Olympic champion Phelps' website defaced in Turkish hack

Share this article:
Michael Phelps can fend off all competition in the pool, but he can't swim away from vandals in cyberspace.

The website for the Olympic champion, who just won eight gold medals in Beijing, apparently was temporarily defaced this week by Turkish hackers, according to a report Wednesday night on MSNBC.

A screenshot of the hack -- which did not appear to carry any payload, malicious or otherwise -- was posted Thursday on Digg. The defacement contained a link that led to a Turkish language website featuring some text, a picture of the Turkish flag and a portrait of the country's first president, Mustafa Kemal Ataturk. The text appears to be a patriotic quote from Ataturk.

The hack apparently occurred on the "Ask Michael" portion of the website, where users presumably can enter personal content. That section of the site was not reachable on Thursday and appears to have been taken offline.

Vaclav Vincalek, president of Vancouver-based Pacific Coast Information Systems, an IT consulting firm, said the hackers likely were "script kiddies" looking to make a political statement.

"He's famous," Vincalek told SCMagazineUS.com on Thursday. "It's kind of a trophy for hackers."

They likely were able to deface the site through an insecure web server, which enabled them access to the underlying directory, or through some attack means such as cross-site scripting, he said.

To prevent similar breakdowns, websites must run thorough scans of their code and ensure their hosting providers have applied the latest security patches, Vincalek said.

A Phelps website spokeswoman did not respond to a request for comment.




Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for ...

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger ...

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.