In November 16, 2001, Saturday, a group of so-called "white hat" Filipino hackers called Asian Pride launched a series of attacks on several local websites. The hackers, who apparently are based outside the Philippines, claim they are out to teach Filipino local Internet service providers (ISPs) a lesson in Internet security.
Calling it "the 4 o Clock project," Asian Pride, which claims to be composed of Filipino freelance security enthusiasts, was allegedly able to intrude into the servers of local ISP Mosaic Communications Inc (MosCom), uploading executable programs that would eventually modify a website’s main page.
White hat hackers claim that they are not out to cause any damage, but only hack into systems to test vulnerabilities.
Jerry Liao, operations manager of local portal Brainshare Online at www.brainshare.com.ph, claimed that they were among the first to report the incident to MosCom administrators on Saturday morning. A mirror of the defaced website is at http://www.expressions.com.ph/img/10101/asianpride/www.brainshare.com.ph.htm.
Apart from Brainshare Online, dcoder claimed that the group also defaced the website of broadcast giant ABS-CBN.
For his part, Liao said that they detected problems around 7:30 a.m. on Saturday.
According to Liao, Brainshare Online was restored around 7:45 a.m. that day, but at around 9 a.m. he received error messages, as the server could not be accessed.
In a separate interview, Robertson Chiang, vice president for technology of MosCom, said that the ISP decided to direct surfers to another server after getting reports of the hacking incident on Saturday.
"It was only an attack on one machine. It was an old one where we host a few dozen clients," Chiang said.
Asked how the hackers were able to get into the server, he said that considering it was an "old Unix machine," they were not able to patch security holes.
"It was partly our fault," he added.
Liao said that MosCom was able to restore "normal" operations between 6 to 7 p.m. on Saturday.
"The server was completely reformatted using a new system that already includes the security patches," Chiang said.
MosCom is now conducting an inventory of all its servers, to check if similar security problems exist in the "new" systems.
"It’s been a long time, I hope you can wake those arrogant administrators, specially those with PH-CERT (Philippine Computer Emergency Response Team). We tried to warn and help them on securing (local) websites, but they just laughed at us and ignored us," the hacker codenamed dcoder told INQ7.net via e-mail.
"So my fellow haxor keech of FDN [Filipino developers network] organized a Project called 4'Oclock, where we will be defacing all ph sites, to give this administrators a wake up call.
"Well I can't explain much right now, but if you read all the messages on the selected defacements, it might give you an idea on what we are fighting for," dcoder added.
In the mirror of the defaced Brainshare Online website, Asian Pride explained:
"The 4 o Clock project is a system composed of Filipino freelance security enthusiasts that aims to disseminate the importance of Information security here in the Philippines. This team has conducted a survey, scanning random (website) hosts and informing the people (Internet service provider administrators) about (problems). (We then) encourage them to fix their servers. We have no intention, however, of destroying, and/or hijacking information, ... We are not paid to do this."
Liao somehow agreed. He observed that while the hackers were able to "penetrate" MosCom’s servers, they did not delete or destroy any files.
The hackers uploaded programs (executable files) that will only run when a website administrator begins uploading the new main page (index) into the server. The program blocks anyone from uploading into the server, but prompts the user to download a new file, which includes a message explaining the purpose of the defacement.
Liao, however, said that the hackers also offered the option not to accept the new file. "It sort of gives you permission to delete the files," he added.
Asian Pride claimed that "more than 90 percent of (MosCom’s) servers can be exploited through common vulnerabilities, therefore jeopardizing the security of their clients as well as their office."
The group said that they have warned administrators of MosCom of vulnerabilities, "but were just subjected to insult, despite their professional approach."
"They scorned us with their witty remarks, bragging about their degrees, and that we knew less. So what did they accomplish? Absolutely nothing productive," the group added.
Local websites hit by hackers were hosted at the virtual server with the address at kenshin.mozcom.com.
The list of websites that the group claimed to have attacked on Saturday may be seen at http://www.expressions.com.ph/img/10101/asianpride/kenshin.mozcom.com.txt and http://www.expressions.com.ph/img/10101/asianpride/.
"This ain’t no kiddy games, and were ain’t your average script kiddies. We broke into these sites not randomly, but we targeted specific sites, specially those sites that are 100% secure..." Asian Pride said.
The hackers are out to target other Philippine ISPs, and dcoder claimed that the next victim might be PhilOnline.
MosCom’s Chiang, however, insisted that these hackers are only script kiddies.
Other alleged members of the group include "sch1z0phr3n1c," "jollogs," "jayv[ee," "marcster," "batusai_slasher," and "keech."
http://progsystem.free.fr/hackingnews.htm#Hackers%20launch
Feel free to share it!
0 comments:
Post a Comment