August 21, 2006 6:40 PM PDT

Kevin Mitnick Web site hacked

Instead of the usual description of Kevin Mitnick, his consulting services and books, the famed hacker's Web site on Sunday displayed a vulgar message.

Online vandals, apparently operating from Pakistan, broke into the computer hosting Mitnick's Web site on Sunday and replaced his front page with one of their own. As a result, four Web addresses belonging to Mitnick, including KevinMitnick.com and MitnickSecurity.com, displayed an explicit message on Mitnick and hacking.

"The Web hosting provider that hosts my sites was hacked," Mitnick told CNET News.com in an interview Monday. "Fortunately, I don't keep any confidential data on my Web site, so it wasn't that serious. Of course, it is embarrassing to be defaced--nobody likes it."

Mitnick's name is synonymous with "notorious hacker" for many. He was caught by the FBI in 1995 after a well-publicized pursuit and spent five years behind bars for wire and computer fraud. Today, he is a consultant, has written two books, and spends much of his time on the road at speaking engagements.

Mitnick heard out about the defacement on Sunday afternoon, shortly after the initial compromise, he said. The attackers gained complete control over the server that hosts his site as well as others at hosting provider Hostedhere, Mitnick said. It is common that hosting companies store multiple customers' Web sites on one server.

"The attackers from Pakistan took over that whole box. There were a whole bunch of customers, including myself, but my site was the only one defaced, so I was probably the target," Mitnick said. The server was taken offline to be reinstalled, Mitnick said. The Web site was still offline as of late Monday afternoon Pacific Time.

Web site defacements still occur, but they have become less high profile in recent years as financially motivated threats take the spotlight.

The message placed on Mitnick's Web site started with: "ZMOG!! THE MITNICK GOTZ OWNED!!" and continues with expletives and a picture of Mitnick with some modifications. Security Web site Zone-H first reported the hack on Monday and has screenshots of the replaced Web pages.

Defacing Web sites is akin to graffiti in the brick-and-mortar world. "It is kind of stupid; they do it for the attention," Mitnick said. "When I was a hacker, I never stooped to defacing sites because that was more like vandalism; that wasn't any fun. It is more about getting in and being stealth and looking around and exploring."

So far, Mitnick doesn't know how the server containing his Web site was compromised. He plans to investigate that at a later time. It could be that a security flaw on one of the other Web sites that was hosted on the same server gave the attackers a way into Mitnick's portion of the machine, he said.

"When you're with Web hosting companies, your security is as good as theirs. You just have to live with that," Mitnick said. "When you want to raise the bar, you have to set it up yourself. I don't have the time to maintain a Web site."

Hostedhere, Mitnick's hosting provider located in Greenville, S.C., did not immediately respond to an e-mail seeking comment.

"They do a good job. I don't think they're insecure," Mitnick said, adding that he would switch Web hosting providers only if his site gets hacked continuously.

This isn't the first time that a Mitnick Web site has been defaced. Three years ago, a site set up by Mitnick's supporters was repeatedly hacked. Mitnick did not operate those sites. He was not allowed to use computers at that time as part of the terms of his supervised release from prison, he said.

See more CNET content tagged:
Kevin Mitnick, Web hosting company, hosting company, Web hosting, Pakistan

23 comments

Join the conversation!
Add your comment
My Name Is Earl
...is a sitcom about "karma".

pretty funny too.
Posted by Sparky672 (244 comments )
Reply Link Flag
Payback's a bitch
This will keep me smiling all day :-)
Posted by (409 comments )
Link Flag
Here we go again
Despite all the myths, Mitnick was not a hacker.
Posted by Jackson Cracker (272 comments )
Reply Link Flag
Hacking
Social engineering is a form of hacking.

He did exploit software vulnerabilities as well.
Posted by 8ball629 (80 comments )
Link Flag
Hahahha
This is just getting here now? I remember someone posting it on a IRC channel I go to a day or two ago.
Posted by RoboStone (13 comments )
Reply Link Flag
Hahahha
This is just getting here now? I remember someone posting it on a IRC channel I go to a day or two ago.
Posted by RoboStone (13 comments )
Reply Link Flag
Favorite Quote
"There's always a bigger fish" If you know where they quote comes from you probably live in a basement somewhere collecting pictures of Sarah Michelle Gellar....<insert evil smile here>
Posted by thedreaming (573 comments )
Reply Link Flag
Useless
Useless to do.. perhaps promotional stunt from himself :)
Posted by rxbbx (2 comments )
Reply Link Flag
Or not.

