2600 does not have the defaced page archived
posted by Jevon at 7:12 AM on August 28, 2002

I can't access server
posted by omidius at 7:15 AM on August 28, 2002

Hm. Neither www.riaa.com or www.riaa.org seem to be coming up... anybody know where one could find it, if this is indeed true?
posted by absquatulate at 7:17 AM on August 28, 2002

Oh well, must have missed it. :(
posted by eas98 at 7:18 AM on August 28, 2002

Check out fark.com. They have a link with screenshots and a contest for creating the funniest photoshopped riaa website.
posted by jsonic at 7:20 AM on August 28, 2002

oops...fark.com
posted by jsonic at 7:21 AM on August 28, 2002

Screenshot here, found via scripting.com.

I agree with Dave, It's bad business to deface anyone's site. But what kind of people do this sort of thing anyway? My guess is that it was someone smart, because my other guess is that the RIAA had a tight ship serving up that site.
posted by Jevon at 7:23 AM on August 28, 2002

I was able to view a couple of the pages on the hacked site before it came down. It wasn't just a one or two page hack. It went down a couple of levels and in different directions.

Overall, this is one of the best hacks ever. It was subtle (just glancing at the front page didn't reveal anything), smart (no "w3 0wnZ j00" crap and a real message in the hack), deep (not just the front page) and difficult (I figure the riaa.org site would have been one of the tightest sites to bust open).
posted by grum@work at 7:37 AM on August 28, 2002

If I'm ever around someone who says that they defaced a site, I'm going to punch them in the face. I'm pretty sure it won't be the guy who cracked a server that one of my sites was on, but I still owe their team one.
posted by websavvy at 7:41 AM on August 28, 2002

summary: riaa = embarrassed; hacking = bad; violence in the name of misdirected revenge = good.

deep in my heart, I smile when I see an organization like RIAA victimized this way. s'pose I'm going to hell.
posted by Sapphireblue at 7:45 AM on August 28, 2002

i'm glad that i'm not on websavvy's team
posted by sawks at 7:48 AM on August 28, 2002

Oh all right. I won't punch them. Geez.

Can I write on them with a Sharpie marker?
posted by websavvy at 7:49 AM on August 28, 2002

I agree that this is vandalism and that it is a crime to hack a server, but it's not like they went in and formatted the hard drive or stole credit card numbers. This was really more of an act of civil disobedience.
posted by dirtylittlemonkey at 7:50 AM on August 28, 2002

Another mirror. Good thing that the RIAA knows a thing or two about giant monkeys.
posted by adampsyche at 7:59 AM on August 28, 2002

Can I write on them with a Sharpie marker?

Sure, Bob.

Not to put too fine a point on it, but getting hacked is one of those experiences that we in the tech industry take far too seriously; for the most part, it's the moral equivalent of having someone spraypaint "Your Mamas A Fag" on your picture window. Sure, it's annoying, and sure, it makes you want to kick their butt... but if you get paranoid trying to prevent it, you just end up erecting 20 foot electric fences in front of your yard and having all your neighbors call you "that crazy guy."
posted by hob at 8:39 AM on August 28, 2002

hey, remember that thing about the riaa wanting to be able to legally fuck p2p filesharing servers and stuff? HAHAHAHAHAHAHAHAA
posted by trioperative at 8:40 AM on August 28, 2002

Can I write on them with a Sharpie marker?

That would be nice! Hold them down and write "0wn3d!" across their forehead.
posted by Ayn Marx at 8:50 AM on August 28, 2002

Anyone seen the Russian stop-motion animation Vykrutsary/The Coiling Prankster? Hob's metaphor immediately brought to mind that short film. It actually has strong parallels to this situation too.
posted by Rattmouth at 8:58 AM on August 28, 2002

OT: For some reason I flashbacked to the "She Blinded Me With Science" video and the final placard that said (don't quote me) "And the Dr. gets his comeuppance!"

On topic: Trioperative's comment on the RIAA's semi-potential cracking activities isn't too far off the mark. Right now at my university a major headache is dealing with the RIAA's new cracking scheme. After talking with the head administrator I could tell that he is probably literally losing sleep over the issue. He was very vague as to any current activity (appropriately), but right now the RIAA is a higher priority for him than student cracking. Changes in the campus network might need to be made to protect the security of the students' and university's machines.

Let that sit for a minute.

Disturbing.
posted by Tystnaden at 9:14 AM on August 28, 2002

How about "Poor Impulse Control"?

I've cracked a couple sites essentially on dares/challenges (Microsoft employees deriding *nix-ego, etc.), nothing major or illegal. I have a rough idea how hard a crack like this is to pull off, and that's why while on the one hand I'm chortling, on the other hand I'm deeply worried.

It isn't as if the RIAA's admins forgot to apply a service pack (assuming IIS) or patch, is it? So that would mean this would quite possibly have involved a heretofore unknown exploit in (presumably) either IIS or (unlikely) Apache. Either way, this spells potential new Code Red/Nimda sweeping through the pipes in the near future.

I sincerely hope an explanation of what happened is published and my above fears are allayed (Janitor Bob spilled coffee on the rack, hit the SECOND drive which had the filesystem with the packetfilter config so when the service reset the VNC port was exposed to the world and before Jim the Admin could cleanse this sin it was Good Night, Gracie), but I doubt it'll happen.
posted by Ryvar at 9:14 AM on August 28, 2002

"Where can I find information on giant monkeys?"

Uh-oh.
posted by mr_crash_davis at 9:23 AM on August 28, 2002

I'm deeply worried.

