Feeds

Mass hack takes out govt sites

IIS flaws used to bring down sites on three continents

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

A hacking spree last weekend saw military and government Web sites defaced on three continents in what its perpetrators claimed was the largest mass defacement in the history of mankind.

The graffiti artists, known as Pentaguard, took out government Web sites in the United Kingdom, Australia, and the United States and defaced them with the same message. This consisted a profane rant full of hacker in-jokes, bragging and references to beers, sexual desire for female hackers and Ferraris (a copy of which can be seen here.

Staff at Attrition.org, a Web site which tracks defacements, said it was highly unusual for hackers to deface a large number of sites in different nations in different time zones all at the same time. Attrition.org backed up the claims of hackers about the scale of the attack and said it was one of "the largest, most systematic defacements of worldwide government servers on the Web" it had ever seen.

Paul Rogers, a security consultant at MIS Corporate Defence, said that the attack was well planned. He said it was likely a number of people were involved and that the attacks were automated and carried out against sites whose security was found to be lax.

"All the UK sites were running NT and Microsoft IIS [web server] and were hosted by ISPs - which raises the question of who's responsible for the security of hosted sites," said Rogers, who said that all the other sites were running similar configurations using IIS4.

"It's not difficult to retrieve list of government servers and look for weaknesses with them using automated scanners," he added.

US sites targeted included the Republican Caucus for the California Legislature, whose Web site has recently been shutdown because of the Californian power crisis. The Alaskan Office for the Department of Interior Web site was also hit, which points towards an overt political motive for the defacements. This is because Bush nominee Gale Norton, who favours oil prospecting in the Arctic National Wildlife Refuge, is set to be confirmed as the US Secretary of the Interior.

The British defacements consisted of a series of small municipalities as well as city and county governments - including a Web site set up by the UK Government to spread information on mad cow disease.

Australian targets were mostly local authorities with the exception of one attack, which took down a legislative search application for the entire Commonwealth of Australia.

Pentaguard is well known in security circles and even prior to this attack was the largest defacer of government and military Web sites, previous targets included Nasa and government Web sites in China, Kuwait, Georgia, and even Vietnam. A sampler of Pentaguard's work can be seen here. ®

Top three mobile application threats

More from The Register

next story
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Bose says today is F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.