Korea: Hacker Defaces 720 Web Sites

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

Hacker Defaces 720 Web Sites - Update By Adam Creed, Newsbytes SEOUL, KOREA, 18 Sep 2000, 8:41 PM CST At the weekend, a hacker broke into an Internet-connected computer server and defaced Web sites hosted at over 720 domain names on an apparent learning exercise.

Some of the sites remained defaced on Monday morning, with an anti-racism message left by the hacker, who calls himself "piffy."

Piffy belongs to an Internet-based group known as the RootShellHackers. On the group's Web site, at http://www.8op.com/rsh/ , its members are described as Unix and computer security programmers.

"Not all of RootShellHackers deface as some people might have noticed," reads the description. "We all enjoy programming and nix based security. Most of us have been into computers and security for under two years."

The site claims piffy defaced over 720 domains in the one night. The server compromised appears to be host to a large number of small Korean Web sites. Sites defaced included: igames.co.kr, ijusikhoesa.co.kr, ijuso.co.kr, imalls.co.kr and inchoncity.co.kr.

Late on Monday, piffy - who would not reveal any more details about himself to Newsbytes apart from implying he was thirteen years old, confirmed he hit the hosting company.

Asked why the mass defacement was carried out, he said: "I do this a. for learning (sounds stupod ehh?) and b. to get a message out (in this event it was racism)."

According to piffy, the target was originally only www.kkkk.com . When the hosting company was found to host a large number of sites, he decided to plaster his message across them all.

Piffy claims he only altered the Web server logs and index.html files of each Web site and patched the security hole - "for the admin" - that allowed him to exploit the Web server after defacing the sites.

He did not seem to be concerned about being traced by authorities - "I took steps to prevent this and cleared log files and didn't connect from my own box," he told Newsbytes, via e-mail.

"Theres always the risk I will get caught. But I do this for a reason I strongly believe in, and if the feds think that it is all that important to track a 13 year old kid down for defacing some Web sites (which I did no harm to besides the logs and the index html) so be it. More waste of tax payers money."

But he added: "I think most likely they will pass this case up considering it was based in Korea (I think... and hope)."

http://www.newsbytes.com/pubNews/00/155368.html

-- Martin Thompson (mthom1927@aol.com), September 18, 2000


Moderation questions? read the FAQ