UPDATE 4.12.15: The United Nations climate secretariat spokesperson Nick Nuttall confirmed the leak of personal information of officials. Nuttall said: "I can confirm there was a hacking incident earlier this week and that has been handled by the conference's IT security experts."
Hackers affiliated with Anonymous have leaked the personal data of more than 1,000 officials at the UN climate talks in Paris. Anonymous claimed that the website of the UN Framework Convention on Climate Change (UNFCCC) was breached in protest of arrests made at a climate change march in Paris on Sunday (29 November).
Personal details – including names, phone numbers, email addresses and passwords – of 1,415 officials were posted to a text-sharing site on Monday. Delegates from the UK, US, India, China, Germany, France and dozens of other countries were hit by the attack on the UNFCCC website. Cybersecurity experts believe that the hackers exploited an SQL vulnerability to access the data, a relatively simple attack that is easily protected against.
"For the UNFCCC itself it's embarrassing," Oliver Farnan, security researcher at the Cyber Security Network in Oxford University, told The Guardian. "The specific attack that was used is a well-known vulnerability. To have their entire user database compromised in this way demonstrates a lack of focus on security."
Demonstrations in Paris were banned over security concerns in the wake of the terrorist attacks last month, however clashes with police erupted after some protesters defied the ban to form a human chain along the route of the cancelled march. In response, tear gas was deployed by police and mass arrests were made.
A hacktivist claiming to be behind the attack on the UNFCCC website revealed to Hackread that the arrest of 317 protesters in Paris provoked the attack on the UNFCCC website, revealing that the leak of data is more effective than simply defacing a site.
"We could deface the site, but that won't hurt them, we know data leak will and does so there's more to come," the Anonymous member said. "These hacks are not just against police brutality, these are also against COP21 to support Global Climate March."