Mitnick’s Site Gets Owned
A defacement crew from Pakistan targeted “notorious” hacker Kevin Mitnick’s website and replaced his homepages with screeds and taunts. Kevin Mitnick was the first high profile criminal to go to jail for crimes on the internet in 1995. Now he is out of jail and is trying to make a living at speaking engagements and other events where he hypes his criminal background and pretends to be a security expert.
From CNET here:
Instead of the usual description of Kevin Mitnick, his consulting services and books, the famed hacker’s Web site on Sunday displayed a vulgar message.
Online vandals, apparently operating from Pakistan, broke into the computer hosting Mitnick’s Web site on Sunday and replaced his front page with one of their own. As a result, four Web addresses belonging to Mitnick, including KevinMitnick.com and MitnickSecurity.com, displayed an explicit message on Mitnick and hacking.
Mitnick’s name is synonymous with “notorious hacker” for many. He was caught by the FBI in 1995 after a well-publicized pursuit and spent five years behind bars for wire and computer fraud. Today he is a consultant, has written two books, and spends much of his time on the road at speaking engagements.
“The attackers from Pakistan took over that whole box. There were a whole bunch of customers, including myself, but my site was the only one defaced, so I was probably the target,” Mitnick said. The server was taken offline to be reinstalled, Mitnick said. The Web site was still offline as of late Monday afternoon Pacific Time.
Defacing Web sites is akin to graffiti in the brick-and-mortar world. “It is kind of stupid, they do it for the attention,” Mitnick said. “When I was a hacker, I never stooped to defacing sites because that was more like vandalism, that wasn’t any fun. It is more about getting in and being stealth and looking around and exploring.”
Yeah, defacements arent fun, but they sure are embarrassing. They tend to show that an organization is sloppy, especially if the defacement was due to a misconfiguration.
The copy of the defacement is here: