Mitnick, Kaminsky and others get their websites hacked

Jul 30, 2009 11:06 GMT  ·  By

The websites and servers of reputed security experts and popular online hacking communities have been compromised by a group called ZF0 (Zero for 0wned), which released a big text file containing a wealth of info extracted during the hacks. According to its manifesto, ZF0 opposes full-disclosure practices and thinks that the security industry is failing.

The file left behind by the black hats, called ZF05.txt, which is supposed to signify issue five of the Zero for 0wned zine (magazine), contains attack logs sprinkled with the hackers' comments, as well as personal emails, chats and other data belonging to those compromised.

The hacked security websites include the ones belonging to Kevin Mitnick, Dan Kaminsky, Ralph von der Heyden, Julien Tinnes, as well as darkmindz, elitehackers, hak5, binrev, and blackhat-forums. The group decided to break out the news on the eve of the Black Hat Briefings, one of the biggest security conferences where the industry's elite gathered.

Dan Kaminsky in particular seems to have had it worse, with many of his personal emails and chats with other white hats being exposed. ZF0 claims to have 1.5gb of them dating as far back as 2005. "Dan Kaminsky got owned. Everything. Blackhats have been passing around his personal emails for months. He's only famous because his ego is so bloated that he attacks the world with his pointless ramblings," the group writes.

However, Mitnick did not escape the wrath of the hackers either. "Kevin has become the media rep for the hacker community, something which he has grown further and further apart from ever since his release. […] The fact is that he cannot secure his systems because he does not know how," ZF0 adds.

The ZF05 document is quite large, comprising 29,0000 lines' worth of text, in which the hackers pick on particular individuals and groups, but also the security industry as a whole. Through these attacks, the hackers try to make a point – that everyone is vulnerable, even the people that sell protection.

"Very few whitehats actually go out there and provide a service where they make people more secure. […] Are you genuinely fixing the underlying design and logic flaws that generate security problems for your clients or customers? […] In general, the industry is failing. Flat out failing. You cannot even protect yourselves," the black hats write.

"It's the illusion of invulnerability. I was actually surprised that the other people would keep their email and work data on an internet-facing host. It appeared the boxes were actively used for work," Kevin Mitnick says about the attacks, according to The Register. He is currently in the process of moving his website to another hosting provider.

Dan Kaminsky doesn't seem that affected by the incident either. "Messy, but heh. Walk onto a battlefield, you might get shot," he writes on Twitter. A message left for ZF0 on his website, which is currently inaccessible, reads, "Well played, guys. Could have done without the personal info dump but otherwise lets grab a beer."