A tweet this morning alerted us to the hacking of popular Zimbabwean entertainment blog, Zimbo Jam, by hackers calling themselves “Teamr00t”. Visiting the website a few minutes ago would load this:
As far as we can tell this looks like a random hit, and not specifically targeted at them as a company. The hackers, who have gained notoriety for hacking government websites, have been quite active in November and December. A website called E hacking news shows recent exploits of the hacker group. Websites belonging to the governments of Mexico, Israel, Burkina Faso, Philippines, Brazil, Paraguay, Peru, Indonesia, Thailand and Zambia have fallen victim to the group in recent months.
The group posts updates of its hacks to their twitter account, @teamr00t.
Like teamr00t’s other hacks, the Zimbo Jam website has the message:
You can’t separate peace from freedom because no one can be at peace unless they have their freedom.” No one is born hating another person because of the colour of their skin, or their background, or their religion. People must learn to hate, and if they can learn to hate, they can be taught to love; for love comes more naturally to the human heart than its opposite….The Palestinian-Israeli conflict is not just an issue of military occupation and Israel is not a state that was established “normally” and happened to occupy another country in 1967. Palestinians are not struggling for a “state” but for freedom, liberation and equality: Free Every Occupied State, End The Occupation… Teamr00t Have Arrived!!! We are the voice for the suppressed people of the world, and we will show you the truth
Zimbo Jam uses the Joomla content management system. Such hackings are usually a result of vulnerabilities in the CMS or the CMS’s extensions being left unpatched. It may also be an issue of the website’s host server being vulnerable to such attacks.
19 comments
That’s sad
Yeah, the response-time is appalling. Everyone can be hacked (and I mean everyone, you just need to have a sufficiently motivated aggressor. NSA, CIA, Google, Microsoft have all been hacked at one point or another). Show me an ‘unhackable’ site, and I’ll show you a pompous, inexperienced, self-deluded developer/admin.
What sets apart the pro’s from the amateurs is how the response (or lack thereof).
Haha maCMS asvodesa kisimusi ino. I suppose after this months’ hacks launching a startup using the popular CMSes will discredit “seriousness” and “technical ability” subconsciously, or consciously even?
Your comment exposes the exact problem why so many zim CMS sites are getting hacked.It results from lack of proper knowledge about the CMSs and basic web security knowledge just like yr comment
You may have missed my point Antony. Sorry if you took offense. I’ll stop commenting about things i don’t know about i suppose, web security, CMSes & programming 😉
Merry christmas
You’re righter than you think: given the choice between a widely used, battle-tested off-the-shelf CMS and a custom-implemented CMS by random-local-developer X (me included): guess which I’d choose? Core CMS developers know their web-sec stuff. It’s the less-tested plugins/modules that are questionable.
l got your point hard and clear l think we need to stop blaming the tool and blame the handler
what a jerk of a comment. people are just not implementing security updates being released each and everyday
You may also have missed my point Batman. Sorry if you took offense. I’ll stop commenting about things i don’t know about i suppose, web security, CMSes & programming 😉
Merry christmas to you too
Seems your comment was lost in translation! Agree with u tho, its all about lack of knowledge on how to secure these CMS. And the results r evident, like it or not.
it kind of makes me want to write a book caLL web securty for idiots caming next year….
chazvavabatsira ndopasina hapo, they have too much time on their hands