Anonymous Hacked the Data of More Than 1,000 Climate Change Officials

The hacktivist group has leaked private information from hundreds of Paris climate summit delegates.

<a href="http://www.shutterstock.com/pic-248701786/stock-photo-computer-programming-programming-using-laptop-computer-internet-technologies.html?src=kPddgj0tIG8720Enha8gyg-1-40">welcomia</a>/Shutterstock


This story was originally published by the Guardian and is reproduced here as part of the Climate Desk collaboration.

Hackers have leaked the private login details of nearly 1,415 officials at the UN climate talks in Paris in an apparent act of protest against arrests of activists in the city.

Anonymous, the hacktivist movement, hacked the website of the summit organizers, the UN Framework Convention on Climate Change (UNFCCC), and posted names, phone numbers, usernames, email addresses, and secret questions and answers onto an anonymous publishing site.

Anonymous claimed the attack was an act of protest against the arrest of protesters on a climate march in Paris on Sunday. Climate activists organizing a peaceful protest say that the demonstration was hijacked by a small group of anarchists who clashed with police. All public protests have been banned in the city since a state of emergency was declared after the terror attacks nearly three weeks ago.

Officials whose data has been leaked are from a range of countries including the United Kingdom, Switzerland, Peru, France, and the United States. Employees of the British Council and the Department for Environment, Food and Rural Affairs are among the British officials whose data is now in the public domain.

“For the UNFCCC itself it’s embarrassing,” says Oliver Farnan, security researcher at the Cyber Security Network in Oxford University. “The specific attack that was used [an SQL injection attack] is a well-known vulnerability…To have their entire user database compromised in this way demonstrates a lack of focus on security,” he said.

Farnan also said that the password encryption used by the UNFCCC appeared to be an “old and weak hashing algorithm,” that should have been “phased out.”

However the damage is likely to be limited, and mitigated by changing the passwords on any accounts that use similar passwords.

“Although it’s embarrassing, it’s essential to ensure that their users don’t get compromised in follow on attacks,” Farnan said.

More MotherJones reporting on Climate Desk

THANK YOU.

We recently wrapped up the crowdfunding campaign for our ambitious Mother Jones Corruption Project, and it was a smashing success. About 10,364 readers pitched in with donations averaging $45, and together they contributed about $467,374 toward our $500,000 goal.

That's amazing. We still have donations from letters we sent in the mail coming back to us, so we're on pace to hit—if not exceed—that goal. Thank you so much. We'll keep you posted here as the project ramps up, and you can join the hundreds of readers who have alerted us to corruption to dig into.

We Recommend

Latest

Sign up for our newsletters

Subscribe and we'll send Mother Jones straight to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate

Share your feedback: We’re planning to launch a new version of the comments section. Help us test it.