'flipz' may have entered the annals of hacker history by becoming the first person to deface an MS Web page.
Earning a footnote in the annals of computer vandalism, a lovesick hacker known as "flipz" on Tuesday became the first person known to have defaced one of Microsoft Corp.'s Web sites. The hacker, who also altered a handful of government Web sites in recent days, says he expects to be arrested soon. "Its (sic) all about fun till the feds bust down the door," said a message left on one of the defaced Web sites.
A Microsoft spokesman said early Tuesday that he was unable to confirm the attack on the company's Conference Management Server site, but the defacement was documented by attrition.org, a reliable computer security site that maintains an archive of hacked Web sites. (MSNBC is a joint-partnership between Microsoft and NBC News.)
Representatives of two government Web sites hacked by "flipz" -- the Department of Veterans Affairs and the White Sands Missile Range in New Mexico -- confirmed that attrition.org’s account of the vandalism of their sites was accurate.
Part love note, part threat
On Monday, the hacker replaced Microsoft's Conference Management Server home page, which was not accessible Tuesday morning, with a message that was part love letter and part threat, attrition.org reported.
"flipz was here and f0bic, your seksi (sic) voice helped me through the night," it read in part before concluding with a threat against Microsoft CEO Bill Gates.
B.K. DeLong, curator of the attrition.org Web defacement archive, said research of other hacking mirror sites -- which use a computer's "screen grab" function to document vandalized Web sites -- indicates that this is the first time Microsoft has been victimized.
"This is the first time that we've been publicly notified (about a hacking claim against Microsoft) ... and to build our mirror we borrowed mirrors from other sites," he said.
All of the recent hacked pages were accessed through Microsoft NT servers, attrition.org said.
Other sites affected?
The hack appeared to impact a series of Internet domains Microsoft maintains outside its standard corporate presence on the Net. As of Tuesday morning, at least six sites registered to Microsoft weren't functioning, though some may have been removed prior to the hack.
While most Microsoft corporate site IP addresses start with 207, the hacked page started with 131. On Tuesday, all Microsoft sites between 220.127.116.11 and 18.104.22.168 weren’t functioning. These likely were all hosted on the same server, which apparently was offline.
The impacted Web pages appear to be conference information sites, including "icassp.microsoft.com," "isys.microsoft.com," and "cuai-97.microsoft.com." Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known.
A prominent target
Microsoft has long been a prominent target of hackers. The 2600 Web site, the online home of a hackers' magazine, has the Redmond, Wash., company prominently listed on a page of "Hacked Sites of the Future."
But DeLong said he wasn't aware of any competition to break into Microsoft's computers.
"I haven't really heard people saying, 'Ooh, I'm going to hack Microsoft!' Part of it may be that they think they can't get in or ... that they fear retribution from Microsoft," he said.
DeLong said "flipz" first came to his attention in March, when he reported he had hacked a Web page operated by NASA's Jet Propulsion Laboratory. The hacker added attacks on Duracell Corp. in June and People's Bank of Connecticut in September to his resume before the recent spate of attacks, which began Wednesday.
According to attrition.org, "flipz" altered the University of California at Riverside Police Department's Web site that day before turning to government targets, knocking off, in rapid succession, the home pages of the U.S. Army Reserve Command, the White Sands Missile Range, the U.S. Army Dental Care System, the Navy Management System Support Office and the Department of Veterans Affairs.
The love notes that "flipz" left on two of the defaced sites suggest that the hacker has a crush on a fellow computer intruder.
The person known as "f0bic" is a member of "Team Spl0it," a hacking group that retaliated for the FBI's arrest in September of alleged hacker Chad Davis by vandalizing several Web sites.
Davis, a 19-year-old Green Bay, Wis., resident, is accused of breaking into a U.S. Army computer at the Pentagon. According to a federal complaint filed at the time of his arrest, Davis is a founder and leader of the "Global Hell" hacking group, which vandalized Web sites of the White House, FBI and U.S. Senate Web sites earlier this year.
The FBI did not respond to a query about whether "flipz" hacking attacks were under investigation, but DeLong said the hacker expects to be arrested before long.
"flipz said he doesn't care if the feds come and get him," DeLong said. "He's expecting to get picked up, but he's going to have fun while he's waiting."