Abu Dhabi, UAEWednesday 5 August 2020

Cyber attack: Abu Dhabi nursery's website hacked

The hacker wrote 'My Love Iran. Persian Gulf for ever' on the home page of the International Montessori Nursery.
The homepage for International Montessori Nursery in Abu Dhabi was taken over by a hacker who defaced the site in honour of his love for Iran. Screen Grab of www.imn.ae
The homepage for International Montessori Nursery in Abu Dhabi was taken over by a hacker who defaced the site in honour of his love for Iran. Screen Grab of www.imn.ae

ABU DHABI // An Abu Dhabi nursery’s website was hacked this week in what was believed to be a random cyber attack.

Instead of finding information about the International Montessori Nursery, anyone who logged on to www.imn.ae was greeted by a map of the Arabian Gulf and a message declaring the hacker’s “love for Iran”.

Using the tag HackeD By OmiDeR, the hacker wrote “My Love Iran. Persian Gulf for ever” on the home page.

A prospective parent spotted the hack on Sunday and alerted the nursery.

Barbara Knaap-Broughton, the nursery’s principal, said she was shocked when she realised the site had been targeted.

“I honestly do not know why they did it,” she said. “It was propaganda about Iran. We do not know why we were targeted. We do not have any political affiliations.”

Ms Knaap-Broughton contacted IT experts to restore the home page, who were working to figure out how the hacker managed to take control of the site and how the domain was so vulnerable.

“How it was possible? We do not know,” said Ms Knaap-Broughton. “Our website is generated in India.”

The website was running normally again by mid-morning yesterday.

Ms Knaap-Broughton said it was the second time the school’s website had been hacked – albeit not by the same hacker.

HackeD By OmiDeR has struck on other sites, including a kick-boxing website and a religious website based in New York.

The hacker’s identity is revealed by a trademark tag, sometimes accompanied by a hanging skeleton. The message – “My Love Iran” – is consistent on each site that has been disabled.

David Michaux, from cyber-security company Whispering Bell, said it was likely that whoever had changed the site scanned the internet for vulnerable domains and chose the nursery at random.

“This case is quite simple,” he said. “There are a number of different kinds of hackers that break in. What this guy seems to be is what is known as a ‘script kiddie’.”

Script kiddie is a nickname given to hackers that do not know how to write their own hacking programmes.

Mr Michaux said this sort of hacker is not a sophisticated cyber attacker. More probably it is a hacker who has learnt how to take control of a site through advice gleaned from the internet.

“He has basically managed to use some free tool from the internet to download some auditing tool used by professionals and potential hackers,” said Mr Michaux.

The tool allows users to see if websites have a vulnerable domain.

Mr Michaux said the hacker would have used the tool to check a host of UAE websites to see which were vulnerable to a cyber takeover.

“Once he finds he can exploit that security issue he can upload whatever he wants,” said Mr Michaux.

These kinds of hackers are often after the “fame and glory” that comes with hacking a site, he said.

“It is not something malicious. I would say it was extremely unlikely he has acted deliberately to target the nursery. I think it is simply a matter of looking for any site that is vulnerable and exploiting it.”


Updated: September 3, 2013 04:00 AM



Editor's Picks
Sign up to our daily email
Most Popular