Website hacking
Craig Shearer - 4th April 2022
As a professional software developer, I’m aware of various ways in which websites can be hacked - and it’s a constant battle keeping up with the latest knowledge and techniques to ensure safety.
Mark has previously reported on various “white hat” hacking that could be done against various websites promoting misinformation. As an example, the NZDSOS site had a voting facility on its posts, and Mark outlined a process by which one could automate posting poor ratings on the posts. Well it appears that somebody did do just that. Some weeks ago we looked at the site and it shows that the majority of its posts had poor ratings. Alas, the check I did over the past weekend showed that the poor ratings had been removed.
There have been a number of websites pop up recently that have been built by Daniel Suter. These sites are extremely poorly designed - both aesthetically and technically. The latest is a site called nuremberg.nz which lists people who stand “accused” of crimes during the Covid pandemic, and offers a voting mechanism where you can upvote or downvote people.
Additionally, you can add new entries to the lists of their accused and heroes. Their heroes list makes interesting reading - basically a who’s who list of Covid deniers and “freedom protest” organisers (Sue Grey, the Tamakis, Kelvyn Alp, Leighton and Chantelle Baker, Lynda Wharton, and more…)
The nuremberg.nz site is so poorly designed that it doesn’t sanitise user input, meaning that anybody can enter the name of somebody into the site and insert some scripting. As the following image shows, somebody’s entered a name into their database that contains a script tag that replaces the body of the website with a message.
The way this works is that the content of the website is generated from the entries in the database. So the page then contains code that causes that script to run when the page is loaded, meaning that the viewer of the site gets the message that the site has been hacked.
The emails were to schools, harassing them about Covid mask policies. As if schools aren’t under enough stress at the moment without having to deal with that sort of junk!
Anyway, I think that these hacking initiatives are great fun, though obviously there’s serious intent behind vile sites such as nuremberg.nz, whose intention is to promote hate and perhaps incite violent actions against prominent public figures such as politicians and scientists.
I came across a great resource today for those who want to participate in some investigation of websites. The Columbia Journalism Review has this great page which gives a list of things to check and some website resources for helping track down and reveal information about who is behind a website. It’s a great resource that I’ve bookmarked and I’ll be using in the future.
