Cyber-vandal runs riot in pro-Napster spree

Cyber-vandals are voicing support for Napster, the music file sharing service, as part of a campaign to deface websites across the world.

A hacker known as Pimpshiz yesterday hacked a number of sites including the US government's Federal Maritime Commission, US-based Filenet and the Aboriginal People's Television Network.

Pimpshiz also claimed to have defaced one of Nasa's websites - the Innovative Recoverable Spacecraft site.

The defacement on each site slammed the Recording Industry Association of America (RIAA), saying the organisation does not represent music artists but "rich record executives".

"These are the fat cats who make profits from the other 95 per cent of CD sales," it said.

"Also, may I say I applaud the lawsuit brought by 26 states against the big five music labels for CD price fixing and violating antitrust laws. This is a great positive step towards decentralisation of power in these companies," it adds.

However, Pimpshiz admits that he is not a Napster user. "I just saw something wrong and I'm doing what I can to help right it."

Chris McNab, network security analyst at security consultancy MIS, said the hack most likely takes advantage of vulnerability in Microsoft's Internet Information Server (IIS) 4.0.

"It seems the majority of web servers that the hacker known as Pimpshiz has defaced are running Microsoft Windows NT Server with IIS version 4 installed. Many vulnerabilities exist in IIS 4.0 when deployed out of the box, which can be exploited easily by hackers using simple 'point and click' tools in order to deface the website," he said.

"Hacker groups of this genre also include Gforce Pakistan and Brazilian groups such as the Crime boys. We have witnessed an increasing level of defacements being committed against Windows NT servers running vulnerable IIS services. It is important that the latest Microsoft service packs and security hot fixes are installed," he added.

The defacements follow similar attacks on websites last month. Several attacks were made on major corporate sites in the US by pro-Napster activists, although these were claimed to have been conducted by exploiting a weakness in Microsoft's SQL server.