On the 15th of April 2003 Defencebills.gov.uk, [google mirror] “An Agency of the U.K. Ministry of Defence” (according to the message that reminds you of this on every single page of their site) was defaced by DkD[||, which begs the obvious question if they can not defend one of their own websites do they really expect to be able to defend the rest of the UK?
DkD[|| has several hundred defacements attributed to his handle, one of the most notable being that of defensivethinking.com reported by Rootsecure.net “how defensivethinking.com got "hacked" for a second time” back in February. Defence Bills is an Agency primarily responsible for paying the bills of defence contractors in the UK issued to it by the Ministry of Defence.
The website is aimed at giving contractors an easy, straight forward way to pay bills and receive payments, with the mission statement “To provide prompt, efficient and reliable services…”. However reliable service, or any service for that matter is not currently available from Defence Bills, since visitors are instead treated to the message “No web site is configured at this address”. Its role as an Agency of the MOD is deemed of such high importance, that it has contingency plans relying on several major British Newspapers, but still it does not seemingly treat the information security of its website with that same degree of importance.
The site was defaced its believed after the virtual server hosting it was compromised by a vulnerability in Microsoft’s IIS, which was widely published roughly a month ago by both Microsoft, and CERT. The exploit used is thought to have been based on proof of concept code featured at securiteam.com. Since it was a virtual server compromised with an exploit giving local system level access, a number of other sites were also defaced including royalparks.gov.uk, and adjudicatorsoffice.gov.uk. However curiously (and perhaps after thought from the defacer) others such as devon-cornwall.police.uk, and cps.gov.uk (Crown Prosecution Service) hosted on the same server were left untouched.
Cybercrime News Archive