Hackers flame grill Burger King website

Burger King's UK website was flamed grilled by hackers twice today when its front page was replaced with a parody version of McDonald's site.

Although the site has now been taken offline, mirrors of the defacements kept at attrition.org hold valuable evidence which can be used to track the intruders.

The burgerking.co.uk site runs on Windows NT 4 and Microsoft's Internet Information Server (IIS), suggesting that this hack could be the latest in a fast growing list of NT servers being compromised, often through known vulnerabilities.

But the hacking group claiming responsibility for the defacement, Dreamscape2K, may have left evidence which could be used to track them down. The first defacement was actually hosted on the website dreamscape2k.net and just linked to burgerking.co.uk.

The site appears to be the hackers' homepage, containing links and downloads to Trojan horses and hacking resources, and offering contact details for the individuals claiming responsibility for the hack, Redsand and Dreamsdealer.

The site is hosted by and registered with a UK company, EasySpace.com, and the domain holder is a Jack Ruiz, based in Texas. If this man is connected with the hacking group, then they have left a very easy trail to follow.

Black ID, the Glasgow-based design agency responsible for the creation of the Burger King site, assured vnunet.com that it would be following this avenue of investigation.

Ross Cairns, strategy director for Black ID, confirmed that the company was responsible for maintaining the site "to a certain degree", although the actual hosting is outsourced to another company. He declined to name the company "until it had the opportunity to correct the damage done to the site and put a legitimate and secure version up".

He added that he would be grilling the company over its installation of the latest patches to guard against known exploits.

Mark Reed, a network security analyst at MIS, suggested that the burgerking.co.uk DNS server may have been hacked, and that the URL redirected to the defacement page housed on the dreamscape2k.net server.

Vulnerabilities in Bind, the operating system used by DNS servers, have made major headlines over the past few weeks, including a much publicised hit on the Nintendo site.

Reed said that because the Burger King site was running on NT and IIS, there was a strong possibility that the hack could have been carried out using a known exploit, almost as easily as saying "you want fries with that?".