Forget for a minute that defacing a website is pretty juvenile, being able to go onto Enet and say "I defaced the great Kevin Mitnick's website. He's supposed to be this security expert and I got through" could get script kiddies a decent amount of notoriety... Especially if they got in through a hole in another website's security...
Posted by W3bWarl0cK (2 comments )
Link Flag
Nice Try At Spin Kevin
Fact is, someone defacing a so-called security expert's websites is rather pointed and significant. What's even more significant is Kevin uses frontpage extensions ... talk about using insecure technology.

Oh well, charge away Kevin! Hoover those gullible fear dollars.
Posted by crescentdave (123 comments )
Reply Link Flag
Try reading as a hobby
There were no front page extension involved in this defacement. That was years ago when Defensive Thinking was defaced while sitting on a Windows host. He wasn't even able to use computer then and some supporters had set up the site with misconfigured frontpage extensions on a shared host.
Posted by Ken Reader (2 comments )
Link Flag
Try reading as a hobby
There were no front page extension involved in this defacement. That was years ago when Defensive Thinking was defaced while sitting on a Windows host. He wasn't even able to use computer then and some supporters had set up the site with misconfigured frontpage extensions on a shared host.
Posted by Ken Reader (2 comments )
Link Flag
Hackers are prone to attacks too!
What is it about a hacker that many people think makes them immune to attacks?

It only goes to show that even hackers can be hacked.

Kevin is just as human as you and I... even though he's much more aware of hacking than many, one slip up, one miss, one guard let down and even hackers can be hacked.

Bottom Line: He's human and there is no such thing as an totally unhackable system! Combined they only create a double-weakness!

Walt
Posted by wbenton (522 comments )
Reply Link Flag
Hackers are prone to attacks too!
kevin didn't get hacked.. his hosting provider did.. get your story str8
Posted by kFuQ (4 comments )
Link Flag
Regardless of who gets hacked, nobody will ever be 100% secure. The fact remains that technology is always changing, closing old security holes only to open new ones that diligent crackers will find and exploit.

For all of you guys who would like a little education into IT Security and insight into how the minds of black-hat hackers work, I recommend you get a copy of Hacking for Dummies...
Posted by W3bWarl0cK (2 comments )
Link Flag
Stupid
What was the point? A wast of time.
Posted by intel17 (2 comments )
Reply Link Flag
Stupid
What was the point? A waste of time.
Posted by intel17 (2 comments )
Reply Link Flag
I think the point is, no one is infallible, self styled security experts can still get caught out by the bad guy's, if your going to host a company that offers security solutions, then shouldn't you stay current with the security trends and know what is exploitable and what is not?
Posted by deepthawt (3 comments )
Link Flag
The biggest problem that I can see on the internet, is their are thousands and thousands of site's that just do not keep up to date with the security news. Mostly because the people that manage or administrate these sites are just to bone idle or lazy to be bothered to upgrade to the latest secure version of the software.

Needless to say with such weak security being demonstrated by sites across the globe connected 24/7 to an online environment filled with Script Kiddies and hardened criminal hackers.

Where do people seriously think all the Spam & Virus problems are coming from?

It's coming from their own servers because they're too lazy to do something about it beforehand!
Posted by deepthawt (3 comments )
Reply Link Flag
How meny site's allow remote access to their mainframes via SSH? And then in contrast how meny of those site administrators then bother to set root login = no?

We're talking good security practices here, its not rocket science, the only people that should be allowed remote access, into machines should be people that have sat through a security briefing about why they will be given passwords that look: LiK3th15ssHd not passwords that: looklikethis

People just ignore good security practices and then worry about them after they find a breach, that is just unacceptable, because once you have hackers in, you may find its very hard to get the hackers out!
Posted by deepthawt (3 comments )
Reply Link Flag
As a professional penetration tester, the well respected international firm I worked with hosted our OWN web server. We never considered anything else. Why would we? We had the skill to do it and do it well.
Posted by skullaria-2009 (16 comments )
Reply Link Flag
sorry I'm just an admirer of Kevin Mitnick long look and want to sit with him but the name of a legendary it was difficult to trace his footsteps in what could be one of his students.
I hope I'm posting what I said was he could see and read it. I believe that one day the legend will reveal itself again.
Posted by naparin (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.