Hacker Who Posted ‘pwned’ To MIAA Website Says He Hopes To Help Exposing Security Flaws

High school sports

“I literally wanted to talk to these people.”

A hacker known as “netsaosa” and “g0retrance” entered the MIAA website on Monday, hoping to draw attention to the site’s insecurities. Screenshot courtesy of Meredith Perri

A hacker who uses the pseudonyms “netsaosa” and “g0retrance” entered the Massachusetts Interscholastic Athletic Association (MIAA) website Monday and posted “pwned”, briefly derail the release of official statewide MIAA media for state tournaments.

Reporters noted the delay before Meredith Perri of MassLive.com realized the site was compromised.

A pop-up in front of the site redirected users to a Twitter account for g0retrance. At the bottom of the page, under the word “pwned”, g0retrance on the left the message, “Should have listened to my emails instead of ignoring me… don’t worry, it’s harmless.” just to get your attention 🙂 ”

According to g0retrance, who spoke to Boston.com by email Monday night, the intention behind the hack was simply to draw attention to the flaws in the MIAA website.

“I didn’t hide on purpose because I literally wanted to tell them about it,” g0retrance wrote. “I wanted to help, but I was ignored. “

The user first noticed the flaws in late September and said they contacted the MIAA by email noting the vulnerabilities.

But according to the hacker, the MIAA never responded to several requests.

“You know what’s funny… I actually had no idea what was going on today,” g0retrance wrote, referring to the statewide release of the media. “I just did it again because I was bored and got no response from [the] MIAA.

According to g0retrance, the site’s problems could have triggered “a series of events that could be damaging to the site’s reputation and even user data” if discovered by a bad actor. To access the site, g0retrance described a process by which they accessed login cookies and obtained administrator access.

A user seeking to do more than publish “pwned” could have done a number of malicious things, by g0retrance, including surreptitiously gaining access to an individual user’s data.

“I’m sad it turned out that way,” wrote g0retrance. “I literally wanted to talk to these people. “

In a statement to Boston.com, an MIAA spokesperson said he was aware of the situation and was “working with the developer of our site to address any potential issues with the website.”

By g0retrance, the problems were indeed corrected – subsequent attempts to access the site were rejected. However, they were disheartened that an attempt to help the MIAA protect its website from future hacks – or even hacks that have already occurred – could lead to legal problems.

“They ignored me. ignored me. ignored me, ”g0retrance wrote. “Honestly, I feel desperate now because now I am threatened with legal action, someone really malicious could have done something much worse; what I did was basically harmless.

“I had no intention of such chaos happening.”

About William G. Patrick

Check Also

Top Russian website briefly publishes material critical of Kremlin amid crackdown and war

PRAGUE — Svyatlana Tsikhanouskaya, an exiled democratic opposition leader in Belarus, says her country’s fate …