Serious investigation into hacking attack on Ab's website

The National Bureau of Investigation (NNI), together with foreign counterparts, is investigating hacking attacks on the websites of the Constitutional Court (Ab).

The Ab's website was hacked on Sunday night, hackers added several paragraphs to the National Creed of the Basic Law and the subsequent chapters on the Ab's website. For example, it was written into the text that "IT workers can retire with 32 percent of their salary at the age of 150", and also that Anonymous and other self-organized IT groups and individuals can be obliged to take action against external and internal threats to the country.
Anonymous has carried out a number of cyber attacks worldwide in recent months. Interpol managed to arrest 25 members of the hacker group in Europe and South America last Wednesday.

László Bartha, a NYI spokesman, stated at the request of MTI on Monday that NYI, in cooperation with foreign counterparts, is prosecuting a well-founded suspicion of a computer system and data crime. In view of the interests of the investigation, it has not yet provided any further information.

András Sereg, a spokesman for Ab, informed MTI on Sunday afternoon that the server had been temporarily shut down. The Ab website has not been accessible since then. 

Zsolt Kőrös, the managing director of Noreg Kft., Which deals with information security, told MTI that almost nothing can be known about the Anonymous group or organization, as hiding is the basis of existence. Nor is it known that a Hungarian website with more serious protection was attacked. The group is carrying out spectacular attacks as their main goal is to get into the news.
He said their method is a simple attack, as a lot of programs can be downloaded from the internet to crawl a website’s vulnerability. The method is to single out a website, look for intrusion points on it, and then attack it with programs that can also be downloaded from the Internet. Once they get in, they delete or rewrite something on the site according to their purpose, possibly paralyzing it, or taking control of it.
On the specific case, he said the Constitutional Court’s website is probably not among the most protected because it does not contain confidential data or provide a service that requires more costly protection, unlike, for example, the tax authorities or banks.
He added that because both websites and programs are created by people, all of them are vulnerable, though, manufacturers issue bug lists from time to time to draw attention to shortcomings. Patches are also reported, but not everyone uses them.

László Gombás, a senior security engineer at Symantec Hungary, which also deals with information security, said that the hacker group Anonymus is sometimes assisted by a larger circle. They take advantage of the fact that they can connect to promotions quickly and anonymously on the Internet, and thus achieve results even with the simplest method, overloading the systems.
He added that the general trend is to increasingly target networks that operate critical systems, such as power plants, industrial process control systems.
Before the attacks, they study, learn about, map the target, then penetrate the system with the appropriate code, and the malware starts collecting data. They do this more and more quietly, slowly, in a way that is not noticeable to security software, and then the information is exported and used on an encrypted channel - said László Gombás.

Source: MTI