Nov 21 2007

Cyber Hissy-Fit

Published by at 6:39 pm under US attacks

In an article posted today (21 Nov 07) on cnhacker.com, a Chinese hacker going by the pseudonym“Name81″ apparently had an online breakdown after suffering Taiwanese Independence Syndrome. The combination of Chen Suibian’s moves to join the UN and US arms sales to Taiwan caused him to hack 32 websites in the United States. Here is his blog site:

name81.JPG

No mention as to which websites were hacked but he did have a nice little anti-US rant on his blog.

UPDATE: Kept looking a little more and these seem to be the sites he claims to have hacked

UPDATE: All hacks have the same IP address 209.225.105.101 and location Racine Wisconsin.

http://www.avantiadvanced.com/name81.htm

http://www.beardsleyflagpole.com/name81.htm

http://www.carlsonracineroofing.com/name81.htm

http://www.century21racine.com/name81.htm

http://www.colerget.com/name81.htm

http://www.dickowcyzak.com/name81.htm

http://www.excelprintingservices.com/name81.htm

http://www.gardtecinc.com/name81.htm

http://www.guardtec.net/name81.htm

http://www.heinrichco.com/name81.htm

http://www.hetlandmultimedia.com/name81.htm

http://www.jensendealers.com/name81.htm

http://www.jensendealers.com/name81.htm

http://www.jensenmetal.com/name81.htm

http://www.lahigroup.com/name81.htm

http://www.lhsar.org/name81.htm

http://www.lunarplates.com/name81.htm

http://www.marinitool.com/name81.htm

http://www.nbs-inc.net/name81.htm

http://www.racinechurch.org/name81.htm

http://www.racinerailroad.com/name81.htm

http://www.realestateracine.com/name81.htm

http://www.riverbendracine.org/name81.htm

http://www.rch-com.com/Name81.htm

http://www.recycleclear.com/name81.htm

http://www.sonnenbergconsultants.com/name81.htm

http://www.specialtyfinishing.net/name81.htm

http://www.strongholdindustries.com/name81.htm

http://www.springdentalgroup.com/name81.htm

http://www.trcob.com/name81.htm

http://www.trinityracine.com/name81.htm

http://www.wchkenosha.org/name81.htm<br>

13 responses so far

13 Responses to “Cyber Hissy-Fit”

  1. jumperon 22 Nov 2007 at 10:59 am

    This is one virtual host server. He found a vulnerability in c-panel, php or something else and had access to all of the sites hosted on that server. Not the hack of the year but his comments are amusing.

    If you don’t stop selling arms to Taiwan, I’ll keep hacking springdentalgroup.com! Feel my anger coursing through teh interwebs!

  2. jumperon 22 Nov 2007 at 11:53 am

    The server runs IIS so it probably wasn’t the typical c-panel exploit. Probably a dictionary attack. FTP is exposed on the server.

  3. heikeon 22 Nov 2007 at 1:06 pm

    Jumper,

    How did you locate the hacked web pages? I was trying to find them for a long time and had zero luck. Try not to make me look too bad with the answer. :)

  4. jumperon 22 Nov 2007 at 9:49 pm

    I’m not sure what you mean by locating the hacked web pages. They were linked on name81′s blog. http://hi.baidu.com/name81/blog/item/6ccd0c1e2a56a2f71bd57605.html

    I took some of the names, ran it through centralops.net and figured out it was a virtual host. Centralops also has a service scan tool that shows the banner from ftp, smtp, http, pop3 and imap4.

    I’m pretty sure he hacked these sites by running a dictionary tool like the one in the video on your blog. I’d like to know for sure though. Maybe I can get in touch with the web host since they obviously don’t know that their server was compromised.

  5. heikeon 23 Nov 2007 at 12:55 am

    Ouch! Yeah, missed the links on his blog somehow, beer, whiskey, sun in my eyes, earthquake… One of the reasons I kept going back to the site was that they seemed too geo-oriented. Why would a Chinese hacker hit multiple sites in Wisconsin? Besides upsetting the good people in a church and dentist office it didn’t seem to make sense. Then I checked a little more and it was all one server, so I kinda thought what you confirmed, that he had an inside to only that one server. God, I wish I had your computer skills!

  6. jumperon 23 Nov 2007 at 11:20 am

    I would happily trade my computer skills for your language skills.

  7. jumperon 03 Dec 2007 at 10:56 am

    FYI: These defaced pages are still up there. I informed the web host but they never got back to me or checked into it apparently.

  8. Heikeon 03 Dec 2007 at 10:50 pm

    Jumper,

    Yeah, I have had the exact same experience. Written to a couple of these hacked sites to inform them and received absolutely nothing back.

  9. jumperon 31 Dec 2007 at 9:33 pm

    These pages are still up.

  10. [...] November 21st, we reported on a Chinese hacker who attacked 31 websites in Racine Wisconsin, to protest US arms sales to [...]

  11. jumperon 05 Feb 2008 at 7:35 pm

    Looks like the Racine Rapid Response team fixed the web pages. Now they are free to sell dog bones to Taiwan again. That’s a relief.

  12. jacksmithon 12 Feb 2008 at 6:45 pm

    Rapid response Team ! LOL !

  13. Heikeon 12 Feb 2008 at 10:57 pm

    Jack,

    Jumper has a knack for using the fewest words to sum up a situation of any person I have ever known. God love him!