Hackers attack their own kind
Staff Writer, CNET News.com
update On the opening day of its annual hacker convention in Las Vegas, somebody hacked DefCon's Web site.
"Can't make it to DefCon?" reads one entry. "No problem, Delta Airlines is willing to sell you expensive business class tickets for twice their value."
Jeff Moss, creator and producer of the DefCon event, took the hack good-naturedly.
"It's funny, it happens, I'm an unhappy client [of the service that hosts the page]", Moss told a press conference late this afternoon. "All we can tell is that ADM is a European hacker group. They weren't very malicious, they were cracking jokes and zapping me because the conference was held at place they couldn't come to."
The hacked page also spoofs the most anticipated news from the real event, tomorrow's scheduled release of a new version of Back Orifice.
"Cult of the Dead Cow will announces [sic] new remote administration tools for kids!" the bogus site claims. Back Orifice is a potentially destructive Trojan horse for opening security holes in computer networks running Microsoft's Windows NT operating systems.
"The president and vice president will be there for autographs and more," according to the hacked page, which links to the official White House Web site.
So far no one has publicly claimed responsibility for the hack, but a note in the page's HTML source reads: "This is an anonymous member of the ADM Crew. Well, I couldn't make it to DefCon this year, you know how expensive everything is these days...so sorry, but it looks like revamping this site was really too tempting for me."
The author adds what he or she calls the ADM motto: "You're lucky we're whitehats," which is a reference to being "friendly," not nefarious, hackers. There's also a hint of a German connection, citing the private annual ADM party in Berlin August 6 to 8.
A time stamp on the page indicates the hack was posted around 12:45 p.m. PT. As of 5:30 p.m. PT, the hacked version remained in place.
Moss said the hackers broke into the DefCon page about two weeks ago and compromised the Web server at the commercial hosting service where DefCon has had its page for five years. But the page wasn't changed until today.
"I'm not quite sure how it happened," Moss added, saying he was busy protecting the Web site for a parallel Black Hat show that just ended and didn't guard his own site.
The hacked ADM Con page indicates it will soon be mirrored at Attrition.org's hacked Web pages archive, to be retained for posterity.