Hack Attack
Security Glitch Turns Major Web Sites Into Kosovo Billboards
By Andrew Chang
April 14 � This week, the tensions in Kosovo conflict reached around the world, into innumerable desktops � thanks to a group of hackers.
Hackers got into more than 50 Web sites � including those of some high-profile names, like addidas.com, mgm.com and viagra.com � in what appeared to be a coordinated effort to promote Serbs in Kosovo.
The sites were stripped of their content, and branded with an image of a two-headed eagle with the words, �Kosovo is Serbia.�
The two-headed eagle is a common image in southeastern Europe. It is used by Bosnian Serbs, as well as Albanians, the former Kosovo Liberation Army, and Russians.
One London newspaper report said the hackers had hit up to 2,000 Web sites.
Among the other sites that were hacked were indianajones.com and jamesbond.com.
Many of the targets were from the Balkans. The Kosovo Albanian newspaper Koha Ditore and the Albanian site Kosovoapress were also among those hacked, the BBC reported.
Most of the companies have since reclaimed their Web sites.
An Odd Discovery
Alex Jeffreys, technical director for WebDNS, a London-based Web security and registration firm, says he first noticed the hacking on Monday, when he noticed a large number of domains had changed ownership.
Jeffreys told ABCNEWS.com he was scanning a public directory of domain names when he noticed many of them had moved the domain name contacts away from their rightful owners to a Hotmail e-mail address.
It is unusual for established companies to move their contact e-mail address to a free e-mail service like Hotmail, Jeffreys said.
Signing up for Hotmail is almost anonymous � and brand-name companies usually have e-mail addresses based off their own sites.
Network Solutions to Blame?
All the hacked Web sites had been registered with Network Solutions, the world�s largest register.
The hackers manged to breach security by sending spoof e-mails to Network Solutions, pretending to be from the company concerned and requesting a change of address, said a spokesperson for Network Solutions, who declined to be identified.
The spokesperson said the chosen Web sites were hacked because they used the most basic level of online security � an automated process where the e-mail address of a user requesting a change of address is only checked against the e-mail address on record of the person authorized to make such a change,
By forging their e-mail addresses, the hackers fooled the automation into thinking they were authorized to make a change � and subsequently moved authority for the site to a Hotmail account.
The company does offer its users higher levels of security, the Networks Solutions spokesperson said.
Most of the prominent sites were back to normal today, and made no mention of the hacking. A few, like slovenia.com, still displayed the �Kosovo is Serbia� brand. Others, like eunet.com and yu.com, appeared to have been shut down altogether.
Jeffreys hoped the Web sites had learned a valuable lesson about security. �It shouldn�t be that simple to make the change,� he said.
http://abcnews.go.com/sections/world/DailyNews/hackers000414.html
-- Martin Thompson (mthom1927@aol.com), April 14, 2000