Threat Management, Incident Response, TDR

Olympic champion Phelps’ website defaced in Turkish hack

Michael Phelps can fend off all competition in the pool, but he can't swim away from vandals in cyberspace.

The website for the Olympic champion, who just won eight gold medals in Beijing, apparently was temporarily defaced this week by Turkish hackers, according to a report Wednesday night on MSNBC.

A screenshot of the hack -- which did not appear to carry any payload, malicious or otherwise -- was posted Thursday on Digg. The defacement contained a link that led to a Turkish language website featuring some text, a picture of the Turkish flag and a portrait of the country's first president, Mustafa Kemal Ataturk. The text appears to be a patriotic quote from Ataturk.

The hack apparently occurred on the "Ask Michael" portion of the website, where users presumably can enter personal content. That section of the site was not reachable on Thursday and appears to have been taken offline.

Vaclav Vincalek, president of Vancouver-based Pacific Coast Information Systems, an IT consulting firm, said the hackers likely were "script kiddies" looking to make a political statement.

"He's famous," Vincalek told SCMagazineUS.com on Thursday. "It's kind of a trophy for hackers."

They likely were able to deface the site through an insecure web server, which enabled them access to the underlying directory, or through some attack means such as cross-site scripting, he said.

To prevent similar breakdowns, websites must run thorough scans of their code and ensure their hosting providers have applied the latest security patches, Vincalek said.

A Phelps website spokeswoman did not respond to a request for comment.




Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.