A Hacky Christmas Surprise From ‘Owned & Exposed’

Anonymous Operation has been hogging the headlines with its blocking of anti-WikiLeaks websites but on Christmas Day six web sites were reminded that there are other vigilante groups on the scene.

Organisers of the Exploit Database (exploit-db) website found a new entry in their Papers section on Christmas morning. Alongside an article on Bypassing A Cisco IOS Firewall, a new white paper had appeared entitled “[EZINE] Owned and Exposed – ISSUE no 2”.

Ninjas Wage Private War On Enemies Of The Web

The e-zine was published by a group calling  itself the Happy Ninjas that has set itself up as guardians of the Internet. The Ninjas wrote that they have compromised six sites belonging to amateur hackers (script kiddies) and security experts hosting insecure websites.

“These idiots spread garbage across our scene and that is why they got owned. We take pride in what is left of the scene and we have serious problems with those who rape it,” the group wrote.

One of the holiday targets was a carding site. The team of credit card fraudsters have been targeted bythe Ninjas before and had their carders.cc site disabled and their database of stolen card numbers published, so that card owners could be told, but they managed to repair the damage.

In the first edition of the e-zine, the hackers, who see themselves as professionals, swore that carders.cc would never come back so a second attack was organised. This also succeeded and O&E said “maybe this time they will get the hint”.

The carders site is still down but, according to a message in German on their site, they do not know how they were hacked but they are determined to recover and start their operation again.

For another German site, Free-hack.com, the attack on them seems to have been the last straw and it sounds as though the site is closing. Other sites attacked by the Happy Ninjas comprise inj3ct0r, ettercap, exploit-db and backtrack-linux.org. The inj3ct0r site was hacked down for trying to claim credit for the Ninjas wxploits.

Retaliatory attacks are unlikely as the Happy Ninjas do not appear to have a website.

Exploit Database has taken the exploit with good humour and has kept the e-zine on its site. In a blog about the hack, the writer Admin wrote: “There’s nothing like having your butt kicked Christmas morning, which is exactly what happened to us today. We were owned and exposed, in true fashion.”

Chester Wisniewski, a senior security advisor at Sophos Canada, has analysed the information supplied in the Owned and Exposed e-zine. His conclusion is that all of the sites were hit because of small errors in basic security fundamentals which, when pieced together , add up to an exploitable chink in the armour.

More specifically, he points to the administrator of backtrack-linux, who happens to also manage exploit-db: “Next time you are struggling with database and file system permissions and are tempted to use the admin account ‘just for now’, remember this story and hopefully next Christmas morning you won’t unwrap any unwanted surprises.”