Senior Threat Researcher
François Paget is a senior threat research engineer and one of the founding members of McAfee Labs, where he conducts a ...
In France, July and August are the holiday season. Like my compatriots, I abandoned my workplace for several weeks in the southern sun. But I have to confess it was not an absolute desertion. From time to time, I had a quick look into French hacktivist activities. To demonstrate that hackers and hacktivists never stop, I have collected a few stories for you.
Not long before midnight on July 26, a tweet announced the Elysée Palace website displayed a cartoon image of Nicolas Sarkozy. Our president was pictured on a motorbike heading toward the gates of the palace. This was nothing serious: Using an old cross-site-scripting vulnerability, a joker had created a web page based on elysee.fr with an iframe pointing at a satirical website. No doubt the author was impatient for us to vote for a new president.
On July 29, a French member of the Anonymous group nicknamed Albert Spaggialulz (a pseudonym referring to the French criminal Albert Spaggiari) leaked personal details of regional leaders from Front National, a far-right and nationalist political party in France.
This hack demonstrates that many webmasters are not attentive to the security of their sites, especially SQL-injection flaws. Worse, the vulnerability at the Front National website was still present last time I looked.
On August 9, the French gray-hat coder Xylitol reverse-engineered and leaked a SpyEye loader module (for Versions 1.3.x) secured using VMProtect. Xylitol is a member of the Reverse Engineer’s Dream Team.
Even if this tutorial does not allow a criminal’s apprentice to use this powerful crimeware, this disclosure is not good news for the rest of us.
On August 17, a 16-year-old French girl known under the pseudonym Lamaline_5mg explained she executed her first hack by targeting the police union website of the San Francisco Bay area’s rapid transit system, BART. After claiming to be part of Anonymous, she retracted that statement and said she did it for the fun.
Still in Anonymous circles, French hacktivists and/or hackers meet in the Marais district of Paris. They squat in a building and support the Telecomix movement, known for having provided dial-up services to Egyptian protesters during the recent revolution.
I hope you had a great holiday and that you remembered to lock your e-doors while you were away.