R o o t s e c u r e . n e t
The Security News Site For Systems Administrators & Hackers Monday, 20th May 2013 @ 15:26:03 GMT 
Rootsecure Homepage
About RootSecure
Lite Edition
User Area
Audio News
Daily Newsletter
Site News Archives
Sources News Archive
SecNews RSS Feeds
SecNews Console
Links:
   Videos
   Security
   Hacking
   Wireless
Downloads:
   Other
   Perl Scripts
   Audio Clips
   Win32 Tools
   Media Archive
   PDF Documents
Reports
Hacker Gear
Win' Error Pic's
ASCII Generator
Your IP Address
RootSecure:
   Contact
   Search
   Publicity
   Affiliates
   Attack Statistics
   Syndication
   (RSS/XML Feed)
   Privacy Policy

Hits: 134,473,017
(Since 06/09/02)
Admin Telnet
HoneyPot Project
Reports | Was WhiteHouse.gov Hacked?
{21st Mar 2003}

On the 23rd of March 2003 Zone-H reported the possible defacement "What we know is that Zataz has been proved reliable over the time so here we are reporting the news to you. We just hope this won't be another Mc-Williams-Vernon story..." of http://www.whitehouse.gov

Along with Zone-H, Rootsecure.net share concerns as to its authenticity.

Points Against it being genuine:

  1. The provider of the screenshot {The original screenshot link no-longer appears to work - Rootsecure.net Mirror} is French Magazine ZATAZ (Google Translation).  [Why did they not capture the source code also, with such an important defacement?]
  2. The magazine has taken the liberty of overlaying their website name on the top left hand corner.  [Free publicity?]
  3. The defacer used <title> tags, containing the usual White House message "Welcome to the White House", when he/she clearly seems to have erased the rest of the page replacing it with a custom version.  [Why bother?]
  4. The defacer took the time to implement the page using tables and different font sizes / fonts.  [Again, why bother for a defacement?]
  5. The link <http://www.whitehouse.gov/news/releases/2003/03/20030321-9.html> is shown on the address bar. [How did it get there? - There are no links on the page unless the defacer has gone to the trouble of changing the link colour, to black and placing a hidden one, but what would be the point?]
  6. The defacer did not leave their handle.  [Most defacers would at least leave a handle or email address]
  7. There are colour anomalies towards the top right of the word "Abuba".  [Were these caused by the jpeg compression or some bad Photoshopping?]  {Rootsecure.net has since learnt that the word "Abuba" was added in to the screenshot by ZATAZ}

Points For it being genuine:

  1. Wired and Tech TV report whitehouse.gov was possible / was defaced before:
    Wired: Did Russians Get Whitehouse.gov?
    TechTV: White House Site Hacked Again
  2. Zone-H do not have mirrors of any previous whitehouse.gov defacements.  [Supporting the idea their IP was banned however would whitehouse.gov really bother to track and ban Zone-H's IP address, which Rootsecure.net noticed recently changed?]

Update: Shortly after posting the the above story Rootsecure.net received the following email from ZATAZ Magazine:

---- Hello

My name is Damien Bancal, journalist for ZATAZ Magazine. For your information, zataz magazine does not have anything a site of pirate or hackers. We are a magazine of press paper and online. We noted by us even defacement and preferred the capture with PSP that safeguard HTML. The fact of putting zataz.com in top on the left makes it possible to give a source to information.

As regards the colors modified in top on the right, the word abuba was added on our capture in order to authenticate the author of the capture.

The authors of this hack did not leave a mel.

Cordialy
Damien / zataz.com

Related Story: The Register - Hacktivists DDoS 10 Downing St site