Dolphin Stadium Hacked For Super Bowl
By Dan Morrill
Article Date: 2009-02-10
In what is becoming far too normal, the Dolphin Stadium Web Site was hacked for a few hours and was delivering malware to people who visited it.
The American Football League is looking for information on the hacker that broke into the Dolphin Stadium Web site and hacked it so that it would deliver malware to the millions of people who will be visitng the web site on Feburary 1st, 2009. The site was cleaned up and no longer poses a threat to people, but in the longer run, this is part of a far more interesting trend in malware delivery.
American Football fans looking for information on the Super Bowl in Miami may have found themselves with a nasty malware infection following a successful web attack on Jannuary 30th, 2009 . Dolphin Stadium, the venue for the game, had its website compromised and injected with exploit code, a stadium spokesman told vnunet.com. The attack was detected and removed within a few hours, and the site currently poses no danger to users. Source: Vunet
Hackers go where the people are, and when building a botnet hackers are going to take advantage of big events like the Superbowl. What is problematic is that the site was hacked, I would have thought that they would have had someone at least pentesting the site before the event. There is no indication that they did, there is also no indication that the AFL did not do this either. The draw of the event is what drew the hackers, and while it is easy to say "their security could be better" at least they discovered it quickly and fixed the issue, or at least got the site to stop delivering malware.
Good for the AFL security team that they fixed this quickly, but anyone who visited the site needs to run malware scans and hope that their AV (anti-virus) will pick this one up. The other lesson to pull away from this is that any large event is going to draw hackers. We have seen this with the elections, and other major events. If you are planning on holding a major event, then you want to monitor your site closely to make sure that if it does get hacked you can fix it quickly. The other thing to do is pen test the web site just to make sure.
About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.