BREAKING: New Zealand web sites security breached overnight

werwe

Hackers can be roughly divided into two groups:  hobbyists and those that are in it for the money.

It appears the latest round of hacked New Zealand web sites are simply defaced with the hacker’s “signature page”.

Later in this post there is a complete list of New Zealand domain names affected in this way over the years, but here is a partial list of sites that have been hacked over the last 48 hours:  

list

These days, most web sites have a enough traffic for these security breaches to be picked up by web site visitors who will quickly inform the web site owner that there is a problem.

But that doesn’t solve the threat.  Simply putting a fresh copy of the web site up probably means the hackers will use the same method of attack again.

Here is an example of a web site that has been defaced, but the owner is aware of it and has pulled the web site down.  They may not have a copy of their web site to replace it with, or they are waiting for their web hosting company to confirm that the security vulnerability has been fixed before putting the site back up.

ghyc down

The above screencap shows what comes up now, but Google Cache shows us what should have been there

ghyc cache

And just to check, yes, the domain name is all paid for and current

ghyc domain status

Other web site owners haven’t been informed about the problem, or are leaving the defaced web site in place until they receive word that it’s now safe to restore it to its former glory.

Here is an example of a web site that is still showing as defaced at the time I researched this post

qbtraining

Who are these people hacking these web sites, and what do they want?

Simply put, they are skilled hackers that are in a race against each other for bragging rights.  Here is their leader board at the moment

rankings

The latest round of hacking that has affected New Zealand web sites have been claimed by someone with the alias “ByPsiko“.   A lot of the hackers involved seem to speak Turkish, and may indeed also reside there.

The game is to prove you took over the web site by leaving your signature behind.  Every time you do, you score a point, and the points accumulate to compete against the others.

ByPsiko seems to be in mourning as his current mode de defacement seems to lament the death of a Turskish celebrity:

defacement

The first line says (according the Google Translate) “We will not forget you, Papa Müslüm”

If you Wiki Müslüm, you discover he recently passed

dead

The dedication the hacker has to Müslüm Gürses is beyond me, I guess it’s a Turkish thing:

Back to the hacking story, it appears that the sites aren’t otherwise infected, or meant to infect subsequent visitors (DISCLAIMER: visit them at your own risk).  So the total extent of this level of hacking appears to be the digital equivalent of teenagers spraying graffiti on your walls.

hacked

Messages differ depending on who hacks the web site.  Some of them are simply personal signatures, other post political messages.  But make no mistake, it has been going on, and is going on right now

happenng now

Not all New Zealand web sites use .co.nz domain names, and .com and many other domain names are affected, so it may pay to check if your site is currently one of the affected ones.  Keep in mind that whatever security problem exists needs to be fixed before you put a fresh copy of your web site back up.

The list below only covers .co.nz sites, and also includes historical entries.

For example, the NBR appears to have been one of the victims of this game way back in 2007

nbr

waybackwhen

They hacking group helpfully provides a searchable database of all their victims, so you can use that to see if you are on this list.  Again, I can’t see any current way visiting that web site is unsafe, but you visit it at your own risk:

http://turk-h.org/root

For those that run a .co.nz web site, here is the list of all names that were affected by the time this post was researched (earlier this morning).  It contains many historical entries, but the first few pages should be considered current for those who don’t want to go to the web site itself.

co.nz breached websites data by Whale Oil Beef Hooked (CAUTION: LINKS IN THE DOCUMENT ARE LIVE)

  • PlanetOrphan

    Bloody Maggots M8!

    Anonymous are a bunch of childish blow arses that need prison time M8!

    Their “Creators” must have injected to much bleach into their brains M8!

    • James M

      This isnt an Anonymous style of attack. This article is more about script kiddies taking control of large numbers of sites to boast and get points on a score board. They dont target anybody in particular they just go for gross numbers, even a personal site about your kitten is a potential target.

      Anonymous attack sites out of protest, political point of view or revenge. You wont see them attack the likes of a knitting clubs website

      • PlanetOrphan

        Almost True Bud, Anonymous encourage these script kitties for cover.
        And your right about the revenge motivation. But it’s much more about proving the delusion that their IQ is greater than 60.

  • Agent BallSack

    I think they are helpful in that they are providing for free what Government departments pay millions of dollars each year to get. If you have a website I am sure that you would prefer someone signed your page rather than steal your customers credit details

  • Agent BallSack

    Whale when you click on that Scribed inset you get taken to the Turkish hack website.

    • http://www.whaleoil.co.nz/ Petal

      I can’t replicate that. Can you explain like I’m 5?

      • Agent BallSack

        All of those addresses inside the scribed container take you to either dead links or still hacked sites for me. I accidentally clicked in there thinking it was a text file.

        • http://www.whaleoil.co.nz/ Petal

          Ah, thank you. I’ve added an appropriate caution.

  • Marc Williams

    I would like to see the law changed so that hacking or unauthorised access to websites is classed as terrorism – a few convictions would see most of the idiots reconsider their choice of time wasting. I can’t enter your house without permission, so why should my website be any different?

    • Patrick

      All good in theory but good luck trying to prove & prosecute some Turkish donkey rooter on the other side of the world.

  • Hazards001

    I think I got lost on the 2nd paragraph…thank god we pay gimps to deal with this shit…does my head in!

  • Pingback: Silence over security does not ensure safety | News Weblastic()

119%