When HFG defaced the New York Times Web site in 1998, the group posted a long, apparently heartfelt screed that cited Voltaire, Tennyson, and Emerson, and tried to put the hacking in the context of big battles that mattered:
"Just because we type in all caps and use 'elite' speak doesn't mean we are kids, or we don't own your dumb ass. For everyone who calls us immature kids, it shows one more person has underestimated us. And worse, what does that say about their security? That 'immature kids' were able to bypass their 25,000 dollar firewalls, bypass the security put there by admins with XX years of experience or a
XXX degree from some college. Nyah Nyah. [...] The injustice Markoff has committed is criminal. He belongs in a jail rotting instead of Kevin Mitnick. Kevin is no dark side hacker. He is not malicious. He is not a demon. He did not abuse credit cards, distribute the software he found, or deny service to a single machine. Is that so hard to comprehend?" (http://everything2.com/title/Hidden+Message+behind+the+New+Y...)
In 2012 when PYK defaces the Saturday Night Live site, they post "Greetz to oday, BRUT4L & S4VAGE
Fuck the Feds, 419 is just a game~~ USER INFO - EXPOSED PASSWORDS - DUMPED".
Is this now the worst they can imagine? Grabbing my Saturday Night Live password?
Bring back the heartfelt screeds and the poets! At least HFG thought what they did was important.
I've said this before, but I've always been truly and deeply disappointed that groups like this didn't plant realistic-looking stories about an alien invasion. They had the New York Times! They had The Washington Post!
Imagine: one day, the biggest papers in the country simultaneously run stories about an alien takeover of the government. Then, minutes or hours later, "poof!".
"Oh, nothing happened. Nothing you care about. It was just hackers. And swamp gas."
For every interesting/funny defacement, there are a thousand boring ones; that's as true now as in the 90s. The only difference is that we've forgotten the lame attacks and remember the interesting ones.
Also, grabbing an SNL password means nothing for the SNL site, and everything for the security of users that reuse passwords. The value of a password database rarely has to do with the site it's from.
Hah. I always find it funny how the same people who are capable of hacking these high profile websites haven't updated their design, HTML and CSS knowledge since the '90s. Scrolling marquees and the horrible moving star background.. really? Plus the remainder of the page is totally screwed up.
I never understood publicly defacing a site like this, if you're technical enough to access a domain with a fair amount of traffic, why not inject some script that'll give the visitor a drive-by download, and go in for the long (and more profitable) game?
Then again, I'm calling these people technical, apparently it's a simpler game now with scripts that any regular Joe (or his 14-year old kid) can run.
> I never understood publicly defacing a site like this, if you're technical enough to access a domain with a fair amount of traffic, why not inject some script that'll give the visitor a drive-by download?
Because the point isn't to cause damage to the user in any way (usually), but rather to (some combination of) 1) show off your skills, 2) embarrass the site owners, 3) get a message out, 4) have bragging rights. It's generally a fairly non-destructive practice, just silly.
Its no simpler now than it used to be. People have been saying that (and citing the whole 14yo trope) since the 80's. It does require skill, even if you're just using scripts.
What would give them more technical credibility in you eyes? If they wrote the attack themselves? In C? In Assembly? We all automate the hell out of things and lean toward the highest level languages for server automation anyway, why demean them when everything is a 'simpler game now with scripts that any regular Joe can run.' Have you seen Chef or Puppet, Flask or Rails?
If you think there's a difference between hacking website X with ready-made tools and writing the attack yourself etc... you are not thinking like a hacker.
A hacker doesn't care what the way is. He thinks about the goal, the end result.
If there's a ready-made script that can help or do it for him? Sure why not?
Having said that I agree that it does require skill and it is not as easy as downloading some random scripts and typing in a website and pressing the 'hack' button.
They deface sites because that's the aim of the "game" they play - how many sites can that group deface vs this other group?
Tagging - an ugly pointless form of graffiti is popular for similar reasons. It's easy to do, and more tags == more credit among a small group of peers.
It's a good thing that people want to deface websites rather than hunker down and learn the long game. We'd be in real trouble if all the people doing minor stuff turned to major cyber[1] crime.
[1] "cyber" feels so old to me. Neuromancer was written in 1984.
Agreed. People have drawn the connection between web defacement and graffiti before, but I've always thought the web defacers should collaborate with underground artists and put some original graffiti art on sites.
The page probably hasn't finished loading am I right? It appears to be loading some javascript from diskusjon.fiskehelse.org but due to the amount of traffic diskusjon.fiskehelse.org is probably getting, well, a tad overwhelmed.
Why is HN hosting a direct link to a page that quite possibly contains driveby malware (as opposed to a statement and a warning next to the link). That is irresponsible.
"Just because we type in all caps and use 'elite' speak doesn't mean we are kids, or we don't own your dumb ass. For everyone who calls us immature kids, it shows one more person has underestimated us. And worse, what does that say about their security? That 'immature kids' were able to bypass their 25,000 dollar firewalls, bypass the security put there by admins with XX years of experience or a XXX degree from some college. Nyah Nyah. [...] The injustice Markoff has committed is criminal. He belongs in a jail rotting instead of Kevin Mitnick. Kevin is no dark side hacker. He is not malicious. He is not a demon. He did not abuse credit cards, distribute the software he found, or deny service to a single machine. Is that so hard to comprehend?" (http://everything2.com/title/Hidden+Message+behind+the+New+Y...)
In 2012 when PYK defaces the Saturday Night Live site, they post "Greetz to oday, BRUT4L & S4VAGE Fuck the Feds, 419 is just a game~~ USER INFO - EXPOSED PASSWORDS - DUMPED".
Is this now the worst they can imagine? Grabbing my Saturday Night Live password?
Bring back the heartfelt screeds and the poets! At least HFG thought what they did was important.
Sheesh, kids these days.