U.N. Secretary-General's Web Page Hacked

The United Nations reviewed the security procedures on its Web site Monday after a group of hackers posted anti-Israeli messages on the personal page of Secretary-General Ban Ki-moon.

A page usually featuring Ban's speeches of Ban Ki-moon on Sunday instead displayed messages which read: "Hey Ysrail and Usa dont [sic] kill children and other people Peace for ever No war."

The messages, apparently written by a group of hackers who go by the name CyberProtest, were posted in the early hours of Sunday, but had been removed by 9:15 a.m. EDT, a U.N. spokesman said.

• Click here to visit FOXNews.com's Cybersecurity Center.

"We are very concerned that this happened and we are investigating," the spokesman said. "We will make security changes to prevent this from happening again."

The messages were prefaced by the words "Hacked By Keremy 125 M0sted And Gsy That Is CyberProtest," a reference to a group of hackers — one of whom is Turkish — who have previously been associated with attacks on high-profile Web sites.

On Monday, a Web site run by one of the group, M0sted, had links to a number of other CyberProtest attacks, including on the sites of the carmakers Toyota and Nissan as well as Harvard University.

"M0sted" said that CyberProtest's objective was to spread the message "that the powerful have no right to oppress the powerless."

The Web site of another CyberProtest member, "Eno7" who described him or herself as an "IT security expert'" said that the group has been founded in response to the Israeli military offensive against Lebanon last year.

"The chief architects of this protest are myself, Eno7 from Turkey, and the byond hackers team from Chile. We expanded our efforts as nine other countries joined us afterwards," it said.

CyberProtest did not intend to disrupt the operation of its victims' Web sites, "only to give a message against war," Eno7 said.

Security experts said today that the attack was most likely conducted using SQL injection, where a hacker exploits a vulnerability in a site that allows it to be altered at the same time that pages are being requested.

"It needn't be a part of the site that allows visitors to interact with it — like a comments page," Steve Moyle, founder and chief technology officer of Secerno, a security firm, said. "Even in a 'read only' section, a hacker can issue a command that forces the database to issue information, and [when] they find that vulnerability, an attacker can gain full control of the site."

Among the other sites to have allegedly been hacked by CyberProtest are those of Nestle, the University of California and the Norfolk and Norwich University Hospital in England.

By Monday the Secretary-General's page had been restored to show extracts of speeches on climate change as well as on the adoption of a hybrid peace-keeping force in Darfur.