Two websites belonging to MSN (Microsoft Network) in the United Kingdom, were defaced today by an attacker who goes by the nickname “DARK LORD“. It looks like someone who is unethically testing his SQL injection skills, and “feeding” himself with a false sense of pride, just by leaving the message “DARK LORD WAZ HERE”.
No. I am not a defacer psychologist. I am just expressing my personal opinion on the matter, which is this: If a website defacement doesn’t convey a meaningful message, then it is done for selfish reasons.
A bit of an embarassment for Microsoft’s sysadmins…
The cracker exploited an SQL injection vulnerability in the story.asp file and thus was able to deface the following websites:
http://whatinvestment.money.msn.co.uk Win 2003
http://personalfinance.money.msn.co.uk Win 2003
Screenshot of the defaced website (Click thumbnail to view it):
The most surprising thing – actually not very suprising, judging from past cracking incidents of Microsoft’s systems – is that the website remained defaced for more than 8 hours and the SQL injection vulnerability has not been fixed yet.
Screenshot (Click thumbnail to view it):
You can view the above website defacements and 2.092.360 – as for today at 23:00 GMT – archived digital attacks at Zone-H.org.