Hacker wrecks 175 websites, leaves Facebook fan link

An audacious hacker has defaced 175 Australian websites in an attack that links viewers to his personal website, email and Facebook fan page.

The hacker, who is described as a 26 year old male from Tunisia, launched the attacks after a Brisbane hosting provider — which Computerworld Australia will not name — left a permission level too low on an Apache server.

A manager at the provider said the exploit was present in an obscure program on the provider’s servers, which the hacker used in the mass defacements that included the hosting provider’s websites.

The hacker provided links to his Facebook, Myspace and Blogger accounts, along with a phone number based in Romania.

Some websites appeared to still experience problems, while others were functioning normally.

Last month, 159 Australian websites were hijacked and vandalised after a hacker gained administrative access to the Direct Admin server management system used by a hosting provider.

In May, former strategic chief information officer for the Commonwealth of Pennsylvania, Bob Maley, said defacements could be seen as examples of slack security derived from isolated security management. He acknowledged defacements are "low-hanging fruit" in terms of the risk of exposure to sensitive data, and said websites become vulnerable to similar attacks when security is tackled in isolation by agencies.

We understand disclosure and discretion are top of mind for organisations that have endured a data breach. Tell Computerworld Australia and help your colleagues protect themselves. All tip-offs remain anonymous. Contact us here.