If you are anything like me, you might have found yourself ardently watching the news recently and in particular, the Paradise Papers. It reminds me of a brilliant story about a recent similar leak, the Panama Papers. When the Panama Papers were released a theory was floated that raised the hairs of web developers throughout the internet. You see the company at the center or the controversy, Mossack Fonseca, had a WordPress website. And on that WordPress website, they were running an old, vulnerable version of the well-known plugin Revolution Slider.
This is what is thought to have happened: an external script or ‘bot’ found that the version of Revolution Slider on the Mossack Fonseca website was vulnerable to uploading any file type. The hackers exploited this to upload a shell to the server, giving them full route access. At this point, Mossack Fonseca would nonetheless have been relatively unscathed, except they also kept their Exchange 2010 (mail server) within the same network system, giving the hackers access to all e-mail communication in and out of the company.The Consequences of a Hacked WordPress WebsiteContinue reading