Skip to comments.Somebody from the left has hacked CYNDISLIST.COM
Posted on 02/03/2005 9:44:30 PM PST by FUMETTI
Hey genealogy lovers:
The far left foreign loonies with a bad translator have hacked a non-political site, CYNDISLIST.COM...a genealogy site.
What is this world coming to when a site for genealogy lovers needs to be defaced?
This is the real imagen of the society
This is my protest, this is my scream...you cannot close your eyes.The world have big problems and you wanna be more one?
This hacker or hackers are just pathetic
It is actually hilarious how bad this punk hacker's English skills are, or he/she needs a better translator than bablefish.com
Sounds like one of the South Korean farmers on Lineage II got bored.
Boy this is going to be a weird night!
I second that hunch! ;-)
"ALL YOUR FAMILY TREES ARE BELONG TO US!!!"
Maybe the hackers thought Cynidislist.com was the VRWC's version of the Left's Emily's List.
If you click the image on the defaced web page, it links to a site in Brazil.
I wonder what that site is, when translated. This is getting more bizarre by the second!
Cyndislist is an old timer of a site, remarkably useful and used, and genealogy is one of the best reasons ever to even have the internet (besides FreeRepublic, email, and porno). I'm sure that was all part of Al Gore's plan when he invented it. ;')
I not sure if Babelfish does Portuguese-to-English.
< font color="#FFFFFF" face="Arial
Black" >This is the real imagen of the society < /font >< /p > < p align="center" >This is my protest, this is my scream...you cannot close your eyes.The world have big problems and you wanna be more one?< /p >
< /body >
< /html >
With the exception of the "Main Index" link, all the other links appear to be in good working order.
These hackers have been busy.
200 SA sites defaced
BY DAMIAN CLARKSON, ITWEB JUNIOR JOURNALIST
[Johannesburg, 31 January 2005] - A group of hackers has compromised nearly 400 sites, half of which were local.
The sites were hacked either late last night or sometime this morning by the Infektion Group, says Dino Covotsos, owner of local security company Telspace. In total, there were 397 defaced, of which around 200 were on a local server and had South African domains.
The compromised sites feature a picture of a young child and the message: This is the real imagen of the society. Greetz: Augusto( É nois aqui de novo ), Naiana, Podres and all the peaple that I Know.
The tysica.co.za site is one of around 200 local sites to be defaced by the Infektion Group hackers.
A recent check showed most sites still appear to be compromised.
It is highly unlikely the server was specifically targeted, but rather that the server was vulnerable during a mass scan, says Covotsos. I don't think that the ISP was deliberately targeted, as many other servers were hacked in a mass defacement effort.
The Infektion Group hackers have carried out a number of attacks in the past. According to the Zone-h Web site, the group has carried out 20 581 attacks, of which 2 235 are single IP, and 18 346 mass defacements.
The group, which comes from Brazil, has in the past posted political messages and is fairly well known, says Covotsos. They are not shy to leave their details. They know what they are doing and are very quick.
Some newbies would post a Vanity, non-news story or post a story already in discussion as a brand new thread. I'm very impressed. You must have read all the hints, guidelines, etc.
BTW, I'm a newbie myself compared to the many thousands of other FReepers.
Thanks .. I just Google'd "Infektion Group" and got lots of hits telling me there were other sites hacked in addition to Cyndislist.com. It seems the hackers have been quite busy lately posting that same message and picture on a number of sites.
If I remember correctly, they're from Brazil.
This is a much appreciated response from last week when I was accused of being a troll.
Here's an interesting message they left at this site:
(the "F" word edited with "*" for purposes of posting to forum)
Join against them before it if joins against you
greetz: Infektion Group members, Innocent boys, siemens, my real friends and all the peaple that help us.
And a big Fu*k to : all the peaple that hate us, USA and your government imperialist,
all the Neonazists, Bush, Tony Blair ( the dog of Bush ), coca-cola.
Here's one more of interest that appeared after Bush was reelected.
East Kingdom web site defaced by protest group
Submitted by Justin on Thu, 2004/11/11 - 16:20. East | Modern Society | SCAtoday.net
Political protesters temporarily defaced the home page of the SCA's East Kingdom earlier today, replacing it with a page of their own creation.
A group of self-proclaimed "cyberterrorists" calling themselves the "Infektion Group" [sic] replaced the home pages of over 100 sites on the same server as the East Kingdom site with their own page protesting the U.S. election results. The defaced page read:
Infektion Group Owned You
The war of the lier Bush feeds the hate
each day grows more and more!
Below the text was a photographic image of the Brazilian flag. The word "owned" is a term used in hacker and cracker circles to indicate that a site's security has been compromised. Misspelled words, such as "liar" and "infection" in the above, are often intentionally part of so-called "hacker-speak" or "L337-speak" (pronounced elite-speak), a way to present an edgy image. The misspellings may also be due to the page having been created, apparently, by Brazilians, whose native language would most likely be Portuguese.
The click21.com.br domain belongs to a Brazilian company located in Rio de Janeiro, though of course there is no proof that the company knew anything about the attack, since anyone could have put that email address into a web page.
Robin Gallowglass, the East Kingdom Web Minister, says the attackers struck at about 12:53 a.m. US Eastern time, and that he first learned of the attack at about 8:00 a.m. "I was able," he says, "along with my fellow system administrators, to identify the vulnerability that was exploited and plug the hole. The defaced index pages were replaced from backups by approximately 9:30 a.m." Gallowglass says extensive backup precautions saved the day, and that he has an automated backup process that makes archival copies of the web page multiple times per day.
