Saturday, March 29, 2008

Hackers Attack Epilepsy Forum; Cause Headaches, Seizures

I have a colleague with epilepsy, and he told me today about an attack last weekend on the user forums of the Epilepsy Foundation of America (EFA), "the national voluntary agency solely dedicated to the welfare of the more than 3 million people with epilepsy in the U.S. and their families."

Apparently hackers went into the forums and laced messages with first animated GIF images, and then Javascript in an attempt to trigger seizures in users. And people wonder why I have doubts about the future of the human race.

Although that's the only forum my colleague visited, the forum at the National Society of Epilepsy (NSE) in the U.K. was subjected to the same attack last weekend. My colleague, fortunately, received a migraine from his visit, but no seizures.

Of those diagnosed with epilepsy, 3 - 5% are of the photosensitive type, in which seizures can be triggered by visual stimuli.

Both sets of forums have since been cleaned up, but why would anyone do this? Messages on the forum indicate that some even wondered about ever coming back to the forums. In this EFA thread Bella2 said:
So, it really freaked me out, the events of last week. Disgusting, graphic pictures kept popping up and I got the worst headache ever. I'm sure all of you had the same. I'm sure there were some who had seizures, too. I force quit my computer and all was normal again. The next day, I asked my husband to check it and it seemed fine too but I have been avoiding this site because I didn't know how long it would take to clean it up.
Here's a "thank you" note for the hard work the EFA did in cleaning up the forums.

And here's a general thread at the NSE about the problems of last weekend.

To make matters worse, the hackers laced the forums with viruses and trojans as well. It was noted by Southie in this thread, that her AV program caught the following:
Keylogger
Keystroke
Back-Door
JS/Popupper
Why would anyone do this? And who would do this? As I said previously, it just goes to show that there are some pretty evil people in the human race.

Wired seems to think it was the group Anonymous, which has been waging a cyberwar against Church of Scientology, but I see no reason why they would attack the EFA and NSE. Apparent members of Anonymous have posted on the EFA boards denying responsibility, and actually positing it was the Church of Scientology that attacked the sites, which makes no sense either.

In the end, while it does matter, we will probably never really know who attacked the sites. More importantly, the sites should take some steps to prevent the issues from occurring again: simply disabling Javascript and images in forums posts would be a good first step.

And let's hope this sort of thing never happens again.


No comments: