Burger King's UK website was flamed grilled by hackers twice today when its front page was replaced with a parody version of McDonald's site.
vnunet.com, 02 Mar 2001
Burger King's UK website was flamed grilled by hackers twice today when its front page was replaced with a parody version of McDonald's site.
Although the site has now been taken offline, mirrors of the defacements kept at attrition.org hold valuable evidence which can be used to track the intruders.
The burgerking.co.uk site runs on Windows NT 4 and Microsoft's Internet Information Server (IIS), suggesting that this hack could be the latest in a fast growing list of NT servers being compromised, often through known vulnerabilities.
But the hacking group claiming responsibility for the defacement, Dreamscape2K, may have left evidence which could be used to track them down. The first defacement was actually hosted on the website dreamscape2k.net and just linked to burgerking.co.uk.
The site appears to be the hackers' homepage, containing links and downloads to Trojan horses and hacking resources, and offering contact details for the individuals claiming responsibility for the hack, Redsand and Dreamsdealer.
The site is hosted by and registered with a UK company, EasySpace.com, and the domain holder is a Jack Ruiz, based in Texas. If this man is connected with the hacking group, then they have left a very easy trail to follow.
Black ID, the Glasgow-based design agency responsible for the creation of the Burger King site, assured vnunet.com that it would be following this avenue of investigation.
Ross Cairns, strategy director for Black ID, confirmed that the company was responsible for maintaining the site "to a certain degree", although the actual hosting is outsourced to another company. He declined to name the company "until it had the opportunity to correct the damage done to the site and put a legitimate and secure version up".
He added that he would be grilling the company over its installation of the latest patches to guard against known exploits.
Mark Reed, a network security analyst at MIS, suggested that the burgerking.co.uk DNS server may have been hacked, and that the URL redirected to the defacement page housed on the dreamscape2k.net server.
Vulnerabilities in Bind, the operating system used by DNS servers, have made major headlines over the past few weeks, including a much publicised hit on the Nintendo site.
Reed said that because the Burger King site was running on NT and IIS, there was a strong possibility that the hack could have been carried out using a known exploit, almost as easily as saying "you want fries with that?".
The Burger King UK website got a grilling for the third time this year after hackers served up the latest exploits to deface the site.
Lax IT managers have been blamed for a series of attacks on US ecommerce sites and online banks, thought to have been carried out by hackers connected to the Russian mafia.
IT consultancy Bloor Research admitted that it was hacked last week after its weekly newsletter to IT directors was laced with profanities.
Open Text chief predicts more consolidation in ECM market
We ask the BlackBerry maker's head of security what CIOs...
Do you agree?
Have your say on this article