Hackers flame grill Burger King website

[InfoSec News <isn () C4I ORG>]

http://www.vnunet.com/News/1118415

By James Middleton
March 1, 2001

Burger King's UK website was flamed grilled by hackers twice today
when its front page was replaced with a parody version of McDonald's
site.

Although the site has now been taken offline, mirrors of the
defacements kept at attrition.org hold valuable evidence which can be
used to track the intruders.

The burgerking.co.uk site runs on Windows NT 4 and Microsoft's
Internet Information Server (IIS), suggesting that this hack could be
the latest in a fast growing list of NT servers being compromised,
often through known vulnerabilities.

But the hacking group claiming responsibility for the defacement,
Dreamscape2K, may have left evidence which could be used to track them
down. The first defacement was actually hosted on the website
dreamscape2k.net and just linked to burgerking.co.uk.

The site appears to be the hackers' homepage, containing links and
downloads to Trojan horses and hacking resources, and offering contact
details for the individuals claiming responsibility for the hack,
Redsand and Dreamsdealer.

The site is hosted by and registered with a UK company, EasySpace.com,
and the domain holder is a Jack Ruiz, based in Texas. If this man is
connected with the hacking group, then they have left a very easy
trail to follow.

Black ID, the Glasgow-based design agency responsible for the creation
of the Burger King site, assured vnunet.com that it would be following
this avenue of investigation.

Ross Cairns, strategy director for Black ID, confirmed that the
company was responsible for maintaining the site "to a certain
degree", although the actual hosting is outsourced to another company.
He declined to name the company "until it had the opportunity to
correct the damage done to the site and put a legitimate and secure
version up".

He added that he would be grilling the company over its installation
of the latest patches to guard against known exploits.

Mark Reed, a network security analyst at MIS, suggested that the
burgerking.co.uk DNS server may have been hacked, and that the URL
redirected to the defacement page housed on the dreamscape2k.net
server.

Vulnerabilities in Bind, the operating system used by DNS servers,
have made major headlines over the past few weeks, including a much
publicised hit on the Nintendo site.

Reed said that because the Burger King site was running on NT and IIS,
there was a strong possibility that the hack could have been carried
out using a known exploit, almost as easily as saying "you want fries
with that?".

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".