14 DAY TRIAL // Since they failed to patch up the vulnerabilities that allowed hackers to gain access and leak data from their servers the first time, members of TeaMp0isoN revisited the United Nations Development Programme website and leaked another round of data. Even more, they found a series of vulnerabilities present in the organization’s main site, un.org.
The hack was claimed by a hacker called Casi, but the Pastebin file ended with the signature of TeaMp0isoN members so we’ve contacted them on IRC asking them to clarify matters.
It turns out that the actual hack was performed by TeaMp0isoN’s Phantom which uploaded the data leak to Pastebin as a private document a few days ago. Other hackers came across it and claimed the hack, adding a statement to show their reasons for allegedly hacking the server.
“I don’t know who the hacker is, but this is my release. I don’t know how he got hands on it. I worked 4 days to strip the databases again,” Phantom said.
Phantom claims that he leveraged exactly the same vulnerabilities and found mainly the same information on the United Nations Development Programme site.
“I found the same vulnerabilities, the same data. I made that Pastebin a private one and deleted it coz I don’t store [expletive] on my PC. Obviously someone found it,” he added.
Besides the UNDP site, members of TeaMp0isoN also identified a large number of SQL Injection vulnerabilities on un.org, the United Nations main website, planning to later hack into it.
Now that the information is out in the open, the United Nations has the opportunity to patch up the security holes before hackers can leverage them to breach their systems.
We’ve contacted the United Nations to learn if they’re aware of this latest breach, so stay tuned to find out how they respond to the incident.
Update. After contacting the other hackers involved we concluded that since the website was vulnerable, not only TeaMp0isoN tried to hack it. Team inj3ct0r and Team r00tw0rm also hacked the UN sites, finding mainly the same vulnerabilities as TeaMp0isoN.
According to TGDaily, Martin Nesirky, a representative for the Secretary General of the United Nations confirmed the breach.