identity and Access Management  •  Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×