On Tuesday June 26, 2001, a hacker named 'ThePike' managed to deface the European defacement mirror Alldas.de. Visitors to the site saw a modified news banner on the left side saying "ALLDAS GOT CRACKED! READ IT HERE". The front page was modified to include a small rant/message from the defacer regarding current defacement activity. His message warned other defacers that "security is not something funny" and cautioned would-be defacers about using their scripts to deface companies that rely on data security.

For details on the defacement from Alldas:
See http://www.alldas.de/?doc=news#11

For a mirror and the full text message left:
http://defaced.alldas.de/mirror/2001/06/26/defaced.alldas.de/

It is interesting to note the amount of commands the attacker attempted to run and the likelihood that he shared the exploit with others. Given the command attempts came from 10 different IP addresses, one might wonder about the intentions of the OTHER people involved.

Security web site Security.NL was contacted by someone, possibly from whiskunde.org, believed by some to be involved in the defacement. Security.NL posted an article (in Dutch) about the defacement, as well as mirror and screenshots:
screenshots: http://www.security.nl/content.php3?page=reactie&id=2099&0
mirror: http://www.security.nl/misc/alldas.html

Securitywatch article on the incident:
http://www.securitywatch.com/New/fr_news_0_bugs.html

It is refreshing to see Alldas.de provide details of the incident as well as make a mirror available on their site. It is that kind of integrity and honesty that is needed in the security community.



---
© 1999, 2000, 2001 Copyright Brian Martin
Permission is granted to quote, reprint or redistribute provided the text is not altered, and the author and attrition.org is credited. The opinions expressed in this text are not necessarily the opinion of all Attrition staff members.

To subscribe to this list, send mail to majordomo@attrition.org with subscribe defaced-commentary in the BODY of the mail.