A paper written to describe and give a brief overview of events on the whole www.apache.org hack.
035a9e7bb77445aa8367ab496c49b9d7c99748af5fdd6aafe0dc6768bc2f8339
Also see;
http://www.wired.com/news/politics/0,1283,36170,00.html
HWA Press release notice -[ RE-RELEASE Sat May 6th ]
*** MAJOR BREAKING NEWS ***************=20
*** TYPO CORRECTED *** HOT HOT HOT! ***
*** TYPO CORRECTED *** HOT HOT HOT! ***
*** MAJOR BREAKING NEWS ***************
This is a kind of big story considering the implications and =
proliferation
of apache web server (free) on the internet today, there is MORE THAN A
DEFACEMENT STORY HERE but it seems the virus story has buried this.- C*
MAY 3rd INSIDE THE APACHE.ORG HACK
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Brief;
APACHE software is free web server software and a high percentage of the
internet runs off this well-known and established software not just
because
it is free but because it is written by experienced internet
programmers.
This vulnerability could have held a very large percentage of the www wide
open to malicious attack and compromise....
TRUE "CLASSY" HACK, HACKERS BUST ROOT AND DEFACE APACHE.ORG
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.apache.org/
- Currently offline, down most of today.
http://www.attrition.org/mirror/attrition/2000/05/03/www.apache.org/
- archive of the defaced site.
(Still offline for repairs as of this writing, site has
been down most of today (Thurs/Fri))
Brief intro;
Hi, I publish a security and hacking ezine that summarizes
incidents in an archive format and occasionally am privy
to inside information such as the following, I don't
normally mail media other than the HNN people
(http://www.hackernews.com/) but thisis pretty big and
I thought it would be of interest to you.
* My site/news ezine can be found at
http://welcome.to/HWA.hax0r.news
Details;
May 3rd: A classy hack: http://www.apache.org was root
compromised and defaced in a subtle manner.
The site was defaced around 18:37 EST May 3rd 2000 by hackers
(*MY EARLIER EMAIL NOTICE STATED Apr 3rd THIS WAS A TYPO)
known as "{}" and "Hardbeat" ( {} belongs to Buffer Overflow
Security (b0f) a fledgling security group consisting of ex
hackers and including people such as mixter who wrote TFN
the DDOS distributed attack tool recently brought to light
in the media by denial of service attacks on major web sites
(b0f site is at http://www.b0f.com) the following url contains
an advisory and technically detailed how-we did it paper by
{} and hardbeat who worked together on the hack.
** http://www.dataloss.net/papers/how.defaced.apache.org.txt
The main page of apache.org was slightly modified to sport a
"powered by Microsoft Back Office" banner at the bottom.
The intruders contacted apache and it is rumoured one or
both were offered jobs with the company although I can
confirm nor deny this at present. An interview with {} and
hardbeat will be in issue #53 of HWA.hax0r.news which is
to be released Sunday night May 7th.
This was a classy hack and ended almost like a fairy tale,
although tracks were covered and logs cleared, it was
decided to alert the apache.org people about the condition
and a meeting between the intrucers and apache ensued.
Not all defacings go this way, so /kiddies remember it is
still very illegal and risky to do this .. be warned.
cheers,
"Cruciphux"
Editor/HWA.hax0r.news Ezine
HNN Affiliate/b0f Security
IRC (Efnet)
#HWA.hax0r.news
cruciphux@dok.org