Microsoft NZ hacked (Updated)
The domain www.msn.co.nz has been hacked and defaced today by a “Peace Crew” (formerly “Terrorist Crew”) who carried out a similar attack on Nato and US military websites in January this year.
The site now reads “Microsoft New Zealand hacked by Peace Crew” and underneath a picture of Bill Gates with a cream pie all over his face are the words “Aaaare youuuu Hackeeeed !!”.
Following is a list of the hackers taking credit, the words “unuttuklarimiz forgive you” in Turkish, “Stop The War Israel” in English, and two hacker website domains.
The primary hacker is known as Agd_Scorp, who is believed to be Turkish, with hackers rx5 and Cr@zy_King.
The group has hacked Israeli websites in the past,and is responsible for defacing “numerous high profile websites belonging to the likes of Harvard University, Microsoft, ESET, the NBA, and other world-renowned companies including, but not being limited to, Shell, Mercedes Benz, Subaru, Fiat, Pirelli, Goodyear, Chevrolet, Alfa Romeo, Mitsubishi, and Peugeot,” Softpedia reports.
Microsoft chief technology officer Brett Roberts says “I don’t know what’s going on at the moment – the security guys are looking into it, so the MSN ops guys in the US are on to it now. It was fine this morning so I’m guessing it’s happened in the last hour or two. I think at the moment they’re looking at fixing the issue rather than worrying about who did it, so really that’s all I know about it.”
MSN country manager head Liz Fraser says “We are aware that some MSN New Zealand users are being served with a foreign image when visiting www.msn.co.nz today. The cause of this discrepancy has been identified and we are currently working with our Microsoft technology and security teams in the US to resolve the matter as quickly as possible today. We apologise for any inconvenience this may have caused.”
MSN New Zealand is run as a 50/50 partnership between Microsoft Corp and PBL in Australia.
(5pm Update) It appears that the hackers exploited a "simple SQL Injection vulnerability to hack the administration panel of the registrar" according to Zone-H, and did not just target msn.co.nz but rather a number of high profile sites, including Microsoft's Hotmail and Windows Live, HSBC, Coca-Cola, F-secure, Bitdefender, Sony and Xerox, reports ZDNet Australia.