An unnamed hacker hacked the video conferencing software used by the Quebec Liberal Party and shared the news with the media.
Politicians are a privileged target of hackers, in many cases they totally ignore the risk of a cyber attack and their staff is not aware of ongoing espionage activities.
We read about hackers that influenced Mexican elections and recently the US Director of National Intelligence James Clapper revealed that attackers are targeting the campaigns of US presidential contenders.
It is clamorous the case of Hillary Clinton, recently Marcel Lehel Lazar also known as Guccifer has admitted the hack of her private email server occurred in 2013.
Today we will speak about the Canadian Quebec Liberal Party (PLQ), that fixed a security issue affecting the video conferencing software it used. It seems that an unknown hacker exploited the flaw to spy on the members of the Party obtaining access to information shared during private meetings.
The good news in this specific case is that the hacker was not ill-intentioned and ethically disclosed the problem to the Quebec Liberal Party staff allowing it to fix the issue.
The unnamed hacker revealed to the Canadian media that the video conferencing software used by the Quebec Liberal Party contained a security flaw and was not properly configured, the staff used the factory default password.
“A security flaw in the computer systems of the permanence of the Quebec Liberal Party (PLQ) allowed a user to observe and hear the strategy discussions of the party at its premises in Montreal and Quebec City.” reported the Le Journal de Montreal. “According to what we learned, the security breach used to hack the PLQ was the same type as the one that allowed two 14 year olds to hack an ATM of Bank of Montreal last week. That is to say, by entering a single password and commonly used by default.”
To be precise, the Quebec Liberal Party officials did not provide information about the way the hacker breached the system, it is not clear if he exploited the flaw or accessed it through the default password. Also in this second scenario, there are responsibilities of the IT staff of the party that also hasn’t monitored the access to the system.
The hacker logged into the video conferencing application multiple times accessing the Quebec Liberal Party (PLQ) meetings. He told the journalists about some of the topics discussed in the private meetings.
The hacker was able to start the video feed from video conferencing software using its cameras every time he wanted.
The PQL spokesman confirmed the security breach, but also added that no sensitive information was leaked neither secret issues were ever discussed in the meetings.
“We take very seriously this information,” commented the director of communications, Maxime Roy. “We already have a team of experts working to understand what happened and plug the computer breach on the most videoconferencing system as quickly as possible,” “For now, the important thing was to secure and understand what happened […] We are working with a supplier.” he added.
The experts investigated the issue for a few days then they fixed the vulnerability and changed the video conferencing software default password.
Source:https://securityaffairs.co/
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.