[ISN] NASA sites hacked, Zone-H says

From: InfoSec News (isn@private)
Date: Thu Dec 18 2003 - 03:24:29 PST

  • Next message: InfoSec News: "[ISN] CanSecWest/core04 Really Really Last CFP"

    http://www.computerworld.com/securitytopics/security/cybercrime/story/0,10801,88348,00.html
    
    by Linda Rosencrance 
    DECEMBER 17, 2003
    COMPUTERWORLD 
    
    Thirteen NASA Web sites were defaced this morning by a Brazilian crew
    dubbed drwxr, according to a statement from Zone-H, an organization
    that monitors hacking.  Zone-H said the defacer apparently modified
    the index pages on the sites to express his opinion about the war,
    leaving the message "The war in iraq, kill is a play!" and linking to
    a CNN video showing U.S.  soldiers killing an Iraqi and cheering.
    
    The main NASA Web site, www.nasa.gov, did not appear to be among those
    hit by the attack. It was still available today online.
    
    Zone-H, citing Netcraft Ltd., a British Internet consultancy, said the
    sites were running the Apache 1.3.27 Web server with PHP (an
    open-source scripting language often used to create dynamic Web pages)  
    and several Apache modules on a Linux system.
    
    "We can suppose that the server was remotely compromised using a
    vulnerability in a PHP script, then the defacer probably gained root
    privileges using the local root exploit for the Linux kernel 2.4.22
    [and earlier] published by iSEC Security Research last week."
    
    Zone-H posted an example of the defaced pages at its site.
    
    NASA officials could not be reached for comment this afternoon. But it
    appeared that the agency has taken the Web sites down, as they were
    not available.
    
    The hacked NASA Web sites include its Computing, Information and
    Communications Technology Program site, www.cict.nasa.gov; the NASA
    Advanced Supercomputing Division (Numerical Aerospace Simulation
    Systems Division), www.nas.nasa.gov; the NASA Information Power Grid,
    www.ipg.nasa.gov; and the NASA Research & Education Network,
    www.nren.nasa.gov.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Dec 18 2003 - 05:45:26 PST