Tuesday, December 1, 2009

Dr.HiaD: Islamic Terrorist or Teenager Having Fun?

Click image for expanded view

Let me steal my own thunder and go with Teen Having Fun.

Earlier today the campaign website of Bill Connor, candidate for Lieutenant Governer in South Carolina, was defaced with a graffiti-like image in the typical fashion of juvenile hackers.

Screenshot of the Bill Connor Website Defacement
Source: FITSNews Political Blog (not verified)

Click image for expanded view

The hacked page included a small amount of Arabic text, which got the attention of the candidate and former US Army officer, who served in Afghanistan. A statement on his campaign's Facebook page said, "I do hope this serves as a wakeup call to the continuing danger we face in South Carolina from the threat of radical Islam and shari’a law."

"I do hope this serves as a wakeup call to the continuing danger we face in South Carolina from the threat of radical Islam and shari’a law."

Bill Connor

Was this a political act by Isamic extremists? Examining the facts makes it hard to draw that conclusion. There are many valid threats to our safety on the Internet today, but it is important to isolate the facts and not rush to judgement when it comes to identifying and prosecuting true crime online.

"Hi ADmin your security = 0" Thus reads the graphic that displaced the candidate's home page. That statement is a poke in the eye at the web hosting company that operates the web server (not the candidate) and is typical of widespread pranks conducted by computer savvy kids who enjoy exercising their technical skills to penetrate weak server configurations from far across the Internet and leave their mark.

"Dr.HiaD" in this case is the online nickname used by the hacker. Dr.HiaD has taken credit for over one hundred such website defacements. I have seen lists of URLs of over 4,000 web pages with his signature on them. Other pranksters have perpetrated many more thousands of website hacks and even keep track of their scores. See below a screenshot of one such scorecard showing recent defacements by Dr.HiaD. The score for all "players" on this website is a staggering 43,000 on December 1, 2009 alone.

Website defacement scoresheet of Dr.HiaD
Source: Ray Dickenson

Click image for expanded view

I have blocked out the website names in order to prevent readers from attempting to visit these sites, which may now host malware that can infect PCs. But you can see Dr.HiaD is a prolific defacement artist.

Another site Dr.HiaD hacked, that also contained a short snippet of Arabic script, was the website of a Chinese baby products company. Again, I will withhold the name of the site, but share the graphic that was posted there.

One of many other websites defaced by Dr.HiaD
Source: Ray Dickenson

Click image for expanded view

Who is Dr.HiaD? He appears on an Arabic hacker website with the below signature. Now, when it comes to teenage hackers, it is difficult to believe everything we read. Is Dr.HiaD really 15-years-old? Is Dr.HiaD from Morocco? Hard to say for sure, but I believe he (or she) is. These pranksters must balance two competing goals: (1) not getting caught and (2) claiming and receiving credit for their exploits. For young hackers, recognition normally trumps caution. On the score-keeping website mentioned above, there are hackers from Singapore, Russia, India, Switzerland, Germany and many more countries around the world. So Dr.HiaD really could be from anywhere.

Dr.HiaD Signature on Hacker Website
Source: Ray Dickenson

Click image for expanded view

One last point about the colors used in Bill Connor's website defacement. Some of the English letters appeared in white, green and red with black background. It is true that these are Islamic colors. But they are also the simplest colors to use in web pages. The RGB color codes for these colors are: FF0000, 00FF00, 000000, FFFFFF. Extremely simple for kids making web pages who do not want to be bothered with shades like 0CF1E2, CECE28. They are also stark and strong. Perfect for a prankster.

Let's close with a comment about the first screenshot above (source: Ray Dickenson). That one came from the website of an auto accessories company in China that was hacked by Dr.HiaD. Is this a photo of the real Dr.HiaD? Probably not. But it does convey something about the Dr's personality and the artistic flair of his or her pranks. Many teenagers who crave technical accomplishment and get into trouble pursuing recognition for their talents grow up to be valuable contributors in the computer field. Ask Michael "MafiaBoy" Calce or Kevin Mitnick.

December 2, 2009 - Update
I spoke with Susanne Schafer of the Associated Press about this story, and she wrote an article that appeared here.

December 3, 2009 - Update
The dramatic image in the first screenshot above comes from an Italian photographer, posted here on Flickr: Amegliocchi. One interesting connection is that a large number of Italian language websites were defaced by Dr.Hiad.

Connection to Dr.Hiad splash screen courtesy of TinEye, a pretty effective reverse image search engine. Want to find photos of you on the web? Try TinEye. If you dare :)

1 comment:

Doctor said...
This comment has been removed by a blog administrator.