Fuel protestor hacks 168 websites

A hacker has successfully attacked more than a hundred corporate websites to post a message in support of demonstrators protesting against high fuel taxes in the UK.

Herbless, who defaced nine local government web agencies last month and the Legoland.co.uk website last week, yesterday posted the pro-petrol protest on the front pages of 168 corporate websites.

It follows a similar attack earlier this week by a different hacker, who added a message protesting against oil prices to the website of the Organisation of Petroleum Exporting Countries (Opec).

Herbless posted his message on websites as diverse as specsavers.com, jobs.co.uk, itforhire.co.uk, travelfocus.co.uk and brand experts brandimage.co.uk among others.

The message has since been removed from the majority of the affected websites, but could still be seen at bobbybrowns.co.uk as of 4pm (BST) Thursday.

The text of the message claimed that 72 per cent of the price of petrol in the UK is tax, that production costs are one of the cheapest in Europe, and retail pricing the most expensive in Europe.

Herbless explained that: "This web page has been hacked as a public protest against government greed. I urge you to help the protest using any non-violent, non-abusive means possible."

His message ended by exhorting the public to support those on the picket lines. "If you live near a picket line, go and give your support. Applaud the lorry drivers. Make cups of tea and sandwiches for the picketers. Write to your MP pledging your support," wrote Herbless.

The hack appears to have used the same method deployed to post anti-smoking messages on the websites of a number of local government and government agency websites last month and a rant supporting DVD cracking software on the Legoland.co.uk website last week.

"I can confirm it uses the same method," Paul Rogers, network security analyst at MIS Corporate Defence Solutions, told vnunet.com.

When SQL server is set up there is a simple default password for the SQL administrator. Unless the system is being used on a trusted network, which the company owns entirely, Microsoft recommends this password be changed. In an unchanged configuration hacks can take place.

"We think he [Herbless] has performed a mass scan over a large range of sites checking for the MS SQL admin port, flagging insecure websites to be used in a masses hack. The hack itself was noticeable for the sheer number of websites involved," said Rogers.

Microsoft has said that the vulnerability exploited was a result of administrators not following basic instructions on configuring the software, rather than an intrinsic problem with its SQL server product.