Moody’s Hacked Posted on July 7, 2011 by Yves Smith Via Richard Smith and Tom Adams. FT Alphaville is also on the case and informs us that this is really not a hack but a URL script trick. Click to enlarge. I suspect many readers would be happier if there was a real hack in progress. Post navigation ← The Phantom Bond Market Vigilantes Guest Post: The Founding Fathers Tried to Warn Us About the Threat From a Two-Party System → Subscribe to Post Comments 20 comments readerOfTeaLeaves July 7, 2011 at 2:49 pm Whoa. ‘Hacking’ seems to be the Word of the Day. (See also: News of the World). Crikey. Baguda July 7, 2011 at 2:51 pm It was a real hack… When you acced to “Moody’s Research & Ratings” in facebook, you are redirected to that page… If you look now on facebook, you won’t find their page because they shutted it down… Is a real hack July 7, 2011 at 3:04 pm This was a real hack to Moody’s page. I’ve the link, but the comment is doesn’t allow paste full URL, I will try: http://www.moodys.com/pages/viewall_researchratings.aspx?bd=4294966708&ed=4294966848&rd=4294966708&tb=0&po=0&sb&sd&std&end&sk&ol&lang=en&cy=global&searchfrom=SearchWithin&kw=%3Cdiv+style%3D%22position%3A+absolute%3Btop%3A100px%3Bright%3A0px%3Bheight%3A950px%3Bwidth%3A965px%3Bz-index%3A5%3B%22%3E%3Cimg+src%3D%22http%3A%2F%2Fwww.pixoload.de%2F%3Fdi%3D1613100046698%22%2F%3E%3C%2Fdiv%3E bob goodwin July 7, 2011 at 4:40 pm I could not get the link to work either. As a software architect in the ‘internets’ I feel qualified to offer a couple of comments. The screen shot clearly has “moodys.com” in the url. This would not be possible if someone had not manipulated a machine they did not own – either at moody’s, or by embedding scripts unwittingly in an end users browser. I think either of these qualifies as a hack. Although the phrase ‘url trick’ seems to imply that Moody’s servers have not been breached, but I see no proof of that either. manipulating urls within a server farm is no less of a security breach than manipulating web pages or data. BondsOfSteel July 7, 2011 at 6:50 pm It appears to be a cross site scripting bug associated with their search functionality. Stepph July 7, 2011 at 10:37 pm Bob Said: “The screen shot clearly has “moodys.com” in the url. This would not be possible if someone had not manipulated a machine they did not own – either at moody’s, or by embedding scripts unwittingly in an end users browse” I disagree. You can set up your own DNS server and point http://www.moodys.com to your own, fake web server. We do such things all the time, for legitimate (internal testing) reasons. Heck, you can edit your local hosts file and save yourself the trouble. We do this too. You Dumb Ass July 9, 2011 at 7:47 pm And you can just write anything you want and take a screenshot you dumb ass. gatopeich July 8, 2011 at 3:47 am Dear “Software Arquitect”, this “URL trick” looks like a special kind of ‘hackless hack’ that has become very popular of late. It does NOT require modification or access to the ‘target’ servers, since all the information is injected in the URL. All it requires is a buggy server script that allows a part of the URL to be interpreted as HTML, thus showing whatever the ‘hacker’ wants. Such bugs are usually corrected as soon as the ‘hacker’ propagates his victory, since they are of a very simple nature. That’s why you usually only find them in the form of screenshots, which btw are really easy to fake, or eventually in Google’s cache if the URL gets popular as a google search before the bug is corrected. So rather than a hack, this is a bug in the server. (Not to be confused with SQL injection attacks, which might lead to more serious hacks.) Bottom line, looks like there was no security breach. Disclaimer: I despise Moody’s and what it represents. Psychoanalystus July 7, 2011 at 3:54 pm Serves then right!…LOL Psychoanalystus bob July 7, 2011 at 4:50 pm We are own you. Ethical Cracking July 7, 2011 at 5:14 pm Fannie Mae’s proprietary underwriting software. Pay Licensed Closed Source. Yearning to Learn July 7, 2011 at 6:11 pm are we sure they were hacked? looks like typical Moody’s research to me. hard to differentiate Moody’s “research” from hacker jokes these days. jonas July 7, 2011 at 7:34 pm hahahaha priceless Barry July 8, 2011 at 8:44 am This was an XSS, and not even a stored XSS at that. I wouldnt really class this as an attack, but meh… Rofl July 8, 2011 at 9:24 pm http://www.moodys.com/help.aspx?hlkw=http://www.moodys.com/page/search.aspx?kw=< this one will work…. sdfsdf July 8, 2011 at 9:25 pm http://www.moodys.com/help.aspx?hlkw=http://www.moodys.com/page/search.aspx?kw= dfsfsd TheBest7 July 9, 2011 at 10:19 am It was real, it showed up in the News in Portugal – we’re pissed off with Moody’s and many groups are launching stress attacks against them. Mine has over 50.000 people. Lookcloser July 21, 2011 at 10:15 am “it was real, it showed up in the news” ha…ha. this is exactly why humanity is totally going the wrong direction. “everything in the news must be true.” don’t forget that it is people like anyone behind the news. with their interpretation and their degree of comprehension. and when it comes to hacking, I personally highly doubt about their good understanding of the why and how. what? there was an expert? don’t worry, they are not all “experts”. thank you for the exhibit… Sniff July 15, 2011 at 8:09 am Whether it is a hack or not, got in the news all over the world and everyone is laughing on them. Moody’s and all the other companies like that (who caused the previous economic crysis as well) deserves every grief that people can throw at them. I’m not portugal, but feel the same as the people of Portugalia feel nowdays. Lookcloser July 21, 2011 at 10:10 am So many signs -if you zoom a bit- show that it’s a fake. Right now i think i would know how to do it but too lazy to try… it really seems not very complicated… Comments are closed. Tip Jar Please Donate or Subscribe!