Canadian Hackers Target With Message To Jon Stewart

Software on may have contained security flaws flagged in 2009

(Photos: Getty, Dreamstime, Photo Illustration: Robert A. Di Ieso/Vocativ)
Aug 03, 2015 at 1:48 PM ET

Donald Trump’s attorney Michael Cohen has dismissed a hacking attack on Trump’s corporate website, saying: “[Hackers] hacked into the Pentagon, for God’s sake.”

Hackers from the group Telecomix Canada targeted on Monday, posting a long farewell letter to “Daily Show” host Jon Stewart, a frequent critic of Trump and his presidential run. Rather than defacing the front page, the polite Canadian hackers posted a simple html page in which they thanked the outgoing TV host for “many happy years of quality journalism”. Stewart steps down as host this week.

At least some parts of appear to employ an old and outdated content management system that is accessible to the public and that may still contain security vulnerabilities noted as early as 2009.

Cohen told Vocativ that he had not been aware of the attack. Presented with a link to the defaced page, Cohen was dismissive of its significance, and somewhat surprised that hackers had managed to breach the defenses. “That’s really weird… You know, [hackers] hacked into the Pentagon, for God’s sake. It’s unbelievable… I’m going to have to reach out to our IT guy and figure out how they got through.”

At the time of publication, had taken down the hacked document, but the public-facing editing tool remained accessible.

Internet security expert Jim Walker said he believed hackers exploited “an obvious oversight on the part of the web designer who designed the website.” Walker, who’s known as the Hack Repair Guy, added: “They forgot to remove the Cute Editor demo, allowing editing of the page on the server.”

A person speaking on behalf of Telecomix Canada through Twitter told Vocativ by direct message that the group had not abused the content management system, and claimed “We entered the page via another channel.”

“The hole is actually more broad, but we took pains not to reveal that to avoid more destructive injections,” the person said.

They insisted the attack was “not meant as a malicious hack—it was/is what it appears to be—simply a thank you to Mr Stewart for his long body of work.”

At least two vulnerabilities inside the ‘Cute Editor’ content management system used on parts of have previously been identified. One such vulnerability, according to a post on, is that: “A remote attacker may be able to disclose sensitive information, steal user cookies, or escalate privileges.” An older vulnerability was posted on Exploit Database in 2009.