UN web site hit by international defacer gang
A group of three crackers broke into the United Nations web site on Sunday and replaced the list of latest speeches by Secretary General Ban Ki-moon with an accusation that America and Israel kill "children and other people".
Apparently the defacement was accomplished using SQL injection. Major sites are being defaced all the time using this elementary technique, but this is possibly the highest profile incident in recent times.
The attackers list themselves as Kerem125, M0sted and GSY, and the spelling of the word "Israel" ("Ýsrail") in the defacement immediately suggests a Turkish connection. One of the crackers, Kerem125, is clearly Turkish. He has used the slogan "One Turk. Against The World!" widely on other web site defacements. One of his colleagues, M0sted, maintained, at least until 9 August 2007 when it was cached by Google, a web page listing over 20 claimed defacements of sites world wide. That page also contained a link to a now-defunct site www.kerem125.com. M0sted ran another site on m0sted.by.ru. (cached), which went off line some time after 6 August. The main copy on the front page is apparently a political poem in Turkish, but the page also contains the English phrases "Hacked by Mosted", "LamerHack Team", "Special thankS Turkish hackerS" and an acknowledgement to Kerem125. The third member of the team, who uses the screen name GSY, is somewhat more elusive. A now defunct page at www.gsy.dl.am/ contained a link "please click here to visit Hacked by gsy & kerem125" pointing to the domain by-gsy.org, registered at the beginning of June to one Alaa elden at a possibly suspect Cairo address.
So far we have identified two Turkish perpretrators and one of unknown nationality possibly operating from Cairo. But there are pointers to a possible Russian connection as well, via the group name "LamerHack team". LamerHack is the name of a Delphi trojan the authorship of which is claimed by VladUha (Russian), a 17 year old Russian hacker who seems to have a bit of a dark side to his force. The front page of his web site carries the warning "You probably got here via HackZona.ru. You'd better avoid that one before it's too late. The long arm of the law will close it down soon. That's my advice anyway...". It would be a strange set of coincidences if there were no connection between these crackers and VladUha, considering the use of the by.ru hosting service by M0sted, the by-gsy.org domain name registered by GSY, and that LamerHack is described by VladUha (Russian) as only being a "beta" so far, and is therefore unlikely to be well known outside the Russian hacker community.