Unu revives hacking for bragging rights

telegraph_sql_breachHacking for bragging rights is back in vogue. A Romanian coder, known as unu, has been grabbing headlines in a manner that evokes memories of MafiaBoy and Sven Jaschan.

Unu’s latest caper: defacing web pages of The Daily Telegraph and British Telecom, both big British corporations. The self-proclaimed ethical hacker has been using a technique called SQL injection, to penetrate websites of F-Secure, Kaspersky Lab, BitDefender, Symantec, Kaspersky and the UK Lottery.

depaula_anchises1“Unu is definitely looking for fame by attacking security vendors’ sites using SQL injection attacks,” says Anchises de Paula, threat intelligence analyst at VeriSign iDefense. “By targeting and successfully breaching organizations that help build the security standards and solutions that many businesses rely on, Unu is bringing into question the viability of those companies.”

Unu appears to be a throwback to braggart vigilante hackers of a few years ago, like MafiaBoy, who in 2000 deployed a botnet to do denial-of-service attacks against Yahoo, Amazon, CNN and other. Or the German school boy, Sven Jaschan, who in 2004 released the devastating Sasser worm as part of his do-good campaign (see LW sasser link) to stop the MyDoom worm.

“Unu’s actions could be considered similar to vigilante hackers of a few years ago, and there are certainly many professionals that would consider him a ‘grey hat’ attacker,” says de Paula. “It’s more likely that his key motivation comes from a desire to get attention and notoriety, not from a desire to help alert the businesses that he is attacking.”

–Byron Acohido

Screen shot of hacked Daily Telegraph page; Photo of Anchises dePaula

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone