Filed under: Defacements, Hacktivism, Personal Opinions, Security News
posted by D1m on 22 Feb 2007 06:49 pm
High-Profiled Websites Getting Hacked And Defaced
Everyday, the security of many high-profiled governmental, military, educational and corporate websites, is broken into by crackers who deface them. Although some defacers protest against wars and other just send greets to their cyberdudes, I believe that their true motive is to get to the top of the lead in “special” defacements. The defacers don’t want to admit this as the real reason for their attacks.
Zone-H.org has listed the following reasons in the “Attacks Notification” page:
- As a challenge
- Heh…just for fun!
- I just want to be the best defacer
- Not available
- Patriotism
- Political reasons
- Revenge against that website
Here is a list of notable hand picked defacements – archived in Zone-H.org:
US Governmental:
http://dbreports.lanl.gov Win 2003
http://learnlinc.oph.dhh.louisiana.gov Win 2000
http://elbertcounty-co.gov/events.asp Win 2000
http://gis.sedgwick.gov Win 2003
http://gis2.sedgwick.gov Win 2003
http://azdps.gov/inf4z.htm Win 2000
http://csdr-cde.ca.gov/nhst.htm Win 2003
http://join.cio.ca.gov/data/d7j.htm FreeBSD
https://restricted.gov.ca.gov/briefings/files/d7j.htm
http://appointments.ca.gov/3D.htm
Famous dot-coms:
http://flightpak.paramount.com Win 2000
http://vassiebel.volvo.com Win 2003
http://ecommercesuite.usbank.com Win 2003
http://panasonickorea.com Linux
http://beta.cmt.msn.com Win 2003
Famous dot-nets:
http://self.wind.it.net/ownz.htm SolarisSunOS
http://korea.net Win 2000
Most defacers of the above websites originate from Turkey, Brazil and Iran.
The sysadmins of insecure webservers and the developers of insecure web applications are mostly responsible for the cracking incidents. It appears to me that the crackers don’t have a specific target.
What they do most of the times, is to use a Netcraft and a Google website list generator. After they import the list into a scanner and scan thousands of websites for possible SQL injections, PHP inclusions, directory traversals, information leaks and other security vulnerabilities. There have been many cases of crackers using social engineering techniques, such as pretexting and phishing, in order to grant access priviledges to confidential information.
Screenshot of a Turkish Googler generating a list of *.gov/s (Click on thumbnail to view it):
on 25 Apr 2009 at 5:03 pm 1.john said …
f word!
on 07 Jan 2011 at 8:33 am 2.Misha Priewe said …
Rule of the post: Stay the efforts out of it