A hacker in front of his screen.
(Illustration) -
Isopix / SIPA
A hacker has discovered that the website of a French school has a worrying computer flaw.
The security problem was detected by chance by the whistleblower, who contacted Numerama on Saturday, October 17.
The name of the private institution under contract has not been revealed, as the flaw has not yet been corrected.
Concretely, it allows anyone to connect to the site configuration interface.
In a few minutes, it is thus possible to leave a propaganda message on the home page or to create a new site in place of the original.
A hostage-taking on the Internet
But the flaw can be used to do more than just "smash".
A malicious person could use it to reach other sites belonging to the same school network and which are hosted on a common server.
It would thus be possible to launch a ransomware attack which would encrypt the data of several establishments.
Personal information of students and teachers would also be accessible.
The institution partly responsible
The establishment was warned by the whistleblower and by the editorial staff of Numerama.
The IT manager did not wish to reveal the identity of the external service provider in charge of the site concerned.
“It's not our problem, it's up to them to manage that,” he said.
The security problem would however be easy to solve, according to the hacker.
The school does not report directly to the rectorate, the director of information systems (DSI) cannot intervene.
If the flaw leads to a data breach, the establishment would be partly responsible, in accordance with the GDPR (European General Data Protection Regulation).
Politics
LREM hack in 2017: Six Russian agents indicted in the United States for global cyberattacks
High-Tech
US company pays hackers $ 4.5 million in ransom to recover data
School
High-Tech
Computer science
Education
Internet
Hacker