[ISN] 'Eddie Murphy' Hackers Demand Ransom From Rock Band

From: InfoSec News (isnat_private)
Date: Mon Mar 11 2002 - 22:41:55 PST

  • Next message: InfoSec News: "[ISN] The Secret Service's Bob Weaver on Preparing for the New World Disorder"

    By Brian McWilliams, Newsbytes
    11 Mar 2002, 10:45 AM CST
    A group calling itself "Hackers for Eddie Murphy" posted a ransom note
    Sunday on the front door of the Web site operated by Colorado-based
    rock band The String Cheese Incident.
    According to the defacement, which appeared to be a tongue-in-cheek
    hoax, the hackers demanded a payment of $1 million for the return of
    the site's servers "to their normal state of well being."
    The attackers' message, which was still viewable this morning, said
    they would use the money to "jump start" production of "Beverly Hills
    Cop 4," another sequel to Murphy's 1984 movie. "Beverly Hills Cop 3"  
    was released in 1994.
    The String Cheese Incident (SCI) is a group of former ski bums that
    has become Colorado's favorite band, according to the
    Stringcheeseincident.com Web site. The group's music is reminiscent of
    that of the Grateful Dead.
    SCI representatives were not immediately available for comment.
    The defacement instructed SCI site operators simply to leave the
    million dollars "at the corner of the Oak and Fifth" but did not
    specify the city. The attackers did not leave any contact information.
    The Web site, which appeared to be hosted by a Boulder-based Internet
    service provider named Indra's Net, is running the Apache Web server
    on the Red Hat Linux operating system.
    The Stringcheeseincident.com server appeared to be using a vulnerable
    version of the WU-FTPD file transfer program. According to a November
    2001 advisory from the Computer Emergency Response Team, WU-FTPD
    version 2.6.1 contains a security hole that could allow remote
    attackers to take control of the server.
    Aside from the main page, the rest of the SCI site pages appeared
    untouched. An online ticketing section, as well as a merchandise area,
    appeared to be hosted on separate servers.
    The SCI site was the first defacement by Hackers for Eddie Murphy,
    according to records maintained by the Alldas defacement archive.
    The String Cheese Incident site is at
    A mirror of the SCI defacement is at
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Mar 12 2002 - 01:52:03 PST