The brazilian crew TechTeam defaced 10 Government web sites today, 5 belonging to Openworld and 5 subdomains belonging to The Library of Congress. The index pages remain defaced as of 13:00 GMT January 03 (they have been since 03:00), and it reads “TechTeaM Haxoring” “bush we go to play ;P” but the defacers also left their email addresses. Netcraft shows an Unknown OS with a webserver “Web”, it’s probably the same AIX that was used months ago (AIX Web 31-May-2003) which is now behind a firewall, and “Web” is probably the apache webserver with a fake banner. We don’t really know how they got into the box, but we can see that the Openworld website uses an unpatched phpBB forum at http://www.openworld.gov/phpBB2/ maybe they decrypted the md5 hash of an admin password using a vulnerability in this forum version and that this password was the same as an ssh account or another program, this is just a suspicion. Full Story