kevin mitnics site got hacked & defaced

[DLSS]

kevin mitnics site got hacked & defaced

source eweek -> http://news.com.com/2100-7349_3-6108032.ht...2&subj=news

mirror of the defacement

http://www.zone-h.org/index2.php?option=co...&id=4642075

Kevin Mitnick Web site hacked

Famed security consultant has tables turned on him when a hacker attacks his site, posts a vulgar message.

By Joris Evers

Staff Writer, CNET News.com

Published: August 21, 2006, 6:40 PM PDT

Tell us what you think about this storyTalkBack E-mail this story to a friendE-mail View this story formatted for printingPrint Add to your del.icio.usdel.icio.us Digg this storyDigg this

Instead of the usual description of Kevin Mitnick, his consulting services and books, the famed hacker's Web site on Sunday displayed a vulgar message.

Online vandals, apparently operating from Pakistan, broke into the computer hosting Mitnick's Web site on Sunday and replaced his front page with one of their own. As a result, four Web addresses belonging to Mitnick, including KevinMitnick.com and MitnickSecurity.com, displayed an explicit message on Mitnick and hacking.

"The Web hosting provider that hosts my sites was hacked," Mitnick told CNET News.com in an interview Monday. "Fortunately, I don't keep any confidential data on my Web site, so it wasn't that serious. Of course, it is embarrassing to be defaced--nobody likes it."

Mitnick's name is synonymous with "notorious hacker" for many. He was caught by the FBI in 1995 after a well-publicized pursuit and spent five years behind bars for wire and computer fraud. Today, he is a consultant, has written two books, and spends much of his time on the road at speaking engagements.

Mitnick heard out about the defacement on Sunday afternoon, shortly after the initial compromise, he said. The attackers gained complete control over the server that hosts his site as well as others at hosting provider Hostedhere, Mitnick said. It is common that hosting companies store multiple customers' Web sites on one server.

"The attackers from Pakistan took over that whole box. There were a whole bunch of customers, including myself, but my site was the only one defaced, so I was probably the target," Mitnick said. The server was taken offline to be reinstalled, Mitnick said. The Web site was still offline as of late Monday afternoon Pacific Time.

Web site defacements still occur, but they have become less high profile in recent years as financially motivated threats take the spotlight.

The message placed on Mitnick's Web site started with: "ZMOG!! THE MITNICK GOTZ OWNED!!" and continues with expletives and a picture of Mitnick with some modifications. Security Web site Zone-H first reported the hack on Monday and has screenshots of the replaced Web pages.

Defacing Web sites is akin to graffiti in the brick-and-mortar world. "It is kind of stupid; they do it for the attention," Mitnick said. "When I was a hacker, I never stooped to defacing sites because that was more like vandalism; that wasn't any fun. It is more about getting in and being stealth and looking around and exploring."

So far, Mitnick doesn't know how the server containing his Web site was compromised. He plans to investigate that at a later time. It could be that a security flaw on one of the other Web sites that was hosted on the same server gave the attackers a way into Mitnick's portion of the machine, he said.

"When you're with Web hosting companies, your security is as good as theirs. You just have to live with that," Mitnick said. "When you want to raise the bar, you have to set it up yourself. I don't have the time to maintain a Web site."

Hostedhere, Mitnick's hosting provider located in Greenville, S.C., did not immediately respond to an e-mail seeking comment.

"They do a good job. I don't think they're insecure," Mitnick said, adding that he would switch Web hosting providers only if his site gets hacked continuously.

This isn't the first time that a Mitnick Web site has been defaced. Three years ago, a site set up by Mitnick's supporters was repeatedly hacked. Mitnick did not operate those sites. He was not allowed to use computers at that time as part of the terms of his supervised release from prison, he said.

[PoyBoy]

thats one poop-pile of a photoshop job!!!

[VaKo]

If anyone ever hacks anybody, and you want a decent photoshopping, not this hatchet job, call me.

[moonlit]

That's right folks - personalised art just for your hacks, e-grafitti and defacings!

At a low low price of $199.99 per image, we can send you a mutated picture of the logo orimage that represents the site you're hacking!

So remember, when you're tearing in to that next website, don't forget to call our dedicated 24/7 hotline on:

1800-555-VAKO!

Image may or may not be related to you, your site or the site you are hacking. Images may be in monochrome unless you surrender your pet ferret and give me back that tire-inflator you borrowed last year. Products may not be safe for human consumption, use as a frisbee or to hold up tables with odd shaped legs. You may lose your home if you do not keep up repayments and there is a minor risk we'll take it anyways. Arrest is not unusual as a result of defacing websites, so you never met us, we don't know who you are and we've never heard of your friend either. Thank you, good night.

[manuel]

lol @ moonlit probably one of the best posts ive seen yet :)

[leetabix]

I think whoever defaced mitnick's website is a tad sad. I could make a lot of jokes here, but it's a bit wasted on someone who's already shown themselves to be a knobber.