The brazilian crew TechTeam defaced 10 Government web sites today, 5 belonging to Openworld and 5 subdomains belonging to The Library of Congress. The index pages remain defaced as of 13:00 GMT January 03 (they have been since 03:00), and it reads “TechTeaM Haxoring” “bush we go to play ;P” but the defacers also left their email addresses. Netcraft shows an Unknown OS with a webserver “Web”, it’s probably the same AIX that was used months ago (AIX Web 31-May-2003) which is now behind a firewall, and “Web” is probably the apache webserver with a fake banner. We don’t really know how they got into the box, but we can see that the Openworld website uses an unpatched phpBB forum at http://www.openworld.gov/phpBB2/ maybe they decrypted the md5 hash of an admin password using a vulnerability in this forum version and that this password was the same as an ssh account or another program, this is just a suspicion. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.