[ISN] Defacement archive Zone-h gets defaced

From: InfoSec News (alerts@private)
Date: Tue Jan 23 2007 - 22:21:26 PST


http://www.theregister.co.uk/2007/01/23/zone-h_defaced/

By John Leyden
23rd January 2007

NSFW -- Defacement archive Zone-h.org has become the victim of a domain 
hijack attack.

Initially we thought the site had been defaced, however Zone-h 
co-founder Roberto Preatoni has been in touch to explain that its DNS 
settings were illicitly changed to point at a site carrying a "screw 
you" message, posted by a gang of defacers from Saudi Arabia.

"The website wasn't technically hacked, the attacker gained instead 
access to the registrant authority admin panel through which zone-h was 
registered and from there they changed the DNS settings, redirecting the 
domain name to a different IP. This IP connected a webserver mounting 
the defacement page," Preatoni explained.

The DNS settings of the site have been set back to their original values 
which will allow surfers to visit zone-h.org as normal after the correct 
values propagate across the internet, a process that can sometimes take 
a few hours. Undoing the unauthorised changes took 48 hours, a length of 
time Preatoni blames on the time it took its registering authority to 
analyse the problem.

Zone-h has been active in chronically politically motivated hacks by 
Islamic hackers, and others, in the past. This might have provided the 
motive for the attack. On the other hand the assault might simply have 
been conceived as a means to gain kudos in the digital underground by 
its perps, Devil Hacker & Unix Web.

Zone-h has been the target of defacement attacks before. From time to 
time other defacement archives have been subject to denial of service 
attacks. So the latest attack on Zone-h, by far the best known 
defacement archive, doesn't come as a tremendous surprise.

Preatoni said Zone-h was taking the latest attack on the site in its 
stride since the purpose of Zone-h is to show that the "internet is 
insecure and unsecurable".


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Tue Jan 23 2007 - 22:31:03 PST