[ISN] Hackers penetrate America Online's ICQ Web servers

From: InfoSec News (isnat_private)
Date: Tue Jun 26 2001 - 23:56:51 PDT

  • Next message: InfoSec News: "[ISN] [defaced-commentary] Alldas.de Defacement Mirror .. Defaced"

    June 26, 2001
    Two servers for the instant messaging service ICQ were cracked
    yesterday, defacing at least one Web page.
    Dulles, Va.-based America Online Inc., which owns the ICQ instant
    messaging service, said the problem was quickly resolved and no user
    data was compromised. The ICQ service is interoperable with AOL's
    proprietary service, AOL Instant Messenger.
    Security monitoring site Attrition.org posted: "On June 25, 2001, two
    machines on ICQ's network were compromised and the Web pages defaced.
    These defacements lead us to wonder if other parts of the network were
    compromised, possibly allowing access to private ICQ messages,
    subscriber database or more."
    A hackers group called MiH, or Men in Hack, compromised the ICQ
    "The first machine compromised was the ICQ homepage used to search the
    ICQ network and user base," according to an Attrition advisory
    released yesterday. "The second machine compromised serves an unknown
    purpose. Originally defaced by MiH, the page is currently defaced by
    Silver Lords and has no indication of the original content."
    AOL, in an e-mail response to a query about the attack, said it was
    aware of one community page on www.icq.com that had been altered,
    adding that the defaced page was one of 20,000 pages. The problem was
    resolved with a security patch, AOL said.
    "There was no user account impact whatsoever, and no user information
    was at any time compromised," AOL said in the statement.
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Wed Jun 27 2001 - 00:11:29 PDT