In what appears to be a mass defacement, where several hundred domains take advantage of a shared hosting provider, starting as of this Friday, an Islamic hacker known as nEt^DeViL -- this is not the NetDevilz team that hijacked the DNS records of the ICANN and Photobucket in June -- managed to successfully hack a couple of hundred Dutch web sites as a hacktivist response to the release of the Fitna film, a controversial film released by Geert Wilders, a member of the Dutch parliament in March, 2008.
How did they do it? Since all of the sites are parked on a single IP (220.127.116.11) owned by the Geenpunt.nl hosting company, compromising it means having the ability to compromise the content on all the domains hosted there, which is exactly what happened in this case.
The message they left is still active at most of the sites :
"Anti-Fitna ( Response to the Fitna Movie by 'Geert Wilders' Cow ! ) This hax0ring is to defend ISLAM - The Religion of [ Abraham, Moses, Jesus & Muhammad ( Peace Be Upon Them All ) ] that Insulted by a Cow ! from Netherlands ! Show Some Respect ! so , I can Leave you in Peace ! [ You've Started it ! ] , I don't have problems with your site but, that what Geert Wilders Cow! chose for you ;) If you think that " Insulting GOD Religion is a Freedom of Speech as your country did , then allow me to show you my Freedom knowledge of Hacking ;) "
aB0 m0h4mMed .. for the Old Times Greets & Peace to my Brothers. Abu_Zahra[My Best friend ] ? Saudia_Hacker ? Abu Lafy ? DeadLine , DosMan & b0hAjEr [ Q8Crackers Crew ] ? Yanis ? Broken-Proxy ? Eddy_BAck0o ? Mianwalian & ZeRo from [#WHACKERZ ] ? SaveChanges[ PHA ] ? FBH Crew ? Apocalypse ? PaKBrain ? DaVenjah! ? BrEakerS ? Red Devils Crew[ Saudi|x ] ? by_emR3 , Kerem125 , Gsy & Alemin Krali [ Gr347 7urk15h |3ro7h3r5 ] ? sys-worm(turkish) ? F10 ? ZombiE_KsA ? xOOmxOOm firstname.lastname@example.org"
Naturally, this isn't the first time Islamic hacking groups attacked web sites belonging to a particular country that somehow offended their beliefs. For instance, in 2006, the same mass defacements took place on over 600 Danish web sites in response to the Mohammed's cartoons released in local newspapers. This hacktivist approach of spreading propaganda isn't necessarily a full-scale cyber war, it's an example of information warfare aiming to reach as many Dutch Internet users as possible due to the apparently insecure web hosting provider that they are all using.
Pure hacktivism isn't dead, as compared to previous web site defacement analysis where the people behind them were multitasking by also hosting malware, phishing and blackhat SEO junk pages on the compromised servers, in this case they only defaced the main pages. However, what pure hacktivism turned into today, consciously of subconsciously, is the propaganda division of an information warfare unit, where given the hundreds of thousands of easily detectable insecure sites within a particular country's Web, this political propaganda can easily turn into a large scale malware attack.
As in real life through, the real cyber conflicts usually start due to such provocations where a single group or a script kiddie's actions can cause a lot of damage if that's what they want to achieve at the first place.
- Pro-Serbian hacktivists attacking Albanian web sites
- 300 Lithuanian sites hacked by Russian hackers
- Georgia President’s web site under DDoS attack from Russian hackers
- Coordinated Russia vs Georgia cyber attack in progress