It was a busy weekend for hackers when first Google’s YouTube was compromised, then hundreds of iTunes accounts were hacked and finally to top it off Wikipedia was down due to power shortage. Three of the biggest websites in the world hacked on the same day. How safe is our internet in this the 21st century? Could this be the start of the end for the net?
Google, who own YouTube was the first at the hands of the hackers, who had to act quickly to fix a cross-site scripting (XSS) vulnerability on the site on the 4th of July.
Google was alerted to the security flaw in their system when social networks, such as Twitter and facebook as well as the YouTube support forums, were lit up with users reporting pop-ups when watching videos. This pop-up reported that the Canadian Pop Star, Justin Beiber, had died in a car crash.
Google reports that the hackers placed code in the comments section of the site that ran when a video was played.
A Google spokesperson said that:
“We took swift action to fix a cross-site scripting (XSS) vulnerability on youtube.com that was discovered several hours ago. Comments were temporarily hidden by default within an hour, and we released a complete fix for the issue in about two hours. We’re continuing to study the vulnerability to help prevent similar issues in the future.”
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. (Wikipedia)
After users were just about recovered from YouTube’s security vulnerability, they tried to login to their iTunes account to find that up to €1,000 was taken from their credit cards through their account illegally. This problem was reportedly caused by a Vietnamese developer, Thuat Nguyen, who makes Japanese Manga book titles.
At one point the books where so popular that they occupied 40 out of 50 of the top places in the book section of the iTunes store. The apps in questions were removed and users affected are to call their banks to insure that all monies are refunded. Users were also urged to change their passwords and remove their cards details from their accounts.
And just after midnight all websites associated with the Wiki Foundation went down. People immediately rumoured another site compromise. Only later it was reported that a power storage in one of its main data centres in Tampa, Florida was the reason for the downtime of the sites. The sites were down for well over four hours while the data centres recovered from the outage.
A spokesperson said on their Twitter profile: “Thanks for being patient, everyone. We’ve figured out the problem: power outage in our Florida data center. Slowly coming back online!”.
Experts said that YouTube and iTunes’ compromises were carefully planned for the 4th of July, as it would be a day that IT departments in the US would be less vigilant and it would take longer to resolve issues as less staff would be working on the date.
Investigations are ongoing into all cases.
Post written by David Kirwan.