Yesterday, at about 2pm CST, someone decided to hack into the site and replace the homepage with his weak little hacker tag.
After doing some investigation, it looks like he’s an Albanian student living in Staten Island and going to CUNY-Staten Island. He executed his attack script from a block of IPs owned by that school. His script resided on a server apparently owned by unifiednames.com (by way of atjeu.com, who were very helpful). I have yet to hear from unifiednames.com, but soon after I sent an email to them, the hackers site, which contained the script and all of his braggings about sites that he’s defaced, disappeared from their server. I’ve got cached copies which I may eventually post.
I’ve fixed the minimal damage done by the hacker and taken several steps to ensure that he can’t get in that way again. I sent an email to CUNY-Staten Island and the high-tech crime unit of APD. I’m also going to send one to the local FBI field office. In addition, I’ve already contacted one of his previous victims and may contact others. I doubt law enforcement will do much, but getting him kicked out of school might be a good goal.
Update (03.08.2002 8pm):
I stand corrected on the law enforcement comment. I heard from the Director of Public Safety at CUNY-SI today. They have apparently contacted the NYPD. I’ve forwarded all of the information that I have to him. This incident may actually produce some justice after all. I’m even more motivated to get in touch with other victims now and may post something to the phpNuke site to see if I can get other people to come forward. I’ve already tried to contact someone at NC-PCOS. They also use phpNuke and mention that they were hacked on 12.06.2001. This person is a real winner hacking a site for health support group.
Update (04.01.2002):
I received a call a couple of weeks ago from the Director of Public Safety at CUNY-SI. He informed me that they forwarded my information to the SI DA’s office and they would decide if they wanted to prosecute based on the evidence. If they pass on the case, CUNY-SI itself will decide on disciplinary action, which could be anything from a warning to dismissal. I have yet to hear whether or not the DA’s office will take the case or what the university has decided to do. I expect that the DA will pass and it will be up to the university. I hope to hear something soon.