Hacker "Pimpshiz" said Wednesday he has exploited a bug in Windows NT to deface five dozen Web sites in the past two weeks, including NASA and the French national library.
The as-yet-unidentified hacker is not telling anyone what the undocumented exploit is, possibly saving his ammunition for a fourth wave of attacks hinted at in messages sent to various news agencies. Some of his victims said they've tracked Pimpshiz down in chat rooms, where he's been bragging of his exploits, and engaged him in conversation. But none have been able to shake loose any more information about his methods.
He wrote in a series of emails to ZDNet News that hacking the sites was easy and he was able to exploit "obvious" holes.
"I am doing this to get what I think is the right thing... out to more people," he wrote. "Maybe others who don't even use Napster [such as myself] will even realize what is going wrong here."
The hacker left a calling card on each site: a pro-Napster screed about Metallica, who have sued the file-swapping site, and the recording industry which is suing Napster. Pimpshiz also left his email address so Web masters could learn how to undo his hackings.
A Microsoft spokesman was not immediately available for comment. And Napster had no immediate comment on the hackings. "I don't like what they are doing to Napster," the hacker wrote in an email, which stressed that he was acting independently of the music-sharing site.
"They" are the Recording Industry Association of America, which has sued Napster over alleged copyright infringements. Last month, a federal appeals court stayed an injunction that would have effectively shut down Napster. The company has until Friday to file a brief explaining why the temporary stay should become permanent. The FBI is investigating the Web attacks, an agency spokesman said.
The hacker apparently began by defacing a series of TV Web sites, including one for The Martin Short Show. The second wave of attacks included automobile manufacturers, such as Honda's site in the UK, and various banks.
The third latest wave of attacks apparently included more TV Web sites, such as The Odyssey Channel. Pimpshiz also claims to have defaced four different sites operated by the company 800-Shoes.
Take me to Hackers