X

"Sm0ked" vandals say more attacks to come

After defacing a page on The New York Times site, Sm0ked Crew members say the action is about power and illuminating the Web's lack of security.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
See full bio
Robert Lemos
3 min read
A well-known hole in Microsoft's Web server software lets vandals easily access parts of Web sites belonging to big names such as The New York Times, Intel and Compaq Computer, one cybergang member said Friday.

Calling himself "The-Rev," the vandal said his duo known as Sm0ked Crew targets Web sites that haven't been adequately secured.

"Sm0ked Crew's aim is to show how even top domains' security can be breached by (easy) exploits," The-Rev wrote in an e-mail exchange with CNET's News.com. "We target the biggest and best sites on the Internet."

The hole, known as the IIS Unicode exploit, takes advantage of a vulnerability in some versions of Microsoft's Internet Information Server.

"Exploitation of this vulnerability is trivial," security firm Internet Security Systems stated in an alert in October. Microsoft released a patch for the hole in August, but many customers are still vulnerable because system administrators haven't followed up.

The-Rev and his partner "Splurge" have tagged more than a dozen sites this month. Starting with the University of South Florida and Taiwan's Board of Foreign Trade, the vandals have quickly moved up to large companies such as Intel and Hewlett-Packard.

On Thursday night, the vandals hit The New York Times Web site, as well as Intel's Web site for the second time.

Despite appearances, a New York Times spokewoman said late Friday that the defacement only looked as though it affected the newspaper's site.

"There was no security breach on NYTimes.com," said Lisa Carparelli, a representative of New York Times Digital. "In fact, at no point were NYTimes.com servers affected in any way. There appears to have been a breach in security at a vendor to whom we outsource the hosting of some business data."

The-Rev said that hitting major sites has given the duo respectability within the Internet underground. "Defacing top sites give us power in the community," he said, adding that he doesn't care whether people think of him as a hacker or a defacer. "It's a state of mind."

For the most part, experts were unimpressed with the duo's work.

"The only thing that is noteworthy about their defacements is the high-profile nature of their targets," said B.K. DeLong, a staff member with security Web site Attrition.org, which tracks defacements.

Although Sm0ked Crew's members have pointed out that they were able to hack servers because a system administrator left flaws unpatched, DeLong said that doesn't justify their actions.

"I think we are definitely more aware of the problem already," he said, adding that although defacing a site may put the security issue in the forefront, it's not the right way to go about it.

Experts have said that the failure of network administrators to patch known security holes is the biggest problem plaguing the Internet.

And, it may continue to be an issue.

In a separate interview with CNET Radio on Friday, Splurge said that more attacks are on the way.

"I'm sure you'll want us on tomorrow night," he said.

When asked what the target will be, he said, "You'll see."