Don't get too worried. There's this tendency to assume that because someone's servers are an obvious target that they're taking extra special care to make them secure; in my experience, this is just not the case. People who run servers just as prone to screw up and be lazy as the rest of us.
posted by hob at 9:34 AM on August 28, 2002

So that would mean this would quite possibly have involved a heretofore unknown exploit in (presumably) either IIS or (unlikely) Apache.

Looks like it just might be IIS. "The site riaa.org is running Microsoft-IIS/4.0 on NT4/Windows 98." [info]
posted by benjh at 9:49 AM on August 28, 2002

The whole giant monkeys thing is a hoax. There are no giant monkeys.
posted by mokey at 9:56 AM on August 28, 2002

I'll agree that defacing websites for the most part is a fairly vile endeavor, particularly all the script kiddies that run exploits on random servers just to post "w00t 3l33t cr3w h4x0r!". You've got to wonder what else is in store for the RIAA since they have in essence declared a cyber war.
posted by aaronscool at 10:23 AM on August 28, 2002

Benjh: I forgot netcraft kept past histories of OS/server combos in their uptime logs. That explains it right there, though. Totally unconscionable on their part. I've nmapped a few major corporations and very rarely found something stupid like PCAnywhere ports open instead of SSH (although they could have had an OpenSSH daemon listening on the PCAnywhere port), but most had fairly updated OS/webserver combos that were proof against anything Typhon & co. was throwing out. Makes sense seeing as the webserver is the logical place to harden.

Maybe we'll get another BSD convert out of this, who knows?
posted by Ryvar at 10:29 AM on August 28, 2002

I'd like to reiterate my belief that the RIAA may be arranging these incidents to add fuel to their "LOOK AT THE EVIL INHERENT IN THE INTERNET" stance. Whether they changed the pages internally, had someone from the outside perform the "hack", or merely left gaping holes in their server security to allow this sort of thing to happen, it'd be far more difficult to prove it *wasn't* a set-up than to prove it was.

"Our server logs show the attack came from the IP address 123.45.6789! We've contacted the authorities to track down these criminals, who we suspect ALSO have illegal MP3s on their computers!"
posted by Danelope at 10:59 AM on August 28, 2002

you've got to say though, riaa have been asking for it. they've threatened to go after specific individuals. now, these individuals are going to be spending an awful lot of time on the internet and doubtless would have a great deal of computer savvy.

so it was always just a question of time. and it'll happen again, i'm sure. this one will just run and run.
posted by triv at 11:03 AM on August 28, 2002

Danelope - I think if this was an "arranged hack" I don't think the level of detail and the statements that RIAA now supports p2p would have been there. The execs would not have allowed them to be seen hosting .mp3's (whether or not they were really there.)

The hacks would have been the more child like "\/\/3 H4xx0R3D j00! R144 15 t3h 5uXX0r! 5upp0r4 k4zz44" To portray hackers as immature children. The hack in place was (from the few screen shots I've seen) relatively professional.
posted by Nauip at 11:08 AM on August 28, 2002

Maybe we'll get another BSD convert out of this, who knows?

What kind of sick, twisted BSD admin would be willing to work for the RIAA?
posted by bigschmoove at 11:09 AM on August 28, 2002

I'd like to reiterate my belief that the RIAA may be arranging these incidents to add fuel to their "LOOK AT THE EVIL INHERENT IN THE INTERNET" stance.

I think the old adage "never attribute to malice what can be adequately explained by stupidity" applies here. Doing consulting work for big and supposedly mean companies really influenced my thinking on this.
posted by Triplanetary at 11:17 AM on August 28, 2002

Are we sure this was a hack? How do we know it wasn't an inside job? Somebody on the premises, maybe a disgruntled employee who knows he's about to get sacked? Y'all are assuming this was a hacker, yet we've all admitted this job does not have a hacker fingerprint. The M.O. is all wrong.

This looks too clean and practiced. This wasn't a rush job. Someone planned this carefully. Probably as an attempt to show the RIAA how they can still pull their fat out of the fire, PR-wise. In fact it may have started as a memo inside the RIAA that was dissed by higher ups but "accidently" found its way on the server. Who knows? Maybe the RIAA honestly is going to have a change of heart? (okay that's too extreme...) I mean what evidence have we that this is a hack? Has anyone come forward to claim responsibility?

We need more information, Number Six. Be seeing you.
posted by ZachsMind at 12:04 PM on August 28, 2002

bigschmoove - I'll bet someone would work for them, but that person would not have a lot of experience or be really good, and they'd probably end up paying that person more. Actually, that's probably what happened -

I agree that this was a hack. Someone who has skill, like a BSD admin, probably realized how easy it would be to hack the server, got together with a couple buddies and some beer, hacked the server and put their stuff in place. Probably had a blast doing it, too... just to rub their noses in it. Maybe someone who used to be a skript kiddie and grew up? Who knows.
posted by SpecialK at 2:11 PM on August 28, 2002

I wish there was some way we could get out a message to everyone. Some sort of declaration of war on the RIAA, that a good part of the relevant communities (ie, cracker forums) would all hear. And then an email to the RIAA. Telling them exactly what was going to happen and how they could stop it. An all out war between the public and the RIAA, which had enough media coverage to let the public know where they should be standing. That would make my month.
posted by Dillonlikescookies at 10:57 PM on August 28, 2002

I'm pretty certain it was a legit hack and not an inside job. It's already garnered some press here.
posted by Grod at 10:59 PM on August 28, 2002