Thirty Congressional websites were defaced early Thursday morning, following President Obama’s State of the Union Address. The defacements were aimed at websites used by both Democratic and Republican Congressional members, as well as Congressional committee pages.
“FUCK OBAMA!! Red Eye CREW !!!!! O RESTO E HACKER !!! by m4V3RiCk ; HADES ; T4ph0d4 -- FROM BRASIL,” reads the message left behind for Congressional members to discover. The anti-Obama tone is a huge change from previous defacements by the Red Eye CREW, warning those who saw them to “SAY NO TO COMMUNISM.”
The defaced sites were powered by Joomla, a CMS similar to WordPress, but it is unknown if the CMS software is to blame for the attacks.
Details on the Praetorian Prefect blog mention that Joomla, or a module connected to the base Joomla installation, could be to blame, “however that is just speculation,” the post says. Another option is that the defacements were the result of mediocre server upkeep, which is the cause behind at least one other high profile defacement by the same group.
In 2008, Joomla.org was defaced by Red Eye CREW. At the time, the defacements were blamed not on a security issues within the CMS code, but “poor system administration practices” according to statements from the Joomla project.
“When we updated our Web sites with the Joomla 1.5.6 security fix…we simply forgot to update one of our small, non-public development sites,” the project statement added.
In all, twenty-seven Congressional members and three committee pages were defaced. We’ve emailed the known contacts for House.gov and will report any new information.
More details, including a list of the sites defaced, are available on the Praetorian Prefect blog.