Feeds

Hackers hijack UK.gov wiki

Environment contract party - will it have cake?

SANS - Survey on application security programs

An attempt by a UK cabinet minister to discuss proposed environment policy using a wiki has ended in embarrassment after pranksters made merry at the expense of the Department for Environment Food and Rural Affairs' (Defra).

Tech-savvy environment secretary David Milliband was left with egg on his face after his department's draft "Environment Contract" wiki was edited to include spurious entries poking fun at the initiative.

Hours after publication of the policy, pranksters launched dozens of attacks against the wiki, hosted on Defra's official website. The heading for discussion "Who are the parties to the environmental contract?" became, "Where is the party for the environmental contract? Can I come? Will there be cake? Hooray!"

Responses to the question of "what tools can be used to deliver the environmental contract?" solicited the illuminating answer: "Spade, Organic Yoghurt Stirrer, Old washing up liquid bottle, Sticky Back Plastic."

Hackers suggested the correct tools to "create the right incentive frameworks" included a "Big stick" and an "Owl magnet".

Less light-hearted responses included criticisms of the government's use of taxes for "little tangible improvement" to citizens' quality of life. An image of a Swastika was posted in another attack. Around 170 spurious entries were reportedly made to the site.

As defacement archive Zone-h notes, the misuse of the government wiki was an accident waiting to happen.

"The reason why there were so many intrusions was in the structure of the document's page itself that used an editing technique which is very similar to the one of Wikipedia, that is, all the users with basic skills could get into the page and do whatever they wanted with the content," it reports.

After failing to stem the attacks, government sys admins purged the offending entries and temporarily disabled new entries.

Milliband said the attacks have not put him off the idea of using wikis for future policy consultation exercises.

"I gather that we have demonstrated the extreme openness of the wiki by playing host to some practical jokes plus a swastika. Strange how some people get their kicks. But the experiment will continue," he writes in an entry to his departmental weblog. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.