September 05, 2016
Teenage hackers have struck again. This time, a Sri Lankan teenager apparently broke into the personal website of the country’s president.
As reported by Sri Lanka’s Daily News, the 17-year-old from the province of Kadugannawa hacked into President Maithripala Sirisena‘s personal website to protest the date of upcoming exams. He was arrested on August 29 by Sri Lanka’s Crimes Investigation Department.
Acting as part of a collective calling itself The Sri Lanka Youth, the teen apparently hacked the site twice. The first time was on 26 August when a message was left expressing the group’s displeasure at exams being scheduled in April, during a Hindu holiday. The site was taken down ‘under maintenance’ for a short period.
Not satisfied with the first attempt, the group did the same the next day, posting another short message. It read: “We are extremely displeased about the decision to hold GCE A/L in April since the Sinhala/Hindu New Year falls in between the exam dates. Therefore, reconsider that decision. Furthermore, take care of the security of Sri Lankan websites. Or else, we will have to face a cyber war.”
The message continued, imploring the president to take a closer look at the problems of university students, ending with an injunction: “If you cannot control the situation hold a Presidential Election.”
The revelation here is perhaps less that the site was hacked for political motives than the purported age of the hacker.
So how did a 17-year-old hack into the personal website of a head of state? Some blame poor standards on the part of whoever built the website. The president’s website was built using WordPress, according to Amit Ashbel, cyber-security evangelist at Checkmarx.
He told SCMagazineUK.com: “WordPress is designed to allow easy website management and allows website owners to install plugins which allow additional features and functionality. While this approach is a great value for website owners it also has the potential to introduce risks via plugins which have not been developed properly or securely.”
Ashebel added, “Hacking is only difficult when the other side is implementing security and in this case I don’t think there was much security in place. In other words, if the website was properly built and secured, the hack would not have been that easy and would probably require a skilled professional.”
That said, finding a teenage hacker to be behind a major cyber-attack is not exactly a new thing. Whether it’s members of Lulzsec, some of whom are still in university, or Julian Assange’s attacks against NASA before he had reached his 18th birthday, youngsters appear to figure heavily in the cyber-underworld.
Norman Shaw, CEO of ExactTrak, offered some insight to SC: “To my mind, it’s because these kids grow up learning to code like they would learn to read and write and it’s like anything else, some people have a natural talent so they become exceptionally good at it.”
What’s interesting, said Shaw, “is whether or not they are hacking for malicious purposes, or just for notoriety. And if they’re not hacking for malicious reasons, why aren’t companies, and indeed nation states, trying to recruit their services to help them stop other, truly malicious hackers from getting into their systems?”
This is nothing new, added Graham Mann, managing director at Encode Group UK. He told SC, “back in the 1990s, so called ‘spotty teenagers’ were widely credited with the exponential growth in viruses. What’s different now from then is the connected economy; more precisely, the Internet. These teenagers now have direct access into the networks of organisations globally, from their bedrooms. Teenagers are also notoriously rebellious and hacking is a powerful weapon that is freely and cheaply available.”