Popular Subprofile Website Defaced
On Friday, August 2nd, 2002, I was checking out my Sub Profile for my AIM account and I got an "Error Loading Content" message, so I checked out the top level domain to see if it was working, and nothing, so I tried the main site and I was forwarded to another site claiming that Subprofile.com has been hacked, this site is available at http://www.ssnbc.com/wiz/subpro.htm.
After viewing the page I decided to instant message the users who screen names are listed on there, and I had a chat with a person who kept saying "i did not hack your subprofile, subprofile.com was hacked and everyones is like that, dont take it personaly", so I surmised that I was not the first to message him on this matter, I later found out that hundreds of people had already messaged him to complain. Then I proceeded to message the other screen name listed on the defaced page, and I soon learned that the person I messaged is Robbie Saunders, a 16 year old who created the first AIM "Filter". Soon after we began chatting he confirmed that he had performed the Subprofile Website defacement, but he emphasized that no damage had occured so things should be restored as soon as the webmaster takes notice and corrects the changes made by Mr. Saunders.
Upon interviewing Robbie Saunders I learned that he did not hack the site, he proceeded to tell me that he is friends with Toby, owner of Subprofile.com and Toby has used the same password for his server for quite awhile, and Mr. Saunders just exploited Toby's trust and logged into the host's configuration area and changed the domain's DNS settings so it would forward to a page on Mr. Saunders site[http://www.ssnbc.com/wiz/subpro.htm]. I asked him how many people have messaged him to complain and he said around one hundred, he then told me that the changes are not in full effect yet, he said the DNS settings have not updated for the west coast yet, so he believes there will be alot more angry people in the next 5 to 24 hours. We then chatted alittle about his AIM Filter program and various other things.
If you would like a transcript of the conversation between me and Mr. Saunders please contact me.
Curse from UGN Security
Email: [email protected]
AIM: Curse Of UGN Security
My first news report...
For UGN Security
Robbie Saunder's IP Address: 184.108.40.206
Curse: I am going to write an article about the subprofile 'hack' for a Computer Security website, and I wanted to ask you a few things
robbie shit: OK
robbie shit: ASK YOUR QUESTIONS
robbie shit: PLEASE
Curse: first of all, did you really do it?
robbie shit: YES
Curse: how did you go about fucking over everything, did you just get the password for the server and just delete everything or what?
robbie shit: NOPE, NO DAMAGE WAS DONE
robbie shit: I USED TO MESS WITH SUBPROFILE ALL THE TIME BACK IN THE DAY
robbie shit: WITH PIMPSTATION
robbie shit: HE HASN'T CHANGED HIS PASSWORD SINCE BACK THEN
robbie shit: AND I CHANGED HIS DNS SETTINGS
robbie shit: TO REDIRECT TO MY WEBSITE
Curse: how many people have messaged you to bitch?
robbie shit: WE GOT HIS PASSWORD FROM HIS `SAMPLE` SUBPROFILE ACCOUNTS
robbie shit: RIGHT NOW? PROLLY ABOUT 100 ODD PEOPLE
robbie shit: BUT IT'S NOT EVEN IN FULL EFFECT
robbie shit: THE DNS SETTINGS HAVEN'T UPDATED HERE IN CALIFORNIA YET
Curse: how long ago did you change it?
robbie shit: IT SHOULD BE FINISHED IN 5-24 HOURS
robbie shit: 1 AM
robbie shit: THURSDAY MORNING
Curse: this on a different subject, but how many AIM Accounts have you hijacked with your AIM Filter?
robbie shit: NONE
robbie shit: AIM FILTER HAD NO PASSWORD STEALERS OR ANYTHING OF THAT SORT
robbie shit: BASICLY, I COULD CLOSE YOUR AIM FILTER (OPENING 3 PORN SITES IN THE PROCESS) OR GET YOUR IP
robbie shit: AND ONLY ME AND ERIK HAD ACCESS TO THE ADMIN COMMANDS
robbie shit: WHEN YOU RAN AIM FILTER IT SENT ME 2 DIFFERENT CLICK-THRU'S TOO
Curse: ah, ok because coders who fucked around with it said you had hidden commands in their...
Curse: one guy said it sent the screen name and password of the user to your screen upon sign on...
robbie shit: THE ONE GUY WAS WRONG
robbie shit: I REMOVED THE COMMANDS IN AIM FILTER R
robbie shit: BUT I LEFT SOURCE CODE INTACT
robbie shit: YOU CAN A LOOK FOR YOURSELF IF YOU'D LIKE
Curse: I am not much of a coder, I know alittle Perl and that's about it, what language is the filter coded in anyway?
robbie shit: VB
robbie shit: HAH
robbie shit: OH OK
Curse: btw, how old are you?
robbie shit: 16
Curse: heh, and I like that you are fucking with 1000's of people, yet you didn't damage anything
robbie shit: I HAVE NOTHING AGAINST TOBY
robbie shit: IT'S ALWAYS BEEN FUN HELPING HIM FIX UP SUBPROFILE
Curse: Toby, I am guessing is the owner of Subprofile.com?
robbie shit: YEAH
Curse: well, thank you for your time
robbie shit: NP
robbie shit: NICE TALKING TO YOU
More infomation available by request.