Gallowglass says that an unfortunate default setting in the security of the PHP web programming language was to blame. The PHP software itself had not failed, but the incorrect setting "allowed a file name for a included file to be either a path to a file on the local file system or a remote URL. This allowed the attackers to inject malicious PHP code that allowed them access to all the websites on the server." This sort of remote scripting exploit can happen in many web programming languages, and has been reported in numerous cases for both Linux and Microsoft web servers. In the case of this particular server, it was a Linux machine that was affected. The equivalent Microsoft technology, Active Server Pages (ASP), has been subject to the same kind of error in the past.
Gallowglass says that the server admistrators are careful about security, and blames poor documentation for the fact that this vulnerability "was missed in our periodic security audits." The vulnerable default setting has been changed, and Gallowglass and his colleagues took advantage of the server downtime to upgrade the Apache web server and the PHP programming language to their most recent security patch levels.
Computer security experts say that security is never perfect, in spite of a system owner's best efforts, and that off-site backups of important data are an essential part of site management because these are isolated geographically from the compromised system. In this incident, those off-site backups allowed fast recovery.
Here's what I found: on Zone H, Internet Thermometer, Digital Attacks Archive Digital Attacks.
"Attacked by In f e k tion Gr o up: 20680 of which 2257 are single IP and 18423 mass defacements"
The group In f e k tion Gr o up began cracking into websites on January 16, 2005.
The 20,680 illegal website intrusions have occurred since then. There is a list 30 pages long of sites which that group has hacked into, and it appears that most if not all sites use Linux OS.
The majority of people polled by a security firm said that the teenager sentenced to 18 months in US federal prison for spawning a variant of the MSBlast worm deserved tougher punishment.
In the online poll released this week by security vendor Sophos, 53 percent of those surveyed said that Jeffrey Lee Parson, 19, received a too-lenient sentence. Only 14 percent said the jail time was too much.
Parson, who admitted to re-coding the original MSBlast worm in August of 2003 and sending it back onto the web, pleaded guilty in 2004 and was sentenced to 18 months in a minimum-security US federal prison late last month. According to government lawyers, Parson's MSBlast.b worm infected nearly 50,000 PCs and caused US$1.2 million in damages.
The building anger of computer users toward hackers is the most likely reason so many want to see a relatively minor player do hard time, said Graham Cluley, a senior technology consultant with Sophos. "You have no idea how vociferous people are about their hatred of virus writers," said Cluley. "There's really no mercy. They really want the virus writers to pay hard for what they've done."
While Parson certainly knew what he was doing and should pay for his crime, Cluley said, he questions whether the punishment fit the crime.
"In my mind, he's just not of the greatest Internet villains of all time," said Cluley, who added that he was glad to see Parson not get a stiffer sentence. "I don't see chucking him away in jail helping him very much. From all indications, he's had a sad little life."
The judge in the case agreed. When US District Court judge Marsha Pechman sentenced Parson last week, she laid down some unusual requirements of the 100 hours of community service he must perform, and banned him from computers after he's released from jail.
Pechman required Parson to do his community service through face-to-face contact with others, and according to a statement released by the US Attorney, told him, "No video games, no chat rooms. I don't want you to have anonymous friends, I want you to have real world friends."
Cluley also pointed out what many observers of the Parson trial have omitted: that the perpetrator(s) of MSBlast itself remain at large, even though rewards totaling US$500,000 have been posted and that worm infected millions of machines. Microsoft's decision to focus Windows XP's next major update on security was largely triggered by the fallout from MSBlast; the worm's impact was the big reason why Service Pack 2 (SP2) was delayed until the fall of 2004.
"I have very little sympathy for Parson, who was largely caught by his own stupidity, but people are eager to blame someone for viruses. The trouble is, there are much bigger criminals out there," said Cluley.
The increasingly tight connections between virus writers and spammers, said Cluley, is where law enforcement should focus its efforts. "The criminals who set up these spam factories of compromised computers, they're the guys we should be after."
Still, the venom directed toward Parson by Sophos' poll takers was deadly at times.
"Dip [the virus writers] in a vat of weak acid for days until their skin melts. Or remove their fingers so they can no longer type virus code," one wrote.
"Hundreds of thousands of man-hours wasted, enormous cost and disruption to business globally just to give some lonely saddo geek the satisfaction of sitting back and grinning that he has caused all this mayhem -- you bet he should go to jail," said another.
"Even we lose sight of how much people hate virus writers," said Cluley, "and we're right in the front lines of the fight."
|Online mob (poll) would hang hackers high
Busy little beavers, aren't they?
Oh, I didn't know to do that. Too bad you can't edit your posts once they're up.
Hackers are among the lowest of the Lowlifes.
I use it all the time. I work as a payroll specialist in real life, but a "genie" in real life. I am doing a full genealogy of the descendants of Timothy Bush and Deborah House, the earliest Pres. Bush ancestors. I am amazed what people were also descendants...NASCAR racer Kip Stockwell is a direct descendant of Timothy Bush Sr.'s son Fairbanks Bush...LOL...genealogy won't save the world but it will at least properly document it. ;-)
WOW! Thanks for the link, NT!
Hal, I think the spammer was trying to use Barbara Boxer's brain when typing this nonsense.
You're welcome ..there's several more posted after that one by me and another person.
Thanks BD, and it seems Ms. Howells got her "genie" site back up this morning. I am sure we have not heard the last of the losers "Infektion Group." They are either sexually frustrated or more than 1/2 in the bag.
The hackers are now up to 20,895 hacked web site hits, that's over 200 since my last post.
Just in time for the Super Bowl, they are now targeting sports betting and sports related sites.
If I weren't insufferably lazy, I'd probably be doing genealogy instead of spending most of my free time on the web. I don't even drink coffee.
Anyway, it is a fun and interesting hobby, particularly as a branch of history (which is my real hobby).
These are sad times indeed when ruffians go about the countryside saying "Ni" to old women.