A group of Iraqi hackers called Pro_Mast3r defaced a Trump website

The group of Iraqi hackers called “Pro_Mast3r” has breached the server hosting a Trump website associated with campaign donations.

A group of hackers who is calling themselves “Pro_Mast3r” has defaced a website associated with President Donald Trump’s presidential campaign fundraising on Sunday.

The website was hosted on the server secure2.donaldjtrump.com that is managed by the Cloudflare content management and security platform.

The website is not directly linked from the Trump Pence campaign’s home page. According to the Ars website, the hacked machine is an actual Trump campaign server that uses a legitimate certificate.

“But it does appear to be an actual Trump campaign server—its certificate is legitimate, but a reference to an image on another site is insecure, prompting a warning on Chrome and Firefox that the connection is not secure.” states Ars.

The defaced page displayed an image of a man in a fedora and the following text:

Hacked By Pro_Mast3r ~
Attacker Gov
Nothing Is Impossible
Peace From Iraq

The analysis of the source code of the page revealed the presence of a link to a javascript on a now-nonexistent Google Code account, ‘masterendi’. This account was associated with the hack of other websites.

The script is a snow animation script, it doesn’t include any malicious component.

The strange circumstance in this hack is that attackers included JavaScript that was no more available in the wild.

Archive.org  includes several instances of the link at this specific Javascript, but they are no more active since 2015.

At the time I was writing the server is down.

Let’s wait for a reply from both Cloudflare and the Trump-Pence campaign team.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Pro_Mast3r, Trump website)