Sub domain hacked or was it

ownedUpdated: Sub domain has been taken over by the FBI, see below. Today i was alerted to a hack by a group of old school hackers from the late 90’s who have left a sub domain of the well known hacker collective lulzsec hacked. The attack appears to be a DNS attack as well as a defacement on another site which is currently sharing the same IP ( that the "defaced" sub domain is currently being hosted on. the main lulzsec website with or without the www shows the the long existing notice that has been taken over by authorities. The attack has been done by Prime Suspectz who on Zone-h have not made a post to the site since 2005, but that does not mean they have been totally quite over this period. The defacement has a message to lulzsec and anonymous and makes mention of sabu, stating that they remember a older conversation from back in 2004 where he couldn’t hack. > Prime Suspectz & core-project is back!x-s4nd3r / st4ck / eCORE / coolswallowLulzSec owned? Anonymous & LulzSec are the world’s biggest lamerz, they think leaking can make them big haxor? no, you are wrong! u will be never big hacker, ur the biggest lamers of this planet..people like you destroy the hacking scene, you use LOIC and thinking ur big hacker, hahahahaha! we are not dead, big lamerz like u must be destroyed, also for sabu (the police snitch), you were the biggest n00b i ever talked to in 2004, using lame ssh exploits u could not even pwn a IE2-box, do not believe the media!! media delivering false news…sabu was the biggest n00b of this century, and nobody gives a fuck about ur lame leakz, anonymous 🙂 but the show is not finished yet, we are not dead…we always watching u 🙂

The other website which shares the same IP as the currently does is and that is also displaying the same defacement page leaving one to think that is the main defacement as it shows up in caches as a old unused Joomla  website with no content. So, lets break this down a bit to see what is going on. The main lulzsec site is owned by FBI, a sub domain has been hijack either by DNS hijack or hackers have control to a cname controller some how and now the site is pointing to another site name pekingporkchop. Proof that both were on different IP’s at time of publishing. network-tools-dnsipemail See a Mirror of the defacement: here and the rest of prime suspects older defacements here Reverse IP on Also like to make the note of timing of this breach, within weeks of news coming out that sabu has been giving more time away from sentencing to assist police further which has put a lot of anger and upset many people in the community as people who sabu helped get arrested are facing big time behind bars. So ill leave you to figure out what the hell exactly happened here, so have fun oh and Credit goes to @agd_scorp for alerting me to this. Updated:iprc_seized_2010_11 Once again @agd_scorp has alerted me to the sub domain now also being in control of the FBI as well as the other site which appeared to have the deface, This makes one wonder if the site has actually been seized or was all this just a big hoax of some sort or has the FBI gone and seized another site now due to defacement? make note of the results below which show at time of update all ips were still the same as first publish. network-tools-dnsipemail2 Once again, ill leave you to think about this one. bu

About the author: Lee J

Security Analyst, Developer, OSINT,

Comments are closed.