Security Company Hacked!

If you were a hacker, your greatest achievement would surely be hacking a security company, exactly the one that should block your malicious attempts. This is exactly what happened a few days ago to F-Secure, one of the top security companies in the world, which got its forum hacked after a Turkish group discovered an unpatched flaw. The hackers didn't harm any piece of the forum content. They only modified the main page appearing to all the visitors. "Hacked by Turkish Nationalist and Republican Hacker Group", it was mentioned on the hacked page. "We are patriot, Turkish Nationalist and republican hacker group."

"Quite embarrassing. So how did this happen? The server itself is quite well hardened, but the web forum software had an unannounced security patch silently released by the vendor nine days ago. The defacement gang learned of the vulnerability and went through the net searching for vulnerable forums and changed the front page of such forums to their 'greeting' ", it is mentioned in a post published on the F-Secure blog.

It seems like the vulnerability was caused by an unpatched flaw, which has been discovered on many other forums based on Snitz Forums 2000. Some of the hackers searched the web for vulnerable forums and once they found the one belonging to F-Secure, they quickly launched their attacks over it.

"While the main forum itself was patched it was the private messaging module that made the defacement possible. (Exploit code for this vulnerability is publically available.) We have now patched that too, and have checked through all other extensions to ensure that they are okay, and as said, the server is up and running again. No information was disclosed, the guy defaced the page and moved on not to be seen again. Typical of a Turkish defacement gang�", the F-Secure officials wrote after the forum had been restored.