A Syrian activist calling himself Th3Pro defaced Harvard University’s website on Monday with anti-American propaganda. In addition, he leaked an SQL database used by the site. School officials called the breach the work of a sophisticated individual or group, but images provided by the activist say otherwise.
Based on the images and video provided by Th3Pro, who tagged the site for the Syrian Electronic Army, the defacement was made possible by legitimate access to the Drupal CMS system used by Harvard. Using an authorized username and password, the Syrian activist simply replaced Harvard’s images and content with links to a Flash video embedded on his own domain.
In response to the breach, a Harvard spokesman said the attack “appears to have been the work of a sophisticated individual or group.” In order to correct the problem, the school pulled its domain offline for several hours.
The message below, shown as written during the defacement, is what greeted visitors after they clicked “Read More” from the Harvard website.
To Harvard University :
This site has been breached to spread our message even if illegally But why do we publish in this way First Do You will Bmhacptnato to kill your website and the American leaders kill people and claim lives? Do You will Bmhacptnato to sabotage your site and you are destroying peoples minds? Do You will Bmhacptnato to penetrate your site and you are supporting a policy of killing? Do you think that America implements what it calls democracy If you are you are also killers If you doubt my words, I believe in you fools.
Because the whole world knows what the United States of America, I want to ask a question, Do you support the war on Syria? If you are you, as well as the following Syria's population of 23 million people. This means 23 million mobile bomb Imagine what we could do. :) Do you want to see the crimes you you made Here are pictures of martyrs from the army, security and innocent people killed by the peaceful demonstrations that support your country , They made themselves the luxury seats in the fire of Hell on the Day of Resurrection.
~ Syrian Electronic Army
This message appeared on other domains, allegedly “hacked” by Syrian activists using various names and group affiliations.
Earlier this year, the Syrian Electronic Army defaced the website maintained by UCLA with a similar political message, and Th3Pro himself has claimed the defacements of more than a dozen other sites. This month alone, ten other Harvard-related domains have been defaced by a person calling themselves TiGER-M@TE.
In addition to the defacement on Monday, Th3Pro also released the SQL tables, including emails, usernames, and passwords, used to access Harvard’s CMS.
Video and images are on page 2.