Jump to content

Earthcache.org Hacked By Turks?!?!?


Darsantre

Recommended Posts

Please, GAWD, tell me that I'm hallucinating! I just went to look up the guidelines for setting up an earth cache and when I went to the site, it said it was hacked by Turkish cyber-pirates and this horrible Turkish rap started playing.

 

Does anyone else have this problem when they go to the site? And WHY hack into Earthcache.org when there are so many other, more important sites to mess with?!???

 

Darsantre

Edited by Darsantre
Link to comment

If they were try for exposure they really really missed the mark. Unless I'm wrong (which quite often I am) the only people who visit the earthcache site is a small group of geocachers. Maybe a couple hundered people saw this? It definitely isn't going to make any new papers. I wonder if there is geocaching like site for hackers. If so these hackers seem to be in it just for the numbers.

 

Anyhoo had to do a ye olde cut and paste because they didn't provide a hot link to their websites. Not that there is anything to see there. It seems that their websites are down. Quoted below is the registrar info for their websites. I wouldn't trust any of the information. Except maybe the phone number to the Istanbul Hosting Solutions, Direct dial from the US 01190(216)349-2820. I would call because it isn't like they could do anything about the hackers. The hackers website are already down and the only thing the hosting service could do is suspend their hosting accounts.

 

I did find this webpage, www.siberkorsanlar.gen.tr.tc/, it looks like their message boards. If you do know turkish, I'd read but not post.

 

Siber-Korsanlar.Com

 

Registration Service Provided By: ISTANBUL HOSTING SOLUTIONS

Contact: +90.2163492820

 

Domain Name: siber-korsanlar.com

 

Expiry Date: 16-Jan-2006

Days Left for Expiry: 84

Record Creation Date: 16-Jan-2005

Domain Status: Active

 

Domain servers in listed order:

ns1.ihsdnsx2.com

ns2.ihsdnsx2.com

 

RegistrantContact Details

Name General redX

Company Cyber-Strom

Email Address gurcans@anadolu.edu.tr

Address General redX

City Eskisehir

State null

Zip 80040

Country TR

Tel No. +90.2222222222

Cyber-Storm.Org

 

Domain ID:D106480997-LROR

Domain Name:CYBER-STORM.ORG

Created On:31-May-2005 12:28:11 UTC

Last Updated On:13-Oct-2005 10:08:26 UTC

Expiration Date:31-May-2006 12:28:11 UTC

Sponsoring Registrar:Direct Information PVT Ltd. (R27-LROR)

Status:OK

Registrant ID:DI_1503543

Registrant Name:General redX

Registrant Organization:Cyber-Strom

Registrant Street1:General redX

Registrant Street2:

Registrant Street3:

Registrant City:Eskisehir

Registrant State/Province:

Registrant Postal Code:80040

Registrant Country:TR

Registrant Phone:+90.2222222222

Registrant Phone Ext.:

Registrant FAX:

Registrant FAX Ext.:

Registrant Email:gurcans@anadolu.edu.tr

Link to comment

The method for hacking pages in this manner has nothing to do with the site itself and everything to do with the programs running the site (and their unpatched security holes).

 

An automatic program (usually on a 3rd person's computer after downloading a virus) scans website after website by trying a very specific set of commands that can be sent in the address bar as if it were trying to ask the website for a certain page. Those commands fake the program running the website to open up access to the hacking program and if it gets a "hit" (like a bite on the hook when fishing), it goes into "replace the pages" mode and overwrites the original website through the now open hole that it's found and then helped to create.

 

None of this process from scanning, to breaking in to a weak system, to replacing the website with their own message/garbage, required the "hacker" to have anything to do with it at all (other than to setup the initial program and toss it out on the web and P2P programs hoping someone would download and run it (and thereby make them the "3rd person" mentioned above).

 

In fact, the hacker could even be in jail, dead, or gone straight, but their code will live on as long as naive people run programs they shouldn't trust.

 

Finally, may I also suggest that when you come upon an obviously hacked site, you should NOT attempt to click any links or open new windows to any web addresses they put up (no matter how angry you are that they took down your favorite site and you'll show them by posting on the forums link they left!). Do NOT follow their links. Your browser may unknowingly download and run the very software that caused this kind of problem in the first place. The link could be bait for the irate ignorant masses.

 

The best thing you can do is to e-mail the administrator of the site (again, not by link on the hacked site..but by an address you otherwise know about). They will need to wipe clean their website program files and then reinstall a fresh newly-patched copy and hopefully learn from this lesson to keep their software patched and extra ports turned off.

Link to comment
WHY in the world would they pick Earthcache.org?

That's nobody's business but the Turks. :lol:

I hope that they know to look for the culprits in Istanbul (Not Constantinople).

