Phoenix Lander project website defaced: UPDATED!03/06/2008 Written by minor + vympel
The Phoenix Mars Lander has finally landed on Mars’ surface. The website of the project immediately grabbed attention of thousands of visitors looking for pictures from red planet and also defacers who defaced project’s website on May 31st.
The website hosted by Lunar and Planetary Laboratory of University of Arizona was defaced by sql loverz crew 2008 members. Three defacements were reported by Turkish defacers Cr@zy_King (defacement mirror of fawkes1.lpl.arizona.edu and defacement mirror of phoenix.lpl.arizona.edu ) and by BLaSTER (defacement mirror of fawkes3.lpl.arizona.edu).
Such website was taken down temporarily by the administrators to fix(?) the holes. As spokeswoman of the project Sara Hammond stated: “None of the scientific data was ever at risk.”
It is not the first time, when defacers hit NASA or NASA affiliated website, so it should be already known that posting interesting informations attracts visitors and attackers too, that’s the intrinsic nature of the Web. This time it was “only” defacement, but the next time attackers might decide to go for a less evident hack, infecting it with a trojan, as the latest phishers’ trends are showing .
In the last days many government’s websites and famous companies were defaced by the team ISCN (from Iran) which is exploiting the flaw in DNN (DotNetNuke).
Also some sites from the NASA were defaced by the SSH-2 (Chile) using flaw in remote code execution in PERL. Misconfiguration flaw on these websites was used by IR4DEX, DigitalMind (both from Brazil) and by Mafia Hacking Team (from Iran).