Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Help save the whales, deface your favorite oil companies website!

Help save the whales, deface your favorite oil companies website!

by Majik on August 10th, 2001 Security at three Web sites operated by AOL Time Warner's [NYSE:AOL] Road Runner service was compromised Thursday. An attacker replaced the sites' usual home pages with a message about saving whales.


Defaced were the home pages of the cable-based Internet service's sites for users in Austin, Texas, and in Kansas City, as well as a site serving subscribers in Maine. All but the Kansas City defacement were still viewable this morning.



Officials from Road Runner, which serves more than 2 million subscribers in markets across the United States, are investigating the incident and had no immediate comment.



The attacker, who uses the nickname "TonikGin," posted a message at the Maine Road Runner site, which accused Exxon Mobil Corp. of endangering gray whales through seismic testing in Russian waters.



"Because of the testing, the whales can no longer eat, and will eventually die if no effort is made to suppress Exxon Mobil," said the attacker's message, which also directed readers to visit the homepage of Greenpeace for more information.



Exxon Mobil representatives were not immediately available for comment.



According to a scan of the compromised Road Runner sites, all were running version 4 of Microsoft's Internet Information Server (IIS) software. In a message left during a June defacement of a rehabilitation hospital for children in Ontario, Canada, TonikGin said he broke the site's security by exploiting a well-known flaw known as the IIS Unicode bug.



The scan, using a tool provided by EEye Digital Security, revealed that none of the sites is vulnerable to the attack exploited by the Code Red Worm.


The Road Runner defacements are the first attempt at "hacktivism" by TonikGin, who has defaced 157 Web sites since May according to records maintained by the Alldas defacement archive. Last month, the attacker left the following message after a defacement of a site called ActiveXTools.com: "I didn't know what to say for this defacement. There is nothing to say. I was just bored."



A mirror of the Maine Road Runner defacement is here: http://defaced.alldas.de/mirror/2001/08/09/ola.maine.rr.com


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »