A forum on the website of the United Nations World Tourism Organisation (UNWTO) has been defaced and its database compromised by a hacking collective known as TeamPoison. The resulting data dump, posted online to a website called Ghostbin and viewed by the IBTimes UK, contains over 1,300 records with a slew of forum usernames, email addresses and MD5-hashed passwords.
The website, which was reportedly compromised via SQL injection, has been left with the following message: "Defaced by TeaMp0isoN - Greetz to Militis, Jimmy, Pseudo, MLT & Co." At the time of writing the defacement is still visible.
The WTO is an agency responsible for the promotion of "responsible, sustainable and universally accessible" tourism in the United Nations. Its membership includes 157 countries, six associate members and over 480 affiliate members representing the private sector, educational institutions and tourism associations.
"We have a lot more planned"
In response to an email from IBTimes UK asking about the motivations for the cyberattack and if any more leaks were planned, a spokesperson from the hacking group said: "We chose the UNWTO as a target because it is affiliated with the UN. If you've kept up with our previous activity, you would know that back in 2011 we did something similar only to a different UN-affiliated website.
"What's a better way to announce we're back than by going round two with the United Nations? As for any future releases/data dumps, we have a lot more planned, I will not however comment on any future releases, you'll have to wait for them."
Yet, in this instance, the database in question appears to be old and chock-full of spam-like usernames and email addresses – likely a result of a poorly protected sign-up verification process – so it is extremely likely that no sensitive information relating to United Nations' activity was compromised as a result of the attack.
However, as the group pointed out, a previous cyberattack against the website of the United Nations Development Programme (UNDP) in 2011 did indeed expose over 800 usernames, passwords and email addresses from an internal database.
In a statement posted online at the time (since removed) the group called the United Nations a "fraud" and made numerous references to alleged corruption and conspiracy-tinged political ideologies.
"A senate for global corruption, the United Nations sits to facilitate the introduction of a New World Order and a One World Government as outlined by Brock Chisholm, the former Director of UNWHO when he said: 'To achieve a One World Government, it is necessary to remove from the minds of men their individualism, their loyalty to family traditions and national identification'. United Nations, why didn't you expect us?"
Then, a year later, a hacker using the pseudonym 'Casi' claiming to be affiliated with TeamPoison also targeted the main UN website. The data in the resulting data dump included information from the site's database and a list of vulnerabilities.
IBTimes UK contacted UNWTO for comment but received no response by the time of publication.