Popular Subprofile Website Defaced
On Friday, August 2nd, 2002, I was checking out my Sub Profile for my AIM account and I got an "Error Loading Content" message, so I checked out the top level domain to see if it was working, and nothing, so I tried the main site and I was forwarded to another site claiming that Subprofile.com has been hacked, this site is available at http://www.ssnbc.com/wiz/subpro.htm.
After viewing the page I decided to instant message the users who screen names are listed on there, and I had a chat with a person who kept saying "i did not hack your subprofile, subprofile.com was hacked and everyones is like that, dont take it personaly", so I surmised that I was not the first to message him on this matter, I later found out that hundreds of people had already messaged him to complain. Then I proceeded to message the other screen name listed on the defaced page, and I soon learned that the person I messaged is Robbie Saunders, a 16 year old who created the first AIM "Filter". Soon after we began chatting he confirmed that he had performed the Subprofile Website defacement, but he emphasized that no damage had occured so things should be restored as soon as the webmaster takes notice and corrects the changes made by Mr. Saunders.
Upon interviewing Robbie Saunders I learned that he did not hack the site, he proceeded to tell me that he is friends with Toby, owner of Subprofile.com and Toby has used the same password for his server for quite awhile, and Mr. Saunders just exploited Toby's trust and logged into the host's configuration area and changed the domain's DNS settings so it would forward to a page on Mr. Saunders site[http://www.ssnbc.com/wiz/subpro.htm]. I asked him how many people have messaged him to complain and he said around one hundred, he then told me that the changes are not in full effect yet, he said the DNS settings have not updated for the west coast yet, so he believes there will be alot more angry people in the next 5 to 24 hours. We then chatted alittle about his AIM Filter program and various other things.
If you would like a transcript of the conversation between me and Mr. Saunders please contact me.
Curse from UGN/UPIN/N3TMASK/RRFN
Email: [email protected]
AIM: Curse Of UGN
My first news report...
For UGN Only:
Robbie Saunder's IP Address: 184.108.40.206
Curse: I am going to write an article about the subprofile 'hack' for a Computer Security website, and I wanted to ask you a few things
robbie [censored]: OK
robbie [censored]: ASK YOUR QUESTIONS
robbie [censored]: PLEASE
Curse: first of all, did you really do it?
robbie [censored]: YES
Curse: how did you go about [censored] over everything, did you just get the password for the server and just delete everything or what?
robbie [censored]: NOPE, NO DAMAGE WAS DONE
robbie [censored]: I USED TO MESS WITH SUBPROFILE ALL THE TIME BACK IN THE DAY
robbie [censored]: WITH PIMPSTATION
robbie [censored]: HE HASN'T CHANGED HIS PASSWORD SINCE BACK THEN
robbie [censored]: AND I CHANGED HIS DNS SETTINGS
robbie [censored]: TO REDIRECT TO MY WEBSITE
Curse: how many people have messaged you to [censored]?
robbie [censored]: WE GOT HIS PASSWORD FROM HIS `SAMPLE` SUBPROFILE ACCOUNTS
robbie [censored]: RIGHT NOW? PROLLY ABOUT 100 ODD PEOPLE
robbie [censored]: BUT IT'S NOT EVEN IN FULL EFFECT
robbie [censored]: THE DNS SETTINGS HAVEN'T UPDATED HERE IN CALIFORNIA YET
Curse: how long ago did you change it?
robbie [censored]: IT SHOULD BE FINISHED IN 5-24 HOURS
robbie [censored]: 1 AM
robbie [censored]: THURSDAY MORNING
Curse: this on a different subject, but how many AIM Accounts have you hijacked with your AIM Filter?
robbie [censored]: NONE
robbie [censored]: AIM FILTER HAD NO PASSWORD STEALERS OR ANYTHING OF THAT SORT
robbie [censored]: BASICLY, I COULD CLOSE YOUR AIM FILTER (OPENING 3 PORN SITES IN THE PROCESS) OR GET YOUR IP
robbie [censored]: AND ONLY ME AND ERIK HAD ACCESS TO THE ADMIN COMMANDS
robbie [censored]: WHEN YOU RAN AIM FILTER IT SENT ME 2 DIFFERENT CLICK-THRU'S TOO
Curse: ah, ok because coders who [censored] around with it said you had hidden commands in their...
Curse: one guy said it sent the screen name and password of the user to your screen upon sign on...
robbie [censored]: THE ONE GUY WAS WRONG
robbie [censored]: I REMOVED THE COMMANDS IN AIM FILTER R
robbie [censored]: BUT I LEFT SOURCE CODE INTACT
robbie [censored]: YOU CAN A LOOK FOR YOURSELF IF YOU'D LIKE
Curse: I am not much of a coder, I know alittle Perl and that's about it, what language is the filter coded in anyway?
robbie [censored]: VB
robbie [censored]: HAH
robbie [censored]: OH OK
Curse: btw, how old are you?
robbie [censored]: 16
Curse: heh, and I like that you are [censored] with 1000's of people, yet you didn't damage anything
robbie [censored]: I HAVE NOTHING AGAINST TOBY
robbie [censored]: IT'S ALWAYS BEEN FUN HELPING HIM FIX UP SUBPROFILE
Curse: Toby, I am guessing is the owner of Subprofile.com?
robbie [censored]: YEAH
Curse: well, thank you for your time
robbie [censored]: NP
robbie [censored]: NICE TALKING TO YOU
More infomation available by request.