Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Hackers deface county Web site

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Hackers deface county Web site
Date: Mon, 13 Dec 2004 03:53:08 -0600 (CST) 
http://www.themonitor.com/SiteProcessor.cfm?Template=/GlobalTemplates/Details.cfm&StoryID=4697&Section=Local

December 11,2004 
Alma Walzer 
The Monitor 

EDINBURG - The official Hidalgo County Web site fell victim last
weekend to an international computer hacking group known by the names
of Dead_c0 de and Kernel_Attack, believed to be based in Brazil.

The hackers defaced the county's main page on or about Dec. 5 and
posted an obscene message directed at President George W. Bush, Osama
bin Laden, Saddam Hussein and the United States of America.

Using Portuguese and English, the group said "we are not kiddies, nor
are we nerds, much less hackers," according to the message on the Web
site's main page. "Kernel_Attack ownZ you."

It is not known exactly how long the message remained on the county
Web site, said county information technology director Renan Ramirez.

"Once we noticed it on Sunday night, about 10 p.m., we fixed it right
away," Ramirez said. "They creamed the main page and replaced it with
a "You've been hacked page."

"It didn't affect functionality, all we had to do was repair the main
page," Ramirez said. "By Monday morning, we were already posting jobs
and we really didn't even consider it a very big deal until we read
the message and realized it slandered the president."

The county's Web site doesn't have transactional capabilities,
therefore, there was no real threat to data, Ramirez said.

"We have hack attacks all the time," Ramirez said. "The Web site
allows the public to view the county phone directory, job postings the
commissioners court agenda and provides links to related sites. No
county data was compromised."

Hidalgo County is not alone.

A similar message appeared Friday on a Texas Southern University Web
site. The Department of Transportation Studies at TSU, located in
Houston, bore the same message without the obscenities to Bush, bin
Laden, Hussein and the United States.

A news service in the Philippines reported that the Philippine
Airlines Web site was hacked by a group that left the same signature
line "Kernel_Attack ownZ you " in November. The site used by air
travelers to reserve flights with their credit cards was crippled for
days.

Ramirez said he's required by county policy to report the issue to the
proper authorities.

The proper authorities include the FBI and the Secret Service.

Rosalie Savage, spokeswoman for the McAllen bureau of the FBI, said
she personally wasn't familiar with Dead_C0 de or Kernel_Attack.

The FBI's San Antonio office has a cyber crime squad that would
investigate the situation, Savage said.

"If it's valid information then FBI would look at it - and the Secret
Service as well, not just us," Savage said.

Meanwhile, Ramirez is working hard to make sure the Web site isn't
compromised again.

"We got approval on some requested equipment for next year," Ramirez
said. "We are specifically targeting these threats and getting some
detection equipment and a secondary firewall, and we're changing the
service provider.

"There are five or six different steps we're taking to prevent this
from happening again," Ramirez said.

Ramirez could have his work cut out for him, as no system is ever
considered 100 percent secure.

"Nothing is perfect," said Martin Streicher, editor in chief of Linux
Magazine. Linux is a computer operating system similar to Windows. The
hacker's message made a reference to Linuxmail.org. "There are varying
levels of vulnerability depending on what kind of computer you use -
its more of a software problem, but there are some hardware problems
as well."

Streicher pointed to previous cases of "war driving" in San Francisco,
Calif., where individuals drive around with laptops and wireless
internet access, looking for systems which are unsecure.

"Effectively, they open to door to anyone who wants to come in,"  
Streicher said. "There are tons of well known vulnerabilities in
Windows. Your Web server alone lets them know what your system is
vulnerable to," Streicher said.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Hackers deface county Web site, InfoSec News <=
Previous by Date:  [ISN] Hacker Gets 16 Months In Prison, InfoSec News
Next by Date:  [ISN] Information security: a legal perspective, InfoSec News
Previous by Thread:  [ISN] Hacker Gets 16 Months In Prison, InfoSec News
Next by Thread:  [ISN] Information security: a legal perspective, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]