No one actually hacked the Russian Foreign Ministry

Russia's foreign ministry building. (Bernt Rostad / Flickr)

Share

Written by

At first it looked like the latest strike in an intensifying cyberwar between Russia and the United States.

A Russian government website was widely reported to be hacked and defaced on Friday. CNN credited an “American vigilante hacker” known as The Jester with “gaining access to the Russian government ministry’s website” and leaving a message for Moscow to stop cyberattacks on American targets. Fox News reported that “anyone who visited the Russian site” saw the Jester’s message.

In fact, there was no hack or breach of Russia’s ministry website. The Jester never gained access to any Russian website. The supposed defacement never really took place and the media’s excited reporting on the incident has been thoroughly debunked. Russian officials denied such a hack took place and even The Jester’s own blog has since explained that “the target site was in no way damaged or breached.”

The news came on the heels of a massive denial-of-service attack against American targets on Friday. The multiple waves of attack brought down websites including Box, GitHub, PayPal and Twitter. The weapon was a massive botnet of Internet-connected devices like webcams that are now part of a major product recall following the attack.

Here’s how it worked: Jester published a link from Twitter. The link went to a newly created site containing what he describes as XSS code with his message to Russia, then redirected the user to the Russian website, and appeared to fill it out with The Jester’s warning message to Russia. The only people who saw the message had to click The Jester’s link. The only deception took place on those people’s machines.

The message was not actually on the Russian website itself, there was no breach or defacement of the Russian government website despite earlier claims, and no Russian government website was ever under the control of any hacker. The incident was portrayed in mainstream media as something else entirely.

FinalScreenGrab-1

“He exploited an XSS [Cross-site scripting] vulnerability basically but never really reached the actual site,” Khalil Sehnaoui, a Middle East-based cybersecurity specialist and founder of Krypton Security, told CyberScoop. Only Jester’s own followers who clicked the link he offered were tricked.

“No one really knows what they are talking about and people usually want to just report on stuff to be the first to get the story out without checking everything,” Sehnaoui said.

This latest flurry of activity comes in a year of rising tensions between Russia and the United States, especially on the cyberspace front. American authorities have openly accused Russia of being behind hacks and leaks against the Democratic National Committee in a bid to influence the 2016 presidential election.

The Jester used his message to accuse Russia of being behind Friday’s massive denial-of-service attack against American targets.

“Now, you can do the usual, shrug, smirk, and say ‘there’s no evidence’ that points to Russia being behind any of this stuff, and you can get the Russian Ambassador to US to post some mildly amusing quips over Twitter,” the hacktivist wrote. “But let’s get real, I know it’s you, even if by-proxy, and you know it’s you.”

No evidence of Russia’s guilt in Friday’s attack was offered.

After initial publication, The Jester offered clarification on his actions which are now reflected in this article.

-In this Story-

cross site scripting, Jester, Russia, United States, XSS
TwitterFacebookLinkedInRedditGoogle Gmail