Mass hack takes out govt sites
IIS flaws used to bring down sites on three continents
A hacking spree last weekend saw military and government Web sites defaced on three continents in what its perpetrators claimed was the largest mass defacement in the history of mankind.
The graffiti artists, known as Pentaguard, took out government Web sites in the United Kingdom, Australia, and the United States and defaced them with the same message. This consisted a profane rant full of hacker in-jokes, bragging and references to beers, sexual desire for female hackers and Ferraris (a copy of which can be seen here.
Staff at Attrition.org, a Web site which tracks defacements, said it was highly unusual for hackers to deface a large number of sites in different nations in different time zones all at the same time. Attrition.org backed up the claims of hackers about the scale of the attack and said it was one of "the largest, most systematic defacements of worldwide government servers on the Web" it had ever seen.
Paul Rogers, a security consultant at MIS Corporate Defence, said that the attack was well planned. He said it was likely a number of people were involved and that the attacks were automated and carried out against sites whose security was found to be lax.
"All the UK sites were running NT and Microsoft IIS [web server] and were hosted by ISPs - which raises the question of who's responsible for the security of hosted sites," said Rogers, who said that all the other sites were running similar configurations using IIS4.
"It's not difficult to retrieve list of government servers and look for weaknesses with them using automated scanners," he added.
US sites targeted included the Republican Caucus for the California Legislature, whose Web site has recently been shutdown because of the Californian power crisis. The Alaskan Office for the Department of Interior Web site was also hit, which points towards an overt political motive for the defacements. This is because Bush nominee Gale Norton, who favours oil prospecting in the Arctic National Wildlife Refuge, is set to be confirmed as the US Secretary of the Interior.
The British defacements consisted of a series of small municipalities as well as city and county governments - including a Web site set up by the UK Government to spread information on mad cow disease.
Australian targets were mostly local authorities with the exception of one attack, which took down a legislative search application for the entire Commonwealth of Australia.
Pentaguard is well known in security circles and even prior to this attack was the largest defacer of government and military Web sites, previous targets included Nasa and government Web sites in China, Kuwait, Georgia, and even Vietnam. A sampler of Pentaguard's work can be seen here. ®