Today a friend shared me this link which pointed to São Paulo State’s Military Police website and showed a deface-like page with a hacktivist text and a youtube video.
The first thing that came to my eyes was the URL:
‘abrirframes.asp’ is ‘openframes.asp’ and ‘PAGINA=’ is ‘PAGE=’ in Brazilian Portuguese. Say no more.
That’s why I’ve said “almost hacked”. The site that was actually hacked was www.nova89fm.com.br (a Brazilian FM Radio) and not São Paulo State’s Military Police’s.
But São Paulo State’s Military Police website wasn’t clean at all. This ‘PAGINA=’ (or ‘PAGE=’) attribute clearly accepts any URL and this hacked website was ‘tucked-in’ to look like the police website was actually hacked. The proof that any URL can be spoofed is that (it will open a famous brazilian news portal).
This seems to be another action of script-kiddies and defacers (almost the same) using automated tools to call themself ‘hackers’. I’m kinda’ sorry for guys like these.
It would be better to do a decent vulnerability disclosure instead of doing such a lame hack. Those kids.