‘Tis The Season To Be “0wned-&-Exposed”

This time of year, criminals rely on IT vacation plans and public holidays to provide the opportunity to attack targets and to extend their reach within compromised sites.  This holiday season has been no exception.  Over the weekend, a number of sites got “Owned and Exposed”.  

It should be noted that the site used to distribute the popular backtrack Linux distribution, as well as the Ettercap project were breached.  It is not completely clear how long ago these sites were originally compromised and if any of the tools were altered.

In the second issue of the online hacker magazine (e-zine) “Owned and Exposed,” the attackers listed carders.cc, ettercap, exploit-db, backtrack, inj3ct0r, and free-hack as victims.  Free-hack was taken down for being “lame script kiddies,” while the other sites had criminal ties or were considered security experts who “fail so hard at security that we wonder why people really take their training courses”.

Exploit-db’s administrator said that damage was limited to posting the e-zine in the “papers” section.  Backtrack-linux.org shares a subnet and administrator with exploit-db.  The same root account and password was used for all Web scripts, WordPress installations and MySQL databases, making it easy prey.   Carders.cc, a German online forum dedicated to helping criminals trade and sell stolen financial data was shut down.  As part of its inaugural issue in May, “O&E” wrote “Carders is a marketplace full of everything that is illegal and bad,” including drugs, weapons and stolen credit card numbers.  Carders is back up, three days later.

The SourceForge page hosting the Ettercap message boards and files for a “white hat” penetration testing tool was another interesting target.  The tool hasn’t been maintained for five years, and the group found evidence the site had already been compromised by someone else. The group warned against downloading anything from the compromised site.

These attackers claim to be “watchmen”, quietly observing the scene, according to the newsletter.  They deny being just another “underground rival kiddy group”.   The goal was to shut down sites that “spread garbage” across the Internet, the group wrote.

More information: