ClassicCars.com hacked by Indonesian hackers

Filed Under: Vulnerability

Kubucyber hacked defacementLate yesterday evening a fellow Sophos employee tipped me off that the website classiccars.com had been defaced. While it's not shocking news that another site of the millions on the internet has been hacked, this one was unusual in that the defacement seemed to be nothing more than an advertisement for the hackers.

Ten years ago hacking for bragging rights was a somewhat common practice, but today most attacks are more silent and are designed to steal information. I poked around to find out more about who was behind the attack and how they are compromising the security of the sites they are attacking.

IRC bot command listThe image and stolen JavaScript code that made up the new home page were stored at a free web host. No surprises there, but I did discover that they had an active IRC network.

The group had planted an IRC bot in a chat channel that they can command to remotely scan networks for vulnerabilities. This provides them with a list of hosts that are vulnerable to SQL injection and other techniques. It appears the bot uses search engines like Google and Bing to find potential targets.

r3cogniz3d's photo from FacebookThe individual who claimed to execute this hack seems relatively unknown, but others in the group are proud enough of their work to publish tales of their exploits. One member, r3cogniz3d, was good enough to post his name and photo publicly on Facebook. He seems to really like the coffee shop Cafe Lampu in Jambi, Indonesia, by the way, so stop by and pay him a visit if you're in the neighborhood.

My Indonesian is a little rough, but from what I can tell, r3cogniz3d has made it his mission to recruit and teach others how to hack websites through SQL injection and has even posted a video tutorial on YouTube.

So what is the point of all of this? Securing your websites against trivial attacks like those perpetrated by KubuCyber isn't difficult. The group is simply following a formula to walk in through a door your web developers have left ajar.

When you host a website with a provider, make sure you find out how they will maintain the host operating system and whether they do security audits of the sites they host. It may cost more money to deal with a developer who knows how to properly secure your site, but an ounce of prevention is worth a pound of cure.

For more information on securing your website download our technical paper "Securing Websites" published by SophosLabs. In addition to advice on avoiding SQL injection, this paper talks about establishing a secure foundation for your site and how to deal with external service providers.

, , ,

You might like

2 Responses to ClassicCars.com hacked by Indonesian hackers

  1. Jieranai Maier · 1362 days ago

    I used to have my own web server for all my web sites in Silicon Valley. It was around 1999 and 2000 when I ran my sites, I had a Windows 2000 Server and used SBC Pac Bell DSL high speed connection. It was good for a few months until I started to noticed someone from a country in Europe put some files on our server. Those files were really hidden and hiding deep in one of the directories. Next incident was the defacing of one of my web sites. It was humiliating. I fixed it and then another hacker use PHP script and hacked my bulletin boards GRRRRRR. I finally gave up using my own web server and I parked my sites at a very secured facility and never had a bad incident since.

  2. royhaiza · 1361 days ago

    urghh again indonesian hackers!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.