14 DAY TRIAL // The rather successful Romanian self-proclaimed ethical hacking outfit HackersBlog has announced its retirement from the Web vulnerability disclosure scene, invoking the members' lack of spare time. During its short life online, the group has achieved international recognition and has attracted a lot of media attention for publishing SQL vulnerabilities affecting various high-profile websites.
HackersBlog, or United Hackers Blog, as its members stressed in an exclusive interview for Softpedia, went online on October 28, 2008, with the disclosure of a permanent XSS weakness affecting a Romanian website. According to their own account, many of the group's members were former blackhat hackers from various crews who had decided to jump boats and raise awareness of the serious security issues affecting the Web at the moment.
Initially publishing various flaws discovered in popular Romanian websites, the group became internationally known when it disclosed serious SQL injection vulnerabilities affecting the websites of two important anti-virus vendors, Kaspersky Labs and Bitdefender. These bugs allowed unauthorized access to customer private information, but the Bitdefender site eventually proved to belong to the company's partner in Portugal, which administered it independently.
HackersBlog members, in particular a white-hat hacker calling himself "unu," continued publishing similar vulnerabilities in the websites of other AV companies including F-Secure and Symantec, important newspapers such as the International Herald Tribune and The Daily Telegraph, or telecommunications providers like British Telecom and Tiscali. The UK National Lottery or Yahoo! were also on the group's list of companies whose online presence had been compromised.
A final post entitled "This is the end," which has been published today on Hackersblog, makes it clear that the group's activity will not continue. "We are not pulling the plug because of any external factors or of fear. We simply don't have the time and desire to continue. Contrary to many opinions, we do have a private life," the announcement reads.
The outfit expresses its regret that not as many informative security articles and tutorials as it intended have gotten published, but considers that at least it paved the way for others to pick up from where it left off. "If we managed to get in the spotlight all over the world in just 4 months, then for sure others can do [sic.] at least just as successful as we were," "2fingers," one of the admins, writes.
HackersBlog members also extend their gratitude to the international media outlets that reported their actions without bias and accuse the ones, mostly Romanian, that distorted the facts and put them in a bad light suggesting that they were thieves or criminals.
They also warn the users not to trust the statements (Kaspersky, Bitdefender, Symantec, Camelot, British Telecom) released by the affected companies through their PR departments. "[...] The large companies will never admit to the problems they have, no matter how large they are. This is common practice in the business and it serves maintaing [sic.] their public image clean. Don’t swallow the bait. Official notes are only meant to disinform [sic.] and mislead you from the truth about the dangers you were exposed to," their message reads.
For the curious readers, the announcement also includes bits of information about each of the group's members. Their age ranges from 19 to 34 years old, and their studies from only the gymnasium and professional school to university. Some of them are single, while others are engaged or even married. These details are probably included as a response to the individuals who claimed that they were probably just teenagers acting out.
"This being said, we bid you fare well and maybe we can meet again in other circumstances," the group signs off.