A Harvard Website was hacked recently, with 125 MB of records stolen and later uploaded to BitTorrent for Peer-to-Peer distribution. gsas.harvard.edu
was still down at the time this article was researched (it's back up now).
The site was a local Joomla
installation. A variety of simple Joomla! hacks have been identified and shared around the web in recent weeks. Most of these claimed vulnerabilities exploit weaknesses in 3rd party modules, which exposed some SQL Injection gaps. It is not yet clear whether the Harvard Grad. School of Arts and Sciences site fell victim to such an attack.According to Calum McLeod of protection experts Cyber-Ark
"the Harvard University hack apparently involves the complete site database -- allegedly including hidden system files. If the University had used a data encryption system on its most sensitive files, then this systematic site hack would probably not have occurred."
Although the methods employed by the hacker are not yet known, one popular hackers' board lists exploits for no fewer than 14 Joomla! components (url on request), all of which have appeared since the beginning of this month (Feb 2008). Popular modules cited as vulnerable include Galeria, Quiz, NeoGallery and a range of _com components. All the listed vulnerabilities were SQL Injection strings or remote SQL Injection attack methods.
SQL Injection is the same attack vector which has also been causing WordPress
users heartache lately: the popular WP-Forums module was recently declared vulnerable
owing to its susceptibility to SQL Injection. Don't worry: the module is on the operating table as we speak, and will doubtless be returned to full health before long.
Note also at the link above that a compulsory update of WordPress has been released to close another security hole. The news follows a spate of recent WordPress hacking incidents, which included a linkspam attack on Al Gore's CrisisClimate oganization
Ever trouble over just how hackers do it? Unfortunately, it's no big secret. We will shortly bring you a primer on some of the most common methods used to hack web content management systems, including SQL Injection. Stay tuned for more. [Update: We've now published the article on common hacking methods.]
NB Prior to press I contacted several core members of the Joomla! core team, who were at pains to point out that not keeping 3rd party modules/plugins up to date is most often to blame for SQL Injection attacks; and that the problem is by no means specific to the Joomla! platform, and is more properly attributed to individual webmasters.