Istanbul was Constantinople

Now it's Istanbul, not Constantinople

Been a long time gone, Constantinople

Now it's Turkish delight on a moonlit night

Link to comment
Or they could be targeting sites associated with geocaching intentionally.

I highly doubt that. I live in Turkey and there are about 8 Turks who geocache in the whole of the country. So very few Turks have actually heard of geocaching. I would never say there are Turkish geocachers. I would say there are a handful of Turks who have geocached.

 

Of those 8, the most caches any of them has found is 9. Some Turks have even left a cache without ever finding one! I don't know how, but a few have. The Turks find 3 or 4 caches and then you never hear from them again. And good luck trying to find a GPS receiver for sale in this country.

 

Usually it's the geocaching tourists who find the caches and are more likely to place one in Turkey. Granted, there are only about 43 active caches in the whole country. I am working on getting more caches placed, but without a car, it's a bit difficult though.

Link to comment
In fact, the hacker could even be in jail, dead, or gone straight, but their code will live on as long as naive people run programs they shouldn't trust.

Or they could be targeting sites associated with geocaching intentionally.

Yes, just because you're paranoid doesn't mean they aren't out to get you.

 

Of course, there are quite a few more caching sites than just earthcaching.org and todayscacher.com (most haven't been hacked). There are also quite a few non-caching sites that have been hacked in this exact same fashion. It's in our nature to add a "trend" where one doesn't exist though and so when a few high profile situations arise, it can get falsely interpreted as a "targetted attack" or "intentional". Because we don't see the true representation of all of the websites out there to know which ones have been scanned and which ones were hacked but cleaned up before being seen and so on...we sometimes figure there must be something sinister behind them hitting only those that we have seen.

 

Trust me though, these hacking programs just find *any* computer they can put their HTML all over. There are even webboards and pages where these guys keep track of their "hits" and try to see if they can out-do another tagging crew like it were some sort of virtual graffitti game. I wouldn't be surprised if the only "Turkey" these hackers have even *seen* says "Butterball" on the side. To download, insert your HTML, then spread these trojan horse-hack programs doesn't take more than a few hours of your time and then you're infamous on the web (in your own mind). Those programs put your code anywhere they can, not targetted sites about GPS hobbyists...

Link to comment
Trust me though, these hacking programs just find *any* computer they can put their HTML all over. There are even webboards and pages where these guys keep track of their "hits" and try to see if they can out-do another tagging crew like it were some sort of virtual graffitti game. 

 

You seem to know a lot about this. Is your name Ahmet by any chance?

Link to comment
The method for hacking pages in this manner has nothing to do with the site itself and everything to do with the programs running the site (and their unpatched security holes).

 

An automatic program (usually on a 3rd person's computer after downloading a virus) scans website after website by trying a very specific set of commands that can be sent in the address bar as if it were trying to ask the website for a certain page.  Those commands fake the program running the website to open up access to the hacking program and if it gets a "hit" (like a bite on the hook when fishing), it goes into "replace the pages" mode and overwrites the original website through the now open hole that it's found and then helped to create.

 

None of this process from scanning, to breaking in to a weak system, to replacing the website with their own message/garbage, required the "hacker" to have anything to do with it at all (other than to setup the initial program and toss it out on the web and P2P programs hoping someone would download and run it (and thereby make them the "3rd person" mentioned above).

 

In fact, the hacker could even be in jail, dead, or gone straight, but their code will live on as long as naive people run programs they shouldn't trust.

I guess that might be interesting the first few times. Pretty pointless after that.

 

Finally, may I also suggest that when you come upon an obviously hacked site, you should NOT attempt to click any links or open new windows to any web addresses they put up (no matter how angry you are that they took down your favorite site and you'll show them by posting on the forums link they left!).  Do NOT follow their links.  Your browser may unknowingly download and run the very software that caused this kind of problem in the first place.  The link could be bait for the irate ignorant masses.

Thats one good thing about using a less popular browser and OS. There is less out there that is out to get you. As long as the masses stick with Mircro$oft products I'm happy. If I ever did get infected with a virus, unlike MS OSes, it would only be able to infect my user account and not the whole computer. That doesn't mean I don't run any antivirus software tho. Although it's only ever detected three viruses, although all three were MS OS viruses.

 

The best thing you can do is to e-mail the administrator of the site (again, not by link on the hacked site..but by an address you otherwise know about).  They will need to wipe clean their website program files and then reinstall a fresh newly-patched copy and hopefully learn from this lesson to keep their software patched and extra ports turned off.

In case anyone doesn't know. The best way to get an admin email address for a web site is to do a whois search on the domain name. You can do them at http://www.internic.net/whois.html.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...