Schooldesk has been hacked, 800 US school websites redirected to IS promotion video

[Master Disaster]

The Atlanta based company SchoolDesk was today hacked and a small injection made onto its server, this injection made 800 school websites across 5 states plus other government websites and some private company sites redirect all traffic to a YouTube video promoting Islamic State.

Quote

Some 800 schools across the US have been targeted by hackers and their websites redirected to an Islamic State-sponsored YouTube video.

 

The attack, which lasted a few hours, affected schools in Arizona, Connecticut, Virginia and New Jersey.

 

The hack, which also affected private companies and government websites, is being investigated by the FBI.

 

All the websites are run by SchoolDesk. The Atlanta-based company is advising administrators to change passwords.

The hack was discovered when an admin discovered a rogue file on the server route and has now been resolved but SchoolDesk are advising anyone with an Admin Password to change it immediately.

Quote

It said in a statement that "it immediately responded" when its technicians had found a small file injected into the root of one of its websites that redirected "to a YouTube video containing an audible Arabic message and a picture of Saddam Hussein".

 

"Although the exact method and point of intrusion is not yet fully known (possibly an SQL injection or through a user account with a weak password), we have added multiple layers of redundant protection to prevent this from happening again," it said.

 

On its website, Bloomfield School District, in New Jersey, said that its internal computer and data systems within the district "were completely unaffected".

 

Mark James, a specialist at security company ESET, said: "In this case, gaining access to change or plant a rogue file that redirects users to areas of your design is about as simple as it gets - small footprint, no potential warning signs and out before anyone notices - but the results are as bad as they get."

http://www.bbc.co.uk/news/technology-41918496

 

Well holy shit, talk about easy job to make the maximum impact.

 

I wonder how they got access to the master server root though?

[IziBartek]

Magic.

[Guest]

Imagine the stock drop (Don't know if they are a public company or not) for a hack like that. Now to wait for the parents response.

Edited November 8, 2017 by Guest
mistake -> hack for better clarification

[Ron31]

12 minutes ago, tjcater said:

Imagine the stock drop (Don't know if they are a public company or not) for a hack like that. Now to wait for the parents response.

Imagine how many kids might be radicalised.

 

[GDRRiley]

well thankfully my school doesn't use them. 

[ScratchCat]

7 minutes ago, Ron31 said:

Imagine how many kids might be radicalised.

 

That could only happen if the school allowed YouTube , if the kid decided to open one of these sites in the few hours the hack was in place.

 

With the average world knowledge of an American kid , they will not even recognise the person America waged war against , be able to understand the language  and let alone pay attention to it for more than 10 seconds.

[Sauron]

...an injection attack? Really?

[Master Disaster]

Just now, Sauron said:

...an injection attack? Really?

Sometimes KISS is the most effective technique.

[FPSwithaWacomTablet]

KISS at its finest....

[corsairian]

1 hour ago, tjcater said:

Imagine the stock drop (Don't know if they are a public company or not) for a hack like that. Now to wait for the parents response.

You'd be surprised. Look all that's happened with Equifax after their breach. Lol. 

[Guest]

19 hours ago, corsairian said:

You'd be surprised. Look all that's happened with Equifax after their breach. Lol. 

Dang they are like super powered cockroaches, only down ~27% since September. Would have thought it would be worse.

[Okjoek]

Aloha Snackbar. 

[IKnight]

How should this be possible? You'd think the servers are a bit more secure....