The Land Transportation Office Philippines (LTO.gov.ph) gets hacked by a Turkish hacker named iSKORPiTX.
(image courtesy of technogra.ph)
As of 8AM this morning, November 21, 2007, the Iskorpitx website hack message was still displayed.
Iskorpitx is notorious for hacking the most websites simultaneously.
Thought to be a 45-year-old Turkish man, Iskorpitx successfully hacked at least 21,549 sites at once (a tally is still being made-expect the final count to be much higher), defacing pages on all of them. His signature included a Turkish flag, his handle and country of origin, and several repetitions of the “f-word” next to the names of France, Greece, and Armanian - SecurityProNews
According to Stokia.com:
…the mass defacement appears to be related in some way to sites registered or hosted through godaddy or secureserver.net.
zone-h.org has text file that contains a list of the defaced sites at http://www.zone-h.org/defaced/list.txt. We have done a whois search on about 30 sites in the list. All show godaddy as the registrar.
The hack seems to have been done through a asp script that is automatically installed on all hosting customers accounts on these particular servers.
The mass defacement was placed in a sub directory on each site. /ssfm/isko.htm
At this time, I’m trying to reach LTO to inform them about the situation. I’ll keep you updated.
November 21st, 2007 at 5:42 am
[...] Jozzua.com has more info on the Turkish hacker iSKORPiTX: Thought to be a 45-year-old Turkish man, Iskorpitx successfully hacked at least 21,549 sites at once (a tally is still being made-expect the final count to be much higher), defacing pages on all of them. His signature included a Turkish flag, his handle and country of origin, and several repetitions of the “f-word” next to the names of France, Greece, and Armanian Filed under News by Technographist Permalink • Print • Email • Comment [...]
November 21st, 2007 at 5:43 am
Careful, dude. You know what this government does to whistleblowers.
November 21st, 2007 at 5:46 am
LOL. Nice one Mike.
November 21st, 2007 at 10:59 am
Whoa. Scary.
Scarier than google bomb. Ha-ha!
November 21st, 2007 at 7:03 pm
Eeew! Real Scary! Hope he simply overlooks small time websites like mine which doesn’t even appear in traffic rank of Alexa! :)..Glad i didn’t get Godaddy as host!
November 21st, 2007 at 10:05 pm
saw this around 4am.. obvious na walang magawa sa shift hehehe… as of now mukhang back to normal na ulit..
# Mike Abundo on November 21st, 2007 5:43 am
Careful, dude. You know what this government does to whistleblowers. — no wonder wala nang silbato mga pulis ngayon =)
November 22nd, 2007 at 11:34 am
Just an update, Ms. Google errr Ms. Apolo got in touch someone from government and informed them of what happened. Seems they have resolved it.
Peach, GoDaddy came out with a statement that this was a Windows server vulnerability, and they have addressed the situation.
November 23rd, 2007 at 9:39 pm
was this turkish hacker ever caught or penalized for the defacement?
November 24th, 2007 at 6:02 am
No, Arpee, I don’t think he was ever caught.