[ISN] Hackers deface county Web site

From: InfoSec News (isn@private)
Date: Mon Dec 13 2004 - 01:53:08 PST


December 11,2004 
Alma Walzer 
The Monitor 

EDINBURG - The official Hidalgo County Web site fell victim last
weekend to an international computer hacking group known by the names
of Dead_c0 de and Kernel_Attack, believed to be based in Brazil.

The hackers defaced the county's main page on or about Dec. 5 and
posted an obscene message directed at President George W. Bush, Osama
bin Laden, Saddam Hussein and the United States of America.

Using Portuguese and English, the group said "we are not kiddies, nor
are we nerds, much less hackers," according to the message on the Web
site's main page. "Kernel_Attack ownZ you."

It is not known exactly how long the message remained on the county
Web site, said county information technology director Renan Ramirez.

"Once we noticed it on Sunday night, about 10 p.m., we fixed it right
away," Ramirez said. "They creamed the main page and replaced it with
a "You've been hacked page."

"It didn't affect functionality, all we had to do was repair the main
page," Ramirez said. "By Monday morning, we were already posting jobs
and we really didn't even consider it a very big deal until we read
the message and realized it slandered the president."

The county's Web site doesn't have transactional capabilities,
therefore, there was no real threat to data, Ramirez said.

"We have hack attacks all the time," Ramirez said. "The Web site
allows the public to view the county phone directory, job postings the
commissioners court agenda and provides links to related sites. No
county data was compromised."

Hidalgo County is not alone.

A similar message appeared Friday on a Texas Southern University Web
site. The Department of Transportation Studies at TSU, located in
Houston, bore the same message without the obscenities to Bush, bin
Laden, Hussein and the United States.

A news service in the Philippines reported that the Philippine
Airlines Web site was hacked by a group that left the same signature
line "Kernel_Attack ownZ you " in November. The site used by air
travelers to reserve flights with their credit cards was crippled for

Ramirez said he's required by county policy to report the issue to the
proper authorities.

The proper authorities include the FBI and the Secret Service.

Rosalie Savage, spokeswoman for the McAllen bureau of the FBI, said
she personally wasn't familiar with Dead_C0 de or Kernel_Attack.

The FBI's San Antonio office has a cyber crime squad that would
investigate the situation, Savage said.

"If it's valid information then FBI would look at it - and the Secret
Service as well, not just us," Savage said.

Meanwhile, Ramirez is working hard to make sure the Web site isn't
compromised again.

"We got approval on some requested equipment for next year," Ramirez
said. "We are specifically targeting these threats and getting some
detection equipment and a secondary firewall, and we're changing the
service provider.

"There are five or six different steps we're taking to prevent this
from happening again," Ramirez said.

Ramirez could have his work cut out for him, as no system is ever
considered 100 percent secure.

"Nothing is perfect," said Martin Streicher, editor in chief of Linux
Magazine. Linux is a computer operating system similar to Windows. The
hacker's message made a reference to Linuxmail.org. "There are varying
levels of vulnerability depending on what kind of computer you use -
its more of a software problem, but there are some hardware problems
as well."

Streicher pointed to previous cases of "war driving" in San Francisco,
Calif., where individuals drive around with laptops and wireless
internet access, looking for systems which are unsecure.

"Effectively, they open to door to anyone who wants to come in,"  
Streicher said. "There are tons of well known vulnerabilities in
Windows. Your Web server alone lets them know what your system is
vulnerable to," Streicher said.

Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/

This archive was generated by hypermail 2.1.3 : Mon Dec 13 2004 - 03:01:47 PST