Spain's EU Website Hacked

2010-01-10

In early January, shortly after Spanish prime minister José Luis Rodríguez Zapatero became EU president, hackers defaced the EU presidency site by replacing a photo of Zapatero with British comedian Rowan Atkinson, also known as Mr. Bean, whom bears a slight resemblance to the president.

Hackers took advantage of a basic security hole involving cross-site scripting to replace the photo. Wikipedia describes cross-site scripting (XSS) as a type of computer security vulnerability typically found in web applications which enable malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites were roughly 80% of all security vulnerabilities documented by Symantec as of 2007. Their impact may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site, and the nature of any security mitigations implemented by site owner.

Although the photo was the only damage done to the site, it did cause problems due to the amount of traffic it generated. A source at Zapatero's Moncloa Palace offices stated, "So many people were looking for Mr. Bean that the site collapsed during the afternoon".

More information can be found here.