You would think people like me know you should have good security and strong passwords, but you would be wrong. Seems like now and again I stumble upon some kind of hacker-community and high members and admins some time’s have the same password on other site’s. You should never use the same password twice for important stuff like an admin account. Some site’s you will even find really bad wholes like a simple sql-injection. I remember a year or so back when Sweden was a target for Turkish hackers because some drawings of Muhammad. Anyway one of these groups got some attention in the Swedish media. And I thought to myself “hum, might take a look”. Didn’t take me that long to find an injection, on the only page they had coded by them self (That said a lot about the group). As stupid as I was back then I wrote a script in perl and started to loop down the users. I started focusing on cracking the admin hashes, and sure enough I got a few hit’s. Logged in and posted a Muhammad picture on the front page and then posted the database on a forum from a fake account.
This would be the end of the story I thought and went to sleep feeling good about my retaliation. When I woke up the next day all hell had broken lose. People was hijacking Turkish accounts and the Turkish hacker forum was overflowing with spammers. As revenge the Turkish group made a ddos-attack on the forum I posted the database on. On top of this the Swedish media was talking about a cyber war between Sweden and turkey. Radio and newspapers was all over this. Well, shit dose happen. Not every day you get a accused for starting a war. =(

Here are some articles for the Swedish readers:

http://www.idg.se/2.1085/1.125941
http://www.idg.se/2.1085/1.125361
http://www.svd.se/nyheter/inrikes/artikel_497671.svd
http://www.sr.se/ekot/artikel.asp?artikel=1658549
http://www.sr.se/webbradio/webbradio.asp?type=db&id=819400
http://www.bestsecuritytips.com/news+article.storyid+367.htm

First and last time I take responsibility for this attack. It would have been so much better living of them for a while. Taking everything from the inner circle, living of them like a parasite. I would have had my own script kiddy army and they would have been none the wiser.

A week ago I helped a friend hack a torrent tracker. He came to me with a sysop password. It turned out to work and I started to go to work. Took me about 1 min before I found my way in, to place a shell via an old IPB-forum. I upped a shell via the admin panel and it all was over in a few minutes. Why I’am writing about this is that yesterday the tracker went down. Apparently some evil monkeys was on the server to. I don’t really know what happened but there aren’t many scenarios.
1. They saw my attack and put the server down for a look over.
2. My friend gave the shell to someone stupid.
3. It was a coincident and bad luck.
The rumor say’s it was a punch of former staff that was angry. So who knows might as well be option number three. It’s wasn’t a big hack but I allway get jumpy when they find my shells. Although I hadn’t put much effort in hiding it. Promised by friend I have another go at it. This time I’ll not underestimate them. =)