A hacker slices through the Thailand government’s websites, leaving 13 websites hacked and defaced, today, February 29, 2016. While the sites are still accessible and usable, our investigative reporters learned that the hack was executed by inserting a file named “x.shtml” on the following websites:
- bkp.go.th/public/x.shtml
- chaoprayasurasak.go.th/public/x.shtml
- kantharalak.go.th/public/x.shtml
- kohsichang.go.th/public/x.shtml
- non-ed.go.th/public/x.shtml
- nongkoo-br.go.th/public/x.shtml
- nonlocal.go.th/public/x.shtml
- phaidum.go.th/public/x.shtml
- ratchaburilocal.go.th/public/x.shtml
- samaesarn.go.th/public/x.shtml
- samutprakanlocal.go.th/public/x.shtml
- thanu.go.th/public/x.shtml
- wangpoem.go.th/public/x.shtml
The hacker left the following messages on the hacked government pages:
I Hack, When I Sad.
Fix your website sir
../404(Death)
So far, we haven’t determined exactly what motivated the attack (except 404’s alleged sad mood). The hack doesn’t look politically motivated, because of the security messages that 404 (Death) listed on the pages.
So far, we haven’t determined exactly what motivated the attack (except 404’s alleged sad mood). The hack doesn’t look politically motivated, because of the security messages that 404 (Death) listed on the pages.
So far, we haven’t determined exactly what motivated the attack (except 404’s alleged sad mood). The hack doesn’t look politically motivated, because of the security messages that 404 (Death) listed on the pages.
So far, we haven’t determined exactly what motivated the attack (except 404’s alleged sad mood). The hack doesn’t look politically motivated, because of the security messages that 404 (Death) listed on the pages.
How Was this Attack Executed?
While we aren’t sure why this hacker is “sad,” we were about to discover that all 13 websites were listed on the very same server. This means that the hacker was easily able to breach the site by accessing a vulnerable page with lax security or administrative control. From here, the hacker uploaded their deface page to the website’s directories that were all writeable. This made the hack simple, as this type of hack is one of the most common these days.
We’ll keep you up to date on possible updates of this hacking event, and we’ll make sure to deliver all of the juicy details and facts about this hacker to keep your information up to date. Stay tuned to the Hack Post for further information, and like always leave your questions and comments at the bottom of the page!
Leave a Reply