Hackers breach site again

By PETER GRIFFIN

The Microsoft New Zealand website has suffered the embarrassment of being hacked through a security hole supposedly plugged four months ago.

A hacker or group of hackers working under the alias "Prime Suspectz" managed to breach Microsoft's website security and replace its direct-access homepage with their own coded message.

"Oh!! What's happened! Another Micro$oft was hacked?" proclaimed a posted message, with greetings from, among others, Evil Angelica, Hackweiser and Downkaos.

Prime Suspectz has gained notoriety for attacks on the websites of multinational corporations, including Nike, Panasonic and BMW. This is the sixth time a Microsoft website has been defaced by the group, which campaigns to draw attention to the insecurity of corporate IT systems.

The message appeared on the Microsoft website early yesterday, but was taken down soon after. The hackers exploited a "hole" in Microsoft's security, according to Richard Burte, Microsoft New Zealand's technical manager.

"It looks like they went through a hole that was patched last October. There are a number of tools for exploiting holes in security," Mr Burte said.

Although no customer data or sensitive information was exposed to the hackers, Mr Burte said, an investigation was under way to see whether Microsoft or Terabyte Interactive, the Auckland web-hosting company that hosts the Microsoft.co.nz site, was responsible for the lapse.

"We are currently working with our third-party vendor to determine how the site was defaced and to restore the site to normal operation. We're not sure at this stage whose responsibility it was."

New Zealand has no law on computer hacking, but this is under review after a surge in local hacking activity.

A proposal in the Crimes Amendment Bill, now before the law and order select committee, would impose a maximum prison sentence of two years on individuals gaining unauthorised access to computer systems.

The head of the police electronic crimes unit in Wellington, Martin Kleintjez, said that without adequate laws protecting New Zealanders against computer hacking, companies needed to concentrate on prevention.

"It's like someone walking through a carpark and rattling the doors to see if they're open. They need to make sure they close the doors and windows."