Vulnerabilities in the Government of Gibraltar website exploited by malicious parties who rewrote official web versions of the British Overseas Territory’s laws.
An SQL injection vulnerability in the website of Gibraltar’s Government has been exploited by malicious parties to rewrite official version of the British Overseas Territory’s laws. The vulnerabilities, which were discovered by security researcher Ax Sharma, paved the way for an authorised access which saw the removal and modification of PDF files to the official online repository of Gibraltar’s laws.
An investigation into the case found that malicious individuals have used freely downloadable software suite to alter online versions of law. The affected pages have since been taken down but the incident will serve as a reminder to system administrators that security practices remain important as ever.
A Gibraltar government spokesman said: “This matter has now been dealt with and the major vulnerabilities have been mitigated. However, within the next couple of days, this section of the website will, in any event, be relocated to an entirely new website.”
“It should also be noted that the Government of Gibraltar website is hosted outside our corporate network and therefore the earlier vulnerabilities posed no risk to the security of the government’s communication systems.”