Online vandals take on security sites

In what appears to be a response to the geek-chic equivalent of a dare, a notorious group of online vandals is defacing security company Web sites.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
2 min read
In what appears to be a response to the geek-chic equivalent of a dare, a notorious group of online vandals has begun defacing security company Web sites.

The group, known as PoizonB0x, put its online graffiti on 12 sites in the past week, according to hacking and security site Alldas.de. The targeted sites span the globe, with little in common except for the word security in their domain name.

The group's graffiti consisted of simple text messages. Many merely stated "PoizonB0x was here," but others bragged about the ease with which the Web sites were falling. "I told ya PoizonB0x owns any security!" the group said on one site.

In April, PoizonB0x gained notoriety for its mass graffiti attack of Chinese sites, racking up almost 300 defacements over two months.

The attack on security sites is nothing more than a way to prove themselves, said the group's members, who were contacted at an e-mail address found on one of the defaced sites.

"We just (want to) show that we can own almost any security-related site, not just lame McDonald's or something," wrote one member of PoizonB0x.

But while the group's activities may lead to some embarrassment, its claims strike some as less than convincing.

"Mistakes definitely happen," said Marc Maiffret, chief hacking officer for security group eEye Digital Security, "but I don't think the defacements are too earth shattering."

For the most part, the sites belong to unknown companies, several of which have nothing to do with computer security. In addition, the group of vandals is not doing anything new, Maiffret said.

"It would be different if it was a new exploit that hasn't been discovered yet," he said. "This just looks like the sites got sloppy."

One of the defaced sites belongs to a four-person company in Texas, but it hadn't been used for a while because of an ongoing legal battle over the domain name, according to the company's founder, who spoke on condition of anonymity. The company had not known that its site had been defaced until it was contacted by CNET News.com.

"I'm glad it's nothing more serious," the founder said. He said his company deals with other computer-related security issues, not Web security.

With the exception of a Web site running an unknown operating system, all the compromised servers were running some version of Microsoft Windows, according to Alldas.de.

In their e-mail to CNET News.com, the five-member PoizonB0x said that while they occasionally deface non-Windows servers, they concentrate on Windows NT and 2000 because they are the easiest to crack.