Welcome to the new HowToJoomla!

We've completely revamped the design to make the site easier to read and easier to navigate. We hope you like the changes!

Congresssional Joomla Web Defacements

January 28, 2010 | by Tom Canavan | 2 Comments

"Congressional Web Site Defacements Follow the State of the Union"
- Praetorian Prefect

An interesting problem that we as the US have is our denial of Cyberwar. While this post isn't exactly about that, it's close. Last Wednesday night during or after the President's State of the Union Address, several congressional websites were hacked by Red Eye Crew. Why is this of interest? According to Praetorian Prefect, they were all running Joomla!


One of the defaced sites. Source: Praetorian Prefect

A partial list of defaced sites (49 in total again, all Joomla) are:

A number of committee sites were hit as well. Praetorian states that the 'source' of the hack (other than Joomla!) is not known. Joomla! and its host of 3rd party extensions have suffered from a very high number of vulnerabilities. What I want you to take away from this article is not that Joomla! is safe or unsafe, but rather, the chances are good, the IT staff of these Congressmen and Congress women did NOT patch. They DID NOT keep up with Vulnerabilities by using a service such as this.

I implore you today to check your extensions, check your Joomla! level - take a few minutes and make sure that you are running the latest and greatest. If in doubt on how to conduct a simple security audit, then purchase Joomla! Web security the book from Amazon.

The saga continued on 1/28/2010 with the sites being in various states of up or down or not at all. However once the "spin" started it really started to get interesting. According to several press releases, the site, handled by GovTrends, had been hit before in August 2009 by hackers. The statement that was put out by the office in charge of these at House.Gov, the vendor (GovTrends) was in 'maintenance' mode, and that's when the attackers struck.

First of all anyone with any level of experience with Joomla! should quite honestly recognize the nonsense of this statement. Joomla, while it has its share of problems, doesn't suddenly become "vulnerable" because it's in maintenance mode. Further, if they were maintaining a firewall or other intrusion layer, other portions of house.gov would have been impacted. It appears however forty-nine sites were hit. This is most likely (speculation on my part) poor administration and security practices by the people in charge of these sites. They should be fired from their jobs.

My second thought is the fur will be flying (eventually) on Joomla.org with certain people stating "Joomla is secure - its' the 3rd parties" - and others blaming the sites for not following the checklist. I would say that overall is the wrong response on all fronts. Here's why - no one yet knows what happened. What we do know is they were hacked identically, apparently all at once. Some of these Joomla Instances (according to Netcraft) were on Windows and some on Linux.

What Joomla.org should do is contact the house.gov folks AND GovTrends to work with them to clear their name. The way the press releases are being written, (in some cases) it appears Joomla is THE cause. So - OSM - if you read this, I would encourage you to get involved now! Starting with a press release is a good idea. Following up with the staff of House.Gov to work with them is next.

My personal bigger concern, is not the black-eye that OSM/Joomla is taking that is minor. The bigger concern is WHY didn't the House.Gov technical staff activate their Business Continuity Plan? These aren't little, community organized sites. These are American Senators. Agree or disagree with their politics - they and we as the American Constituents deserve a more robust system.

The concern is IF it took nearly 19 hours to restore these simple Joomla sites, what does that say for our CyberSecurity? What does that say for protecting the US and our critical infrastructures from attack by an enemy? I would say it's an "F" in response by the vendor, by the Chief Administrative Office and those in charge. House Speaker Nancy Pelosi - has called for a review of the vendor and the technologies.

There SHOULD be an investigation, then the vendor should be dismissed if found to be incompetent. In corporate America, we would not have a JOB if this happened on our watch! This incident should be taken MORE seriously than in Corporate America. Or any other corporate structure in the world.

However - I am in serious doubt that this is any more than Political posturing. We as the Joomla community and as Americans should expect House.Gov to start at a minimum by installing better measures such as SecureLive.net on their sites to prevent stuff like this.

Thus the end of this story is this. Don't blame Joomla (the code base). Don't blame the 3rd party extensions. DO write AND test your disaster Recovery Plan. DO stop today and check your site.

In light of this, JoomlaRescue.com will do an inspection of your Joomla! site for $129.00 - we want to do our part to prove that Joomla!, while having its issues, does not deserve this black eye. If you would like to take advantage of this SPECIAL OFFER, visit us at www.joomlarescue.com, select HEALTH CHECK ONE and at check out enter the code "HOUSE" to get this special offer.

About the Author

Tom CanavanTom is a long time technologist, with over 24 years in the Computer and IT industry. His background includes many roles such as entrepreneur with getting notice by Entrepreneur magazine all the way to CIO.

He is author of two books, his latest being Joomla! Web Security. He is regarded as one of the top security professionals in the JoomlaSphere.

Read More

Trackback(0)

Comments (2)Add Comment

feedSubscribe to this comment's feed
1527
...
written by Bob Smith, February 02, 2010
i can shed some light on the debacle. i used to work for said company side-by-side with their former frontend developer who built those exact sites that were hacked. i heard him stress time and time again that they needed to be updated to no avail due to the owner, who wasn't the brightest bulb in the bunch and knew nothing about joomla. i left before the frontend dev decided to leave in 2009 due to a breach of contract by the owner and the frontend dev. that's only the tip of the iceberg for the incompetence and arrogance of the company and its owner. so, yes, the company is clearly in the wrong here and shouldn't be allowed in the house imo.

regarding okomo: it isn't even a cms. it's just a ‘really’ basic platform built on django masquerading as a cms, but definitely not a cms as the company states.

while, yes, i think a response is necessary on joomla's part, this company deserves no help whatsoever from the joomla community when they're not willing to accept it. it's a shame that such companies are allowed to represent joomla to the federal govt when so many people dedicate their time to the project. i can only hope the house blocks them from doing business there and that they learn a valuable lesson.

joomla should write a response and perform some positive pr to recoup what this company cost their brand.
1528
Joomla Hosting
written by Joomla Hosting, February 02, 2010
Joomla isn't the problem. Clueless site owners and admins are. I can't stress enough to customers how important it is to keep any open source software up-to-date. This includes Drupal, WordPress, phpBB and Moodle. 95% of the time they come out with a new update it is due to a security risk. Third party extensions and plugins also need to be upgraded as well.

Write comment

You must be logged in to post a comment. Please register if you do not have an account yet.

busy