Hackers’ posts on epilepsy forum cause migraines, seizures
SAN FRANCISCO — Computer attacks typically don’t inflict physical pain on their victims.
But in a rare example of an attack apparently motivated by malice rather than money, hackers recently bombarded the Epilepsy Foundation’s Web site with hundreds of pictures and links to pages with rapidly flashing images.
The breach triggered severe migraines and near-seizure reactions in some site visitors who viewed the images. People with photosensitive epilepsy can get seizures when they’re exposed to flickering images, a response also caused by some video games and cartoons.
The attack happened when hackers exploited a security hole in the foundation’s publishing software that allowed them to quickly make numerous posts and overwhelm the site’s support forums.
Within the hackers’ posts were small flashing pictures and links — masquerading as helpful — to pages that exploded with kaleidoscopic images pulsating with different colors.
“They were out to create seizures,” said Ken Lowenberg, senior director of Web and print publishing for the foundation.
He said legitimate users are no longer able to post animated images to the support forum or create direct links to other sites, and it is now moderated around the clock. He said the FBI is investigating the breach.
Security experts said the attack highlights the dangers of Web sites giving visitors great freedom to post content to different parts of the site.
In another recent attack, hackers exploited a simple coding vulnerability in Sen. Barack Obama’s Web site to redirect users visiting the community blogs section to Sen. Hillary Rodham Clinton’s official campaign site.
The hackers who infiltrated the Epilepsy Foundation’s site didn’t appear to care about profit. The harmful pages didn’t appear to try to push down code that would allow the hacker to gain control of the victims’ computers, for instance.
“I count this in the same category of teenagers who think it’s funny to put a cat in a bag and throw it over a clothesline — they don’t realize how cruel it is,” said Paul Ferguson, a security researcher at antivirus software maker Trend Micro Inc. “It was an opportunity waiting to happen for some mean-spirited kid.”
In a similar attack this year, a piece of malicious code was released that disabled software that reads text aloud from a computer screen for blind and visually impaired people. That attack appeared to have been designed to cripple the computers of people using illegal copies of the software, researchers said.
