< Back

7th January 2020, 18:29

Security flaw leaves Gibraltar laws website vulnerable to alteration

A security flaw in the Government website meant that the text of Gibraltar's laws was, for a time, vulnerable to being altered online, and that staff members' details could be accessed.

The vulnerability was identified by security researcher, Akshay Sharma, and reported on in the online magazine The Register.

Mr Sharma found the flaw while researching Gibraltar's visa legislation, discovering that the Gibraltar laws website was, in his words, vulnerable to the "easiest kind of SQL injection".

Staff members' names, usernames and passwords were also accessible through the flaw, meaning their accounts could have been hijacked and used to alter the content on the website.

In response to GBC questions, the Government said the information on the website was not interfered with, and that the vulnerability was mitigated shortly after it was notified, adding the website has since been relocated.

The Government stated the Government of Gibraltar website is "hosted outside the corporate network", and that this means the earlier vulnerabilities "posed no risk to the security of any of the Government's communication systems".

For its part, the GSD said this was a serious breach of security, adding it appears to have been "quite an easy hack". MP, Daniel Feetham, said the Government must review its protocols to ensure it does not happen again. 

The relocated Gibraltar laws website