Secure Donation Site for Trump and Pence Defaced by Iraqi Hacker
A secure site used to collect donations for Donald Trump was proven not to be so safe after one Iraqi hacker defaced it. The message contains one clear message: “Hacked by Pro_Mast3r ~/ Attacker Gov / Nothing Is Impossible / Peace from Iraq.”
The violation was reported over Twitter by user @pwnallthethings, who also noted that the site is hosted by Pantheonsite.io and is managed by WordPress.
As ArsTechnica reports, the server is behind Cloudflare’s content management and security platform. It does not seem that there is a direct link between the server and the Trump – Pence campaign home page, but it makes an appearance on Trump’s campaign server, indicating its certificate is legitimate. Chrome and Firefox have flagged it as insecure, however, because the image placed after the defacement was hosted on another site.
First defaced, then offline
This indicates that there was no real ill-will behind the attack, but it does point out there’s a serious security issue at hand. Taking into consideration how many sites hosted by WordPress have been defaced in the past few weeks after failing to update to the latest security patch, this may have something to do with how the attacker managed to get in. Had the attacker wanted to do some real damage, that could have also been possible.
It should also be mentioned that Iraq, which the attacker mentions in the message, is one of the seven countries targeted by Trump’s travel ban, alongside Iran, Libya, Somalia, Sudan, Syria and Yemen.