- Related Stories
-
French Microsoft Web site hacked
June 19, 2006 -
Kevin Mitnick, the great pretender
June 14, 2006 -
Korean Apple online store hacked
May 3, 2006 -
Hacking for dollars
July 6, 2005 -
Mitnick released from prison
September 21, 2000
Online vandals, apparently operating from Pakistan, broke into the computer hosting Mitnick's Web site on Sunday and replaced his front page with one of their own. As a result, four Web addresses belonging to Mitnick, including KevinMitnick.com and MitnickSecurity.com, displayed an explicit message on Mitnick and hacking.
"The Web hosting provider that hosts my sites was hacked," Mitnick told CNET News.com in an interview Monday. "Fortunately, I don't keep any confidential data on my Web site, so it wasn't that serious. Of course, it is embarrassing to be defaced--nobody likes it."
Mitnick's name is synonymous with "notorious hacker" for many. He was caught by the FBI in 1995 after a well-publicized pursuit and spent five years behind bars for wire and computer fraud. Today, he is a consultant, has written two books, and spends much of his time on the road at speaking engagements.
Mitnick heard out about the defacement on Sunday afternoon, shortly after the initial compromise, he said. The attackers gained complete control over the server that hosts his site as well as others at hosting provider Hostedhere, Mitnick said. It is common that hosting companies store multiple customers' Web sites on one server.
"The attackers from Pakistan took over that whole box. There were a whole bunch of customers, including myself, but my site was the only one defaced, so I was probably the target," Mitnick said. The server was taken offline to be reinstalled, Mitnick said. The Web site was still offline as of late Monday afternoon Pacific Time.
Web site defacements still occur, but they have become less high profile in recent years as financially motivated threats take the spotlight.
The message placed on Mitnick's Web site started with: "ZMOG!! THE MITNICK GOTZ OWNED!!" and continues with expletives and a picture of Mitnick with some modifications. Security Web site Zone-H first reported the hack on Monday and has screenshots of the replaced Web pages.
Defacing Web sites is akin to graffiti in the brick-and-mortar world. "It is kind of stupid; they do it for the attention," Mitnick said. "When I was a hacker, I never stooped to defacing sites because that was more like vandalism; that wasn't any fun. It is more about getting in and being stealth and looking around and exploring."
So far, Mitnick doesn't know how the server containing his Web site was compromised. He plans to investigate that at a later time. It could be that a security flaw on one of the other Web sites that was hosted on the same server gave the attackers a way into Mitnick's portion of the machine, he said.
"When you're with Web hosting companies, your security is as good as theirs. You just have to live with that," Mitnick said. "When you want to raise the bar, you have to set it up yourself. I don't have the time to maintain a Web site."
Hostedhere, Mitnick's hosting provider located in Greenville, S.C., did not immediately respond to an e-mail seeking comment.
"They do a good job. I don't think they're insecure," Mitnick said, adding that he would switch Web hosting providers only if his site gets hacked continuously.
This isn't the first time that a Mitnick Web site has been defaced. Three years ago, a site set up by Mitnick's supporters was repeatedly hacked. Mitnick did not operate those sites. He was not allowed to use computers at that time as part of the terms of his supervised release from prison, he said.
See more CNET content tagged:
Kevin Mitnick,
hosting company,
Web hosting company,
Web hosting,
Pakistan
pretty funny too.
He did exploit software vulnerabilities as well.
you talk about attention seeking, but thats all you've done since you came out of jail.
there are bigger hackers around who are a lot more knowledged than you, that you have never heard of/ and never appear in public.
those guys are the real stealth and exploring folks, you're just going to be remembered in the underground as, the guy who got caught and milked your name for all its worth afterwards.
i've read your books, they don't talk about techniques that weren't already known about in the underground.
sure for academic folks you'll be giving them something they don't know about, but the homegrown hackers in the underground don't see you as anything special, apart from stupidly well known, because of media hype over the buzzwords "hacker", "fbi", "caught", "released", ""book"... thanks.
as for the defacement of your web site, its pretty funny that while you claim it wasn't your fault and your hosting company was insecure.
surely such a good hacker come security consultant would have picked a good company to host your website, since you're a *cough* expert and know which companies offer the best hosting in terms of security.
you can't scape goat all the blame towards others... and you say there was no sensitive information stored on your account, well they weren't looking for sensitive information were they? as far as the attackers are concerned, they hacked your web site in the knowledge they wanted to deface your site, and thats what they done. they didn't go damn, theres no sensitive infomration here, we'll just go for second best. no they went into the server with the intention to deface it, and thats exactly what they did... mission completed.
and you say being stealth looking around and exploring, but thats exactly what your attackers did. yes they left a defacement, but they still looked around and explored, and as far as i know, they haven't been caught, so it looks like they were stealth too.
enjoy milking out the rest of your post jail career...
i speak to mark seiden everyday, i believe you know each other ;)
peace
Oh well, charge away Kevin! Hoover those gullible fear dollars.
It only goes to show that even hackers can be hacked.
Kevin is just as human as you and I... even though he's much more aware of hacking than many, one slip up, one miss, one guard let down and even hackers can be hacked.
Bottom Line: He's human and there is no such thing as an totally unhackable system! Combined they only create a double-weakness!
Walt
- Stupid
-
by intel17
August 27, 2006 7:13 AM PDT
- What was the point? A waste of time.
-
Reply to this comment
-
See all 23 Comments >>