Secure Trump website defaced by hacker claiming to be from Iraq (ArsTechnica)

Someone calling themselves “Pro_Mast3r” managed to deface a server associated with President Donald Trump’s presidential campaign fundraising on Sunday, The server,, is behind Cloudflare’s content management and security platform, and does not appear to be directly linked from the Trump Pence campaign’s home page. But it does appear to be an actual Trump campaign server—its certificate is legitimate, but a reference to an image on another site is insecure, prompting a warning on Chrome and Firefox that the connection is not secure.

The page, now displaying an image of a man in a fedora, displays the following text:

Hacked By Pro_Mast3r ~
Attacker Gov
Nothing Is Impossible
Peace From Iraq

The source code contains a link to  javascript malware on a now-nonexistent Google Code account, masterendi, previously associated with the hacking of at least three other websites.

Ars reached out to both Cloudflare and the Trump-Pence campaign team for comment. As more information becomes available, we’ll update this report.

Source: SANS ISC SecNewsFeed @ February 19, 2017 at 12:39PM