An unknown attacker has managed to deface multiple websites associated with the UK Conservative Party by compromising a common registrar/webhost administrative account. Evidence in the form of a screenshot pack is circulating on underground hacking forums.
The incident was reported
by Christopher "Paperghost" Boyd, a long-time Microsoft Security MVP and security researcher at Sunbelt Software, on his blog. "The sites have all been fixed, but there are probably going to be a few after effects for the while," the Mr. Boyd writes.
A screenshot allegedly from inside the compromised domain administration panel lists nine .com and .co.uk Conservative websites including arburyconservatives.com, ashfieldconservatives.com, barnetcouncilconservatives.com, barnsleyeastconservatives.com and boltonsoutheastconservatives.com. However, other images from the dump suggest there were more affected.
The only defacement still cached in Google at the time of writing this article is that of paulbristow.org.uk, the website of Conservative MP Paul Bristow. After the attack, the site displayed the image of a vampire and a message reading: "Hacked by UnknownAX Hacking Is Not A Game But A Way Of Life! Let This Be A Warning Site Down! Admin Access: Gained! Website Url Status: Hacked! File Bin: Empty! Enjoy Ending......Terminated..." A version of Perfect Circle's Pet song was also playing in the background.
The conservativesintouch.com website also seems to have been compromised. The attacker included screenshots of himself accessing the administration interface and sending out the political message "Vote for Labour – NOT US!" to the mailing list. In a post to a hacking forum, the hacker made fun of the poor security he encountered and pointed out that some of the admin accounts used the same usernames and passwords.
"I also have a huge database of Emails:Passwords which are encrypted with MD5, So no doubt i'll play with that at a later date," the attacker mentioned.