Hacker Defaces 720 Web Sites - Update

[William Knowles <wk () C4I ORG>]

http://www.newsbytes.com/pubNews/00/155368.html

By Adam Creed, Newsbytes
SEOUL, KOREA,
18 Sep 2000, 8:41 PM CST

At the weekend, a hacker broke into an Internet-connected computer
server and defaced Web sites hosted at over 720 domain names on an
apparent learning exercise.

Some of the sites remained defaced on Monday morning, with an
anti-racism message left by the hacker, who calls himself "piffy."

Piffy belongs to an Internet-based group known as the
RootShellHackers. On the group's Web site, at http://www.8op.com/rsh/
its members are described as Unix and computer security programmers.

"Not all of RootShellHackers deface as some people might have
noticed," reads the description. "We all enjoy programming and nix
based security. Most of us have been into computers and security for
under two years."

The site claims piffy defaced over 720 domains in the one night. The
server compromised appears to be host to a large number of small
Korean Web sites. Sites defaced included: igames.co.kr,
ijusikhoesa.co.kr, ijuso.co.kr, imalls.co.kr and inchoncity.co.kr.

Late on Monday, piffy - who would not reveal any more details about
himself to Newsbytes apart from implying he was thirteen years old,
confirmed he hit the hosting company.

Asked why the mass defacement was carried out, he said: "I do this a.
for learning (sounds stupod ehh?) and b. to get a message out (in this
event it was racism)."

According to piffy, the target was originally only www.kkkk.com . When
the hosting company was found to host a large number of sites, he
decided to plaster his message across them all.

Piffy claims he only altered the Web server logs and index.html files
of each Web site and patched the security hole - "for the admin" -
that allowed him to exploit the Web server after defacing the sites.

He did not seem to be concerned about being traced by authorities - "I
took steps to prevent this and cleared log files and didn't connect
from my own box," he told Newsbytes, via e-mail.

"Theres always the risk I will get caught. But I do this for a reason
I strongly believe in, and if the feds think that it is all that
important to track a 13 year old kid down for defacing some Web sites
(which I did no harm to besides the logs and the index html) so be it.
More waste of tax payers money."

But he added: "I think most likely they will pass this case up
considering it was based in Korea (I think... and hope)."


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".