dChan
Anonymous ID: beae90 Trump Website Hacked Oct. 27, 2020, 11:38 p.m. No.11319318   🗄️.is 🔗kun   >>3246

Deepstate bastards

 

On October 27, 2020 at approximately 4:50pm Mountain Time, Donald Trump’s campaign website, www.donaldjtrump.com, was defaced. The attackers left a message claiming they had compromising information on President Trump. The defacement page contained two Monero cryptocurrency wallet IDs encouraging visitors to “vote” by sending cryptocurrency to the wallets, indicating that if the first wallet received more money than the second wallet, the attackers would release this compromising information.

 

Technical Analysis

 

The campaign website made use of the Expression Engine CMS, a commercial CMS with few known vulnerabilities. The site used Cloudflare as a content delivery network (CDN).

 

Since the site was protected by Cloudflare, the attackers would not have been able to access the site via FTP or SSH unless they knew the Origin IP, that is, the IP of the server hosting the site. When a site uses Cloudflare, the Cloudflare servers are what site visitors access, rather than the ‘origin’ server that actually contains the content and any web application. Cloudflare tries to hide the origin server IP address, making it difficult to access that server unless you can discover the IP address.

 

The defacement page itself displayed two XMR (Monero) wallets. Monero is a cryptocurrency popular amongst threat actors because it uses an obfuscated public ledger. This means that, while transactions are recorded, they’re not currently traceable. This makes it impossible for outsiders to discover who sent money to each wallet or the amounts involved.

 

The attackers also left a Pretty Good Privacy(PGP) Public Key on the defacement page. A PGP Public Key can be used to verify signed messages and ensure that a message sender is the same person who posted the public key. If the attackers later decided to release information, they could prove they were the same threat actors who defaced the site by signing released information with their private key.

 

https://www.wordfence.com/blog/2020/10/trump-campaign-site-hacked-what-we-know-lessons-learned/