24-year-old German hacker Matthias Ungethüm from Geringswalde, a certified penetration tester for vulnerabilities whose previous targets include websites of the CIA, NASA, and PayPal, decided to set his sights on the NSA.
“I thought there could be something to it and thought I would try,” he told The Local on Friday.
On the homepage of the NSA is the slogan “America’s Codebreakers and Codemakers.” With what’s called a “cross site scripting bug”, he changed the website slogan to the phrase “Examine Your Homepage!”.
“It took one night, then I was in there,” said Ungethüm to Bild. “In the hacker scene, the NSA site is something like the great price.”
This is harmless, because there is much more dangerous ways, namely if the result of this confidential prestigious page links to traps on the Internet.
Matthias Ungethüm: “For example, what now would be a nightmare scenario, to put it simply a sensible reason for it called could it be, why something must be updated, such as the browser or something. That is, if it says your browser is out of date and that‘s the real NSA page, then there is someone who will actually download this “update” is determined. Always a Trojan that is completely clear.”
The Trojan in turn is then on any other server and ensures that malicious programs nest on the user’s computer, who has visited the link. ., The user would not notice it at first, “You can see it neither in the link elsewhere that the page has been changed.” This would have the malicious program on the computer all the time and all the possibilities: spying on passwords, change the Home- banking programs – all of which would be possible. Technically, in this vulnerability is not even anything changed on the server, the NSA, but only on the answer page that has the user on the screen.
Quite a different story in the second vulnerability on the NSA website. Ungethüm here can not only change content on the page, but direct access to the server. The technical term for this technique is called “SQL injection“. The hacker uses it here simply that the NSA server does not check whether commands are entered in the address bar. Thus, it is possible to simply stop or completely shut it down the server for a certain period. Through this gap can also be output all the contents of the database. “That is, we might be able to access passwords that are set for the homepage. Or we could access areas that are not visible from the outside.”
Ungethüm has not penetrated for legal reasons, in the depths of the server. So we do not know what everything is stored there, and what hits were actually possible. However, he did some innocuous commands from the server to perform such calculation and comparison tasks. He notified a week before the NSA The vulnerabilities. Also MDR has contacted the Secret Service about the ARD office in Washington. But so far there are no answers. The error of the homepage are relatively simple. “This is no gap that really requires a lot of expertise, I’d say.” For the “American code breakers” as they call themselves on their side, Matthias Ungethüm thus represents an indictment of . For such a serious security problem should not exist on state pages.
The NSA has claimed to have closed the security hole on its website after the reporting by MDR. It is no longer possible to place by modified links strange graphics or photos on the page.