Hackers can be roughly divided into two groups: hobbyists and those that are in it for the money.
It appears the latest round of hacked New Zealand web sites are simply defaced with the hacker’s “signature page”.
Later in this post there is a complete list of New Zealand domain names affected in this way over the years, but here is a partial list of sites that have been hacked over the last 48 hours:
These days, most web sites have a enough traffic for these security breaches to be picked up by web site visitors who will quickly inform the web site owner that there is a problem.
But that doesn’t solve the threat. Simply putting a fresh copy of the web site up probably means the hackers will use the same method of attack again.
Here is an example of a web site that has been defaced, but the owner is aware of it and has pulled the web site down. They may not have a copy of their web site to replace it with, or they are waiting for their web hosting company to confirm that the security vulnerability has been fixed before putting the site back up.
The above screencap shows what comes up now, but Google Cache shows us what should have been there
And just to check, yes, the domain name is all paid for and current
Other web site owners haven’t been informed about the problem, or are leaving the defaced web site in place until they receive word that it’s now safe to restore it to its former glory.
Here is an example of a web site that is still showing as defaced at the time I researched this post
Who are these people hacking these web sites, and what do they want?
Simply put, they are skilled hackers that are in a race against each other for bragging rights. Here is their leader board at the moment
The latest round of hacking that has affected New Zealand web sites have been claimed by someone with the alias “ByPsiko“. A lot of the hackers involved seem to speak Turkish, and may indeed also reside there.
The game is to prove you took over the web site by leaving your signature behind. Every time you do, you score a point, and the points accumulate to compete against the others.
ByPsiko seems to be in mourning as his current mode de defacement seems to lament the death of a Turskish celebrity:
The first line says (according the Google Translate) “We will not forget you, Papa Müslüm”
If you Wiki Müslüm, you discover he recently passed
The dedication the hacker has to Müslüm Gürses is beyond me, I guess it’s a Turkish thing:
Back to the hacking story, it appears that the sites aren’t otherwise infected, or meant to infect subsequent visitors (DISCLAIMER: visit them at your own risk). So the total extent of this level of hacking appears to be the digital equivalent of teenagers spraying graffiti on your walls.
Messages differ depending on who hacks the web site. Some of them are simply personal signatures, other post political messages. But make no mistake, it has been going on, and is going on right now
Not all New Zealand web sites use .co.nz domain names, and .com and many other domain names are affected, so it may pay to check if your site is currently one of the affected ones. Keep in mind that whatever security problem exists needs to be fixed before you put a fresh copy of your web site back up.
The list below only covers .co.nz sites, and also includes historical entries.
For example, the NBR appears to have been one of the victims of this game way back in 2007
They hacking group helpfully provides a searchable database of all their victims, so you can use that to see if you are on this list. Again, I can’t see any current way visiting that web site is unsafe, but you visit it at your own risk:
For those that run a .co.nz web site, here is the list of all names that were affected by the time this post was researched (earlier this morning). It contains many historical entries, but the first few pages should be considered current for those who don’t want to go to the web site itself.
co.nz breached websites data by Whale Oil Beef Hooked (CAUTION: LINKS IN THE DOCUMENT ARE LIVE)