I noticed a realty website in my referrals today, so I checked it out to see why they’d be linking here.  Here’s what I found:

http://mcgrewsecurity.com/img/nicetry.png

For those of you who are new here: This is obviously not how I roll.  Not only is it not something I would do (protip: don’t do pentesting for free), but the capitalization is awful.

Our good friend MR^E of the ETA dropped by this earlier in the day also, to leave troll comments and launch a pointless spider/scan against the site (again), so I figured I’d take a look and see what’s going on over at their new site, hackserver.org:

Wow!  MR^E figured it out before I did!  When asked about it by another member, he responded:

Stumbling across it before it even has a chance to get indexed by Google?

I’ll leave the conclusions as an exercise for the reader.

  9 Responses to “Skiddies hacking sites in my name”

  1. Yes, if you hacked the site you wouldn’t leave a calling card. But wait, you know that we know you wouldn’t leave a calling card. And you know that we know that ETA is after you. So then ETA wouldn’t be so obvious in posting the link in their forum. But they know that we know its obvious. But if you know that they know that we know its obvious then…this is the most elaborate hack performed by mcgrew!

    Need to go lie down.

  2. Obviously it was not Wesley, if it was the message would have read:

    ‘J00 h4VE 8eEN H4x0rED L4mEr2, pHJEER MC9rEW 5eCuR17Y!
    :)

  3. I’m a member of ETA, and I would like to say that I don’t think it was Mr^E, these cats took responsibility: http://www.realtyverticals.com/GCDisplay.php?id=2 . It might have been him, I’m just saying, it just doesn’t really seem his style. Also, the sql injection was relatively simple, anyone could have found it.

    • Thanks for the link, Web.Audit that’s a good find. With the SQL injection vuln. listed publicly like that, it doesn’t really even take any skill to go ahead and do defacements. So it could have been them, or anyone else who read that post (or found a really easy SQL injection on their own).

  4. Wesley, keep up the good work. The more of this you see, the more you know you have made an impact. It’s not always pretty, but you obviously got some attention. Getting attention usually means you hit a nerve and that usually means you discovered a truth. You are doing good work, you are doing it with good intentions and you are doing it with integrity. This is a compliment to the impact you have had – there is no changing that.

    No amount of amateur tagging will paint a different picture. You caught a bad guy.

    • Thanks Aaron! Stuff like this doesn’t really bother me. As you said, the fact that I continue to be targeted means something more than the sum of the stuff that happens.

      I just monitor it the best I can, chuckle a bit, and share the more interesting stuff with my readers.

  5. “I just monitor it the best I can, chuckle a bit, and share the more interesting stuff with my readers.”

    I think you meant to say… you will share the more interesting stuff with the FBI…

 Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

   
© 2012 McGrew Security Suffusion theme by Sayontan Sinha