Microsoft, HSBC, Sony, Coca-Cola(...) New Zealand hacked - UPDATED

21/04/2009 Written by Marcelo Almeida and Kevin Fernandez

Earlier today some Turkish defacers broke into the New Zealand based registrar Domainz.net (which belongs to MelbourneIT) and redirected some of their customers’ high profile web sites to a third party server with a defaced page. Companies which had their New Zealand web sites defaced include Microsoft, HSBC, Coca-Cola, F-secure, Bitdefender, Sony and Xerox.

Read more…

The hacked websites carried the messages: “Hacked by Peace Crew” ‚“STOP THE WAR ISRAEL”. In addition the crackers inserted a picture of Bill Gates creampie’d on the Microsoft defacements.

It is interesting to note that the attacker going by the handle of “agd_scorp”, a member of Peace Crew, hacked a big amount of MSN and microsoft.* web sites in the past (Microsoft Canada, Morocco, Tunisia, Austria, Ireland… MSN Israel, Korea, Spain, Denmark, China, Norway…).

This time they exploited a simple SQL Injection vulnerability to hack the administration panel of the registrar, where they modified the DNS records of the domains. Again, it is quite scary to see how a so big company can get hacked because of a famous programming vulnerability.

Registrars have been one of the main aims during the past months as they are often the weakest link and an easy target for attackers who want to hijack high profile web sites.

Here is the list of the defaced sites with their mirrors:

Time	Attacker	H	M	R	Domain	OS	View
2009/04/21	Agd_Scorp	H	M		www.hsbc.co.nz	Linux	mirror
2009/04/21	Thehacker	H	M		www.linux.co.nz	Linux	mirror
2009/04/21	Thehacker	H	M		www.sony.co.nz	Linux	mirror
2009/04/21	Agd_Scorp	H	M		coca-cola.co.nz	Linux	mirror
2009/04/21	Thehacker	H	M		www.xerox.co.nz	Linux	mirror
2009/04/21	rx5	H	M		www.fanta.co.nz	Linux	mirror
2009/04/21	rx5	H	M		www.f-secure.co.nz	Linux	mirror
2009/04/21	Thehacker	H	M		www.windowslive.co.nz	Linux	mirror
2009/04/21	rx5	H	M		www.bitdefender.co.nz	Linux	mirror
2009/04/21	Agd_Scorp	H	M		www.msn.co.nz	Linux	mirror
2009/04/21	Agd_Scorp	H	M	R	www.microsoft.co.nz	Linux	mirror
2009/04/21	Agd_Scorp	H	M		hotmail.co.nz	Linux	mirror
2009/04/21	rx5	H			www.live.co.nz	Linux	mirror
2009/04/21	Agd_Scorp	H	M		www.msn.org.nz	Linux	mirror
2009/04/21	Agd_Scorp	H	M		www.msdn.co.nz	Linux	mirror

UPDATE:
Peace Crew attacked the NIC from Puerto Rico. And once again, they gained access to the administration panel using an SQL Injection flaw.

Time	Attacker	H	M	R	Domain	OS	View
2009/04/26	BLaSTER	H	M		live.com.pr	Linux	mirror
2009/04/26	BLaSTER	H	M		translate.google.com.pr	Linux	mirror
2009/04/26	rx5	H	M		nokia.pr	Linux	mirror
2009/04/26	rx5	H	M		dell.com.pr	Linux	mirror
2009/04/26	rx5	H	M		hsbc.com.pr	Linux	mirror
2009/04/26	rx5	H	M		pcworld.com.pr	Linux	mirror
2009/04/26	rx5	H	M		www.coca-cola.com.pr	Linux	mirror
2009/04/26	rx5	H	M		nike.com.pr	Linux	mirror
2009/04/26	rx5	H	M		nike.pr	Linux	mirror
2009/04/26	rx5	H	M		norton.com.pr	Linux	mirror
2009/04/26	rx5	H	M		www.norton.pr	Linux	mirror
2009/04/26	rx5	H	M		www.paypal.com.pr	Linux	mirror
2009/04/26	rx5	H	M		www.fanta.net.pr	Linux	mirror
2009/04/26	rx5	H	M		www.fanta.com.pr	Linux	mirror
2009/04/26	rx5	H	M		www.coca-cola.pr	Linux	mirror
2009/04/26	Thehacker	H	M		www.yahoo.com.pr	Linux	mirror
2009/04/26	Thehacker	H	M		adwords.google.com.pr	Linux	mirror
2009/04/26	Thehacker	H	M		images.google.com.pr	Linux	mirror
2009/04/26	Thehacker	H	M		groups.google.com.pr	Linux	mirror
2009/04/26	TheHacker	H	M		www.google.pr	Linux	mirror
2009/04/26	Agd_Scorp	H	M		msn.pr	Linux	mirror
2009/04/26	Agd_Scorp	H	M		adsense.google.com.pr	Linux	mirror
2009/04/26	Agd_Scorp	H	M		hotmail.com.pr	Linux	mirror
2009/04/26	Agd_Scorp	H	M		microsoft.com.pr	Linux	mirror
2009/04/26	Agd_Scorp	H	M		news.google.com.pr	Linux	mirror
2009/04/26	Agd_Scorp	H	M		www.gmail.pr	Linux	mirror
2009/04/26	Agd_Scorp	H			www.google.com.pr	Linux	mirror