Search warrants executed against Microsoft, Yahoo, Google and others

Jun 1, 2009 10:35 GMT  ·  By

The Department of Defense is currently investigating security breaches on two Web servers belonging to the U.S. Army. The websites hosted on the servers were defaced by an anti-U.S. Turkish hacking collective called m0sted.

According to leaked investigation reports obtained by InformationWeek, the latest incident occurred in January 2009 and involved a server at the Army's McAlester Ammunition Plant in McAlester, Oklahoma. The hackers injected code into the legit website, which redirected visitors to an external page displaying climate change protest messages.

The hackers are believed to have instrumented an SQL injection attack by exploiting a vulnerability in the underlying Microsoft SQL Server database. The forensic investigators, which combine officials from the Department of Defense, the U.S. Army's Judge Advocate General's Office and the U.S. Computer Emergency Response Team (US-CERT), have not yet determined if any other data has been extracted from the sensitive server.

A second server targeted by the same group back in September 2007 was operated by the Army Corps of Engineers. The attack similarly redirected legit visitors to a third-party website, the now-defunct m0sted.com. However, at the time of the incident, this website contained anti-U.S. and anti-Israel messages and images.

Members of the m0sted crew are known as notorious defacers and are credited with pulling a similar stunt on a server belonging to the United Nations in 2007. The official website of Ban Ki-moon, the Secretary-General of the United Nations, was modified to read "Hacked By kerem125 M0sted and Gsy That is CyberProtest Hey Ysrail and Usa dont kill children and other people Peace for ever No war."

The defacement tracking website Zone-h contains numerous entries in its archive credited to m0sted, more specifically "386 of which 188 single ip and 198 mass defacements." There are sixteen attacks registered in May 2009 alone and the targets are companies and institutions such as D-Link, Citroen, LG Electronics, the Coca-Cola Company, Hewlett-Packard, Berkley University, Columbia University or the United Nations System Staff College (UNSSC).

The leaked reports also reveal that attempts to identify the members of this hacking collective resulted in search warrants being executed against various providers of e-mail, hosting and other Internet-based services such as Microsoft, Google or Yahoo.