Pro-Israel hacker tells how he brought down dozens of Iranian sites

Hacktivist You-r!-k@n describes to InfoWorld how he used old and new hacking tricks to take over 91 different websites throughout Iran

A hacker going by the name You-r!-k@n claims to have hacked, defaced, and then deleted 91 Iranian websites belonging to various government agencies, educational institutions, and businesses in the name of protesting the Iranian government for "supporting terrorism and developing nuclear weapons to destroy Israel."

You-r!-k@n said he first defaced the targeted sites with images of the Israeli flag, accompanied by text reading: "This site is hacked by You-r!-k@n. Say no to terror. Say no to nuclear Iran." He then went on to entirely delete all of the sites, according to an email sent to InfoWorld and at least one other tech publication, InfoSec Island. "All the sites were deleted today (del *.* :-). I had a console backdoor on the server ... the DNS [and] the webservers don't exist anymore.." You-r!-k@n did not provide a complete list of all the sites he purportedly hacked, but those he did specify indeed would not load at the time of this writing.

In an exclusive email interview with InfoWorld Senior Analyst Ted Samson, the hacker has now provided some specifics as to how he was able to hack and delete so many sites run by so many different government agencies, institutions, and businesses. (Per his request, I have edited grammatical errors for clarity.)

InfoWorld: How long did it take to hack and take down all 91 of these sites -- from the planning stages to the very end?
You-r!-k@n: About three days.

Was it easier or harder than you expected to shut down all these sites?
It wasn't the hardest one [I've done]. My hardest attack was the one on irimo.ir [the Iran Meteorological Organization that was taken down in May], which took more than two months.  I managed to escalate my privilege from "user who surfs the site" to domain-admin on the whole domain!  It's a big one, spread over a few sites. Then I erased all the AD. It took them more than seven days to restore the system, and I guess they did not recover fully.

Did these websites have particularly poor security? Were you surprised by any particular weaknesses you found?
Well, I am not new to business, so I was not surprised. It was a step-by-step attack, from SQL inject to the Web admin console, to find their weaknesses that allowed me to upload ASP files. Then command prompt on the site, escalate privs, and port fun J, and there you go: Admin on the server and the sites on it.

Could you please give me an example or two of how you used social engineering?
Well, in one Iranian company I managed to hack one email account. From that box, I sent emails to his colleagues with the text, "Cool, look at that http://xxx.xxx..xxx..xx)." This was a phishing site that I created with a malware that installs a backdoor on the mail server. Click the link, and that's it for them.

You said in your first message that the owners of the hacked sites will have to rebuild them from scratch. Are you certain they won't be able to restore the sites from backup files?
No, I am not certain. I don't know if they have backups, and if they have, I don't know if it's updated. The biggest problem they'll have is finding the weaknesses in the system that allowed the attack from the beginning, because if they restore the backup [without fixing] the vulnerability, then I will be there again.

If you could do this much damage to 91 Iranian sites, do you worry that a similarly skilled hacker could do the same to Israel, or the United States, or any other country?
I am sure that in Israel -- as well as all over the world -- there are servers that are not secure enough.

This story, "Pro-Israel hacker tells how he brought down dozens of Iranian sites," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

This article has been updated with additional information since it's original posting.

Join the discussion
Be the first to comment on this article. Our Commenting Policies