ZH2004-5DC (defacement commentary): Unknown defacer targets governments running windows

24/01/2004 Written by Siegfried www.zone-h.org admin

A defacer who posted sites with the name "Gov", broke into 2 servers belonging to the US Army but also 1 Brazilian and 1 Chinese governments' web sites.

On each site, he created a page named "gov.htm" and wrote the following message: "Gov Fuck You Sux Win!!". His goal seems to be quite clear, hacking government servers in order to damage the Microsoft's image and promote the unix systems, even though Linux is still the most attacked system (57.7%) according to Zone-H stats (which reprensent the common attacks and trends used by crackers).

There are many chances that the defacer took advantage of the rpc dcom vulnerability in order to break into the servers, 3 of them were running Windows 2000 and 1 the Windows 2003 operating system. To comment these defacements, he checked the option "patriotism" when he submitted them.

Here is the list of the defaced web sites by "Gov":

US Army Corps of Engineers:

carters.sam.usace.army.mil Carters Lake, North Georgia, Mobile District

gisweb.nao.usace.army.mil Geospatial Services Section, Norfolk District

Brazilian Government:

download.edunet.sp.gov.br State of São Paulo - Education Secretariat

Chinese Government:

cdcc.gov.cn

Siegfried www.zone-h.org admin