Results 1 to 9 of 9
  1. #1
    Join Date
    Feb 2009
    United States

    ImageShack hacked in oddball security protest

    A hacking group has broken into one of the biggest image hosting websites on the net before uploading its manifesto.

    "Anti-Sec" broke into ImageShack to post a protest over sites that publish full disclosure material on security vulnerabilities, though how the attack furthers this agenda is unclear. The group, which also attacked the websites of last month, pledged to cause further "mayhem and destruction" against supporters of full disclosure, which it argues benefits security firms and cybercrooks at the expense of the wider community.

    Ironically, exploit code associated with Anti-Sec's latest attack was posted on a full disclosure mailing list.

    Anti-Secís proposed program of action calls for "eliminating the security industry in its present form". Security blogs or exploit-related websites who support full-disclosure were warned to brace themselves for attack.

    Security firms were quick to pick apart the group's arguments. Rik Ferguson, a security consultant at Trend Micro, said ( the group fails to acknowledge that full disclosure allows security organisations to "mitigate against attacks before they are exploited in the wild". It also ignores the point that cybercrooks often profit from undisclosed vulnerabilities.

    Ferguson compares the group to the "wacky end of the survivalist movement... heading for the hills with their tins of beans and their AK-47s (and now SQLi [SQL injection - a common website exploit technique])."

    ImageShack, which was hit by the defacement late on Friday, restored its service to normal over the weekend. A screen shot of the defacement, via Mashable, can be found here: ( ģ
    Victor Lugo
    Systems Administrator

  2. #2
    Join Date
    Nov 2002
    Oh, so the images hosted are not effected, so I guess that's good.

    I dont think it really effects the end-users much, they probably just visit the site to load 1-2 images to show friends. Not like a long term thing.

    If the hosted images were effected, then that's a whole nother story.
    All life is an experiment. The more experiments you make the better.

  3. #3
    Join Date
    Feb 2009
    United States
    The images hosted were affected, however, we not affected permanently.
    "The movement however claimed that the attack did not in any way delete or tamper with the photos, they were merely replaced by the image of the movementís manifesto."
    Victor Lugo
    Systems Administrator

  4. #4
    Join Date
    Oct 2008
    Reminds me of the defaced.... anyways I knew imageshack was going to get hacked. I sent them an email one day posting an exploit that would allow me to hack into any album. months later and they still have not done anything about it.
    Leader of the new anti sig spamming club.

  5. #5
    Join Date
    Jul 2009
    In the Datacenter.
    It just makes me wonder what kind of network they are running.

    This happens quite often, but this group seems to have a political agenda rather than simply defacing them.

    They have notified the public of future attacks, it will be interesting to see where they go next.

  6. #6
    Here is the report by hacker
    Date: Sat, 11 Jul 2009 05:15:36 +0300

    __ .__
    _____ _____/ |_|__| ______ ____ ____
    \__ \ / \ __\ | ______ / ___// __ \_/ ___\
    / __ \| | \ | | | /_____/ \___ \\ ___/\ \___
    (____ /___| /__| |__| /____ >\___ >\___ >
    \/ \/ \/ \/ \/

    Proudly presents...

    _ _ _
    (_) | | | |
    _ _ __ ___ __ _ __ _ ___ ___ | |__ __ _ ___| | __
    | | '_ ` _ \ / _` |/ _` |/ _ \' / __| | '_ \ / _` |/ __| |/ /
    | | | | | | | (_| | (_| | __/ \__ \ | | | (_| | (__| <
    |_|_| |_| |_|\__,_|\__, |\___| |___/ |_| |_|\__,_|\___|_|\_\
    __/ |

    Anti-sec. We're a movement dedicated to the eradication of
    full-disclosure. We wanted to give everyone an image of what we're

    Full-disclosure is the disclosure of exploits publicly - anywhere.
    security industry uses full-disclosure to profit and develop
    scare-tactics to convince people into buying their firewalls,
    anti-virus software, and auditing services.

    Meanwhile, script kiddies copy and paste these exploits and compile
    them, ready to strike any and all vulnerable servers they can get
    a hold
    of. If whitehats were truly about security this stuff would not be
    published, not even exploits with silly edits to make them slightly

    As an added bonus, if publication wasn't enough, these exploits are
    mirrored and distributed widely across the Internet with a nice
    advertisement embedded in them for the crew or website which first
    exposed the vulnerability to the public.

    It's about money. While the world is difficult to change, and
    money will
    certainly continue to be a very important in the eyes of many, our
    battle is that of the removal of full-disclosure for the purpose of
    making it harder for the security industry to exploit its

    It is our goal that, through mayhem and the destruction of all
    exploitive and detrimental communities, companies, and individuals,
    full-disclosure will be abandoned and the security industry will be
    forced to reform.

    How do we plan to achieve this? Through the full and unrelenting,
    unmerciful elimination of all supporters of full-disclosure
    and the security industry in its present form. If you own a
    blog, an exploit publication website or you distribute any

    "you are a target and you will be rm'd. Only a matter of time."

    This isn't like before. This time everyone and everything is

    Signed: The Anti-sec Movement

    "No images were harmed in the making of this... image."

    anti-sec:~/pwn# perl

    Found - lighttpd/1.4.18 - SSH-1.99-OpenSSH_4.5
    Found - lighttpd/1.4.18 - SSH-1.99-OpenSSH_4.5

    anti-sec:~/pwn# perl


    Linux 2.6.15-1.2054_FC5 #1 SMP Tue Mar 14
    15:48:20 EST 2006 x86_64 x86_64 x86_64 GNU/Linux

    Replacing images...

    img1 --> img998

    All images replaced:

    If you think that we oppose your website, our advise is to pack it
    up and shut it down, because we're coming for you.

    - anti-sec.


  7. #7
    Join Date
    Nov 2007
    Dallas, TX
    Quote Originally Posted by darkeden View Post
    Reminds me of the defaced.... anyways I knew imageshack was going to get hacked. I sent them an email one day posting an exploit that would allow me to hack into any album. months later and they still have not done anything about it.
    Scary. :-/

    Is that particular flaw still un-fixed?

    Mike G. - Limestone Networks - Account Specialist
    Cloud - Dedicated - Colocation - Premium Network - Passionate Support
    DDoS Protection Available - Reseller Program @LimestoneInc - 877.586.0555

  8. #8
    Join Date
    Oct 2008
    Quote Originally Posted by Mike - Limestone View Post
    Scary. :-/

    Is that particular flaw still un-fixed?

    Last I checked yes. I wonder if releasing it would cause them to fix it faster.
    Leader of the new anti sig spamming club.

  9. #9
    Join Date
    Jul 2005
    Whatever opinions one holds about this act, it has to be said that it has had a major impact and my guess is that we will see an awesome wave of further attacks in the near future. Damn!

Similar Threads

  1. security for my site - dont get hacked
    By ohgodyes in forum Hosting Security and Technology
    Replies: 18
    Last Post: 10-06-2015, 04:48 AM
  2. imageshack hacked?
    By dsotmoon in forum Web Hosting Lounge
    Replies: 6
    Last Post: 07-11-2009, 01:53 AM
  3. Looking for a HERO who can fix the security problem on a hacked server
    By kabuer in forum Systems Management Requests
    Replies: 7
    Last Post: 04-13-2007, 08:30 AM
  4. Hacked - Security Expert Wanted!
    By aisusa in forum Hosting Security and Technology
    Replies: 5
    Last Post: 11-19-2004, 08:15 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts