The website of the hacker group whose members exposed a hole in AT&T's site for iPad customers was hacked on Tuesday.
For at least a few hours an obscenity-laden message on the Goatse Security site said, "I have taken the liberty of exposing your gaping hole... As you are a group of self-aggrandising [profanity redacted], I have also contacted the media to ensure that this incident gets the coverage it deserves". Goatse Security spokesman Leon Kaiser confirmed the hack. "It appears that someone has found the root password to the Goatse Security blog," he said.
Goatse Security made headlines in June 2010 when it disclosed a vulnerability in the AT&T website and released email addresses and iPad serial numbers for about 120,000 AT&T 3G wireless accounts. Charges were recently brought against two members of the group for the hack.
For more on this ZDNet UK-selected story, see Site of AT&T-iPad hackers is hacked on CNET News.
Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.
Talkback
Someone saved the hacked page before it was corrected: http://www.webcitation.org/5w2P9hsTi
Leon Kaiser? As in Literalka? Rucas? These names are vary familiar as they belong to a white supremacy group that embraces racial stereotypes while trolling. They mention their affiliation directly on http://security.goatse.fr/members
How come no one has commented on their spamming yet? Or anything from the plethora of negative attention the group has reaped upon themselves while getting some laughs online.
To the author, dig a bit on these guys, you'll see this "security group" is nothing but another troll they started to get the word "goatse" out there while gaining positive attention they would not be able to under the GNAA moniker. Every single member is a part of GNAA, this group is nothing more than a segment of their users trolling under the guise of security bloggers.
On the topic of attention seeking trolls, this may of been a ploy to gain more hits after the initial wave of traffic settled down: http://seclists.org/fulldisclosure/2011/Jan/508
"Knowing one of the people listed in the shout-outs, I told them about the
props and they got back with the following statement:
"After doing some digging, [I] found out that they did it to their own
website to generate publicity. The person responsible told me he didn't
think anything would happen from it so he used my old nick. He apologized
to me and said he'll not do something like that in the future. ""
They are a security company and they have a publicly accessible management console? And the only security was a root password? I guess they've never heard of VPN's or Certificates.
Obviously, they are NOT a legitimate security company. Just a group of hackers trying to get into the spotlight.