Kurdish Hacker Infiltrates Clarke Forum Website

At approximately 1:45 p.m. on Feb. 6, Rowan Humphries ’19 was inspecting the Clarke Forum’s website when she happened upon a message from a hacker under the name of MuhmadEmad, who had replaced two event pages with an image declaring the text “F**K ISIS!”

The page included an image of the flag of Kurdistan, the words “Long Live to peshmarga,” “KurDish HaCk3rS WaS Here,” the above-mentioned declaration against the Islamic State terrorist organization and an email account address.

The Dickinsonian attempted to reach out to MuhmadEmad through his posted email, but received no answer as of Tuesday, Feb. 7.

Humphries, a Student Project Manager at the Clarke Forum for Contemporary Issues, immediately reported the hack to Amy Farrell, the executive director of the Clarke Forum. “It was kind of wild,” said Humphries. “My other student workers…were all just really surprised. They were like, ‘Who would hack the Clarke Forum?’”

Kim Flinchbaugh, operations coordinator for the Clarke Forum, then contacted Ryan Burke of Academic Technologies. Burke manages and develops the Clarke Forum website, which was created using a website generator program, wordpress.org, and is separate from the main Dickinson College website. “He [Burke] knew exactly what to do,” said Flinchbaugh, “and it was resolved within minutes.”

MuhmadEmad’s hacking exploits have received some news coverage in recent days. On Feb. 7, The Irish Times, in an article titled “Kurdish hacker hits scores of Irish websites” by Joe Brennan and Mark Paul, reported that MuhmadEmad had hacked “Scores of Irish websites… over the weekend…” including the Irish National Treasury Management Agency.

MuhmadEmad reportedly hacked two specific Clarke Forum pages. The first was the information page for the event, “The End of the Ghetto? Gentrification in Black Neighborhoods 1980-2015,” which will be held on Apr. 25. The second was the information page for an event entitled “Suffragist 3.0: Women and Democracy Online,” which will be held on Apr. 27.

Burke said “I don’t think there was a specific reason the hacker chose the page they did. It was the most recently edited page so it appeared at the top of the list.” Flinchbaugh expressed the same opinion.

Burke said that “It is believed that the hacker used a vulnerability in an older release of the open source WordPress software.” He continued, “All user passwords were updated, the hacked post’s content was restored to its previous state and the core WordPress files were updated to the most recent released version.”

This theory seemed to be confirmed by “Brussels-based business technology website ZDnet, which was also affected,” according to The Irish Times, “claiming the attacks were linked to a vulnerability in publishing software provider WordPress’s system.”

Burke confirmed that the Clarke Forum website had never been hacked before.

The Clarke Forum’s website can be located at www.clarke.dickinson.edu.