ZH2004-5DC (defacement commentary): Unknown defacer targets governments running windows

24/01/2004 Written by Siegfried www.zone-h.org admin

A defacer who posted sites with the name “Gov”, broke into 2 servers belong­ing to the US Army but also 1 Brazil­ian and 1 Chi­nese gov­ern­ments’ web sites.

On each site, he cre­ated a page named “gov.htm” and wrote the fol­low­ing mes­sage: “Gov Fuck You Sux Win!!”.His goal seems to be quite clear, hack­ing gov­ern­ment servers in order to dam­age the Microsoft’s image and pro­mote the unix sys­tems, even though Linux is still the most attacked sys­tem (57.7%) accord­ing to Zone-​H stats (which reprensent the com­mon attacks and trends used by crackers).

There are many chances that the defacer took advan­tage of the rpc dcom vul­ner­a­bil­ity in order to break into the servers, 3 of them were run­ning Win­dows 2000 and 1 the Win­dows 2003 oper­at­ing sys­tem. To com­ment these deface­ments, he checked the option “patri­o­tism” when he sub­mit­ted them.

Here is the list of the defaced web sites by “Gov”:

US Army Corps of Engi­neers:

carters​.sam​.usace​.army​.mil Carters Lake, North Geor­gia, Mobile Dis­trict

gisweb​.nao​.usace​.army​.mil Geospa­tial Ser­vices Sec­tion, Nor­folk Dis­trict

Brazil­ian Gov­ern­ment:

down​load​.edunet​.sp​.gov​.br State of São Paulo — Edu­ca­tion Sec­re­tariat

Chi­nese Gov­ern­ment:

cdcc​.gov​.cn

Siegfried www​.zone​-​h​.org admin