Reports are emerging that members of the hacker, or something because they don’t want to be called that anymore (from the IRC: To the idiot reporters: we’re not hackers), collective Anonymous defaced NASA in support of Wikileaks.
Category: Web Site Defacement
Shortly after President Obama’s State of the Union address, constituents visiting the web sites of Congressional representatives like Charles Gonzalez (20th District of Texas), Spencer Bachus (Alabama’s 8th District), and Brian Baird (Washington’s 3rd District) were presented with a defacement message from the Red Eye Crew that as of 4:10 am EST remains up on their web sites. All of the sites affected are in the house.gov domain, but not every congressional site in the domain is defaced.
Less than 24 hours from the last web site defacement, TechCrunch has been defaced again early this morning by the same cracker(s) responsible for yesterday’s attack. Whatever preventative measures were taken yesterday (WordPress upgrade, HTTP authentication for wp-admin) have not blocked the attacker’s access to modify TechCrunch’s content, as this morning the attacker left a profane message on top of the homepage for Michael Arrington as well as a few media outlets like Yahoo and the BBC. At this point TechCrunch should perhaps be ensuring that there is no uploaded shell on the server the site is hosted on.
TechCrunch, the popular blog founded by Michael Arrington in 2005 that profiles technology start ups with posts about their products and company news was the victim of a website defacement that has effectively taken the site down for a period of three hours at time of writing. The site initially went down a little after 1 AM EST with a message of “Hi” on the homepage, and for a while seesawed between coming back up, being newly defaced, and showing a “We’ll be back shortly” message.
At some time around 10pm on Thursday, users going to Twitter.com were served the page below with a banner reading “This site has been hacked by the Iranian Cyber Army”. Also, mowjcamp.org, a site for supporters of Mir-Hossein Mousavi Khameneh a candidate who ran against Mahmoud Ahmadinejad in the 2009 Iranian presidential election, has been serving a similar defacement since at least December 16th and continues to do so. The motive appears to be activism in support of Iran’s current Islamic regime. The attack vector was a bad actor using an id and password assigned to Twitter to log in to the administrative portal of managed DNS service provider Dyn.
It appears, according to the site defacement archive hosted at Zone-H, that on or around October 5th an NSA web site application was the victim of an SQL injection exploit resulting in a web site defacement. A web application loading a list of recruitment events at colleges was compromised on the careers section of nsa.gov.