Category ArchivePersonal Opinions
Through the following post I am not purposing to influence you to start defacing, but to briefly give you a better understanding of how and why it is done.
Almost everyday I visit Zone-H’s archive of special digital attacks, I find that at least 1 or 2 attacks were done against US governmental web servers. The domain suffix of the defaced websites was *.gov. Does this fact means that they are totally secure? I don’t think so… Obviously the web servers may host very confidential data. In this case the web server administrators seemed to have allowed threats against governmental assets. Any unwanted consequences that a breach of security can lead to, are mainly caused by the irresponsibility and lazyness of system administrators and web developers.
Everyday, the security of many high-profiled governmental, military, educational and corporate websites, is broken into by crackers who deface them. Although some defacers protest against wars and other just send greets to their cyberdudes, I believe that their true motive is to get to the top of the lead in “special” defacements. The defacers don’t want to admit this as the real reason for their attacks.
Two websites belonging to MSN (Microsoft Network) in the United Kingdom, were defaced today by an attacker who goes by the nickname “DARK LORD“. It looks like someone who is unethically testing his SQL injection skills, and “feeding” himself with a false sense of pride, just by leaving the message “DARK LORD WAZ HERE”.
No. I am not a defacer psychologist. I am just expressing my personal opinion on the matter, which is this: If a website defacement doesn’t convey a meaningful message, then it is done for selfish reasons.
A bit of an embarassment for Microsoft’s sysadmins…
Since I read the news about the recent defacement of the digital attacks archive Zone-H.org, many people have commented on how “professional” the Saudi Arabian defacers were. I strongly disagree… They were very “unprofessional” kids.
Just one confused kid who praises the devil – Devil Hacker – with his fellow pal Unix Web. Both from Jeddah in Saudi Arabia.
Students with too much time on their hands. They proved that they can use a basic backdoor, change the DNS and use the exploits that come together with some security advisories.
US government websites are under the spotlight of muslim cracking groups who protest against USA – this is what they claim as an attack reason. Since the 2nd of January, 17 US governmental websites were defaced, from which 9 were defaced by means of SQL injection.
What seems obvious to me – after viewing most of those defacements on the Zone-H digital attacks archive – is that their motives are not fully justified. Most of these crackers – better say “script kiddies” – are using publicly available exploits for known vulnerabilities, and by applying logic on how to use them, they succeed in the end at gaining access on webservers.
The fact that the attacked webservers belong to the US government, doesn’t necessarily mean that there is adequate security implemented.