This must be the worse incident reported by the Web Hacking Incident Database.

We all know that web security is highly important but neglected. We tell frightening stories but listners think they are only "FUD": fear, uncertainty and doubt, used to sell products and services. I hope that the VAServ incident will serve to warn that those are not fairytale stories. Even so, I wish this one would not have happened.

In this story, like most calamities, it seems that the laymen suffer: small entrepreneurs & upstart companies who lost everything in a hacking incident. One of them even lost his life.

It all started on Sunday, June 7^th: someone broke into the web servers of VAServ, a tiny UK based hosting company. The hackers ruined many of VAServ virtual servers. Some of them lost were for ever as the snippet from VAServ home page, serving as an emergency bulletin board, shows.

As tiny as VAServ is, probably no more than 3 people, in today's virtual and flat world they could serve tens of thousands of low cost web sites, many of them now lost for ever. Behind each one of these web sites there is a story of someone who worked hard, whether on a hobby or a small business and is now left with nothing. A comment made on one of the blog entries about the incident reads:

"yeah thanks for ruining my life for the last 2 years i had built up my site spending alot of money and giving up my job for nothing.........what am i going to tell the wife?"

Just think about tens of thousand of such stories. Daniel Voyce, a web developer using VAServ for all of his clients, told the Register:

"Since last night, I've had probably 40 phone calls from clients saying 'Why is my website down, It's making me look bad."

But this domino effect ruining so many small businesses had another even more devastating angle. Just days before the hack, someone posted on milw0rm a long list of yet unpatched vulnerabilities in Kloxo, a virtual machine management software. The list certainly looks comprehensive enough to enable anyone to penetrate a site using Kloxo, which VAServ where, leading VAServ and others to believe that LxLabs, the Bangalorian software company behind Kloxo is the culprit. Somebody claiming to be the hacker commented to the inquistir blog, claiming that weak password at VAServ where to blame for the hack, which Rus Foster from VAServ denied.

We may never know who is right and who is wrong. LxLabs, just like Vaserv, is a tiny company using the Internet to look big. However one area that suffers a lot in small companies, is their security. It is never important enough to invest resource in security in such a lean and mean operations.

But tiny giants have another weakness: it all falls on the shoulders of too few people. In the case of LxLabs, on KT Ligesh the CEO. Ligesh committed suicide just a day after the hack for which his company was blamed. While already a troubled person, one cannot escape the thought that the hacking incident was the last straw.

An official Indian government response to a question in the Indian parliament, the Minister of State for Communications and Information Technology discusses hacking incidents which occurred between 2005 and 2008 in a large number of Indian government agencies. The interesting information is the list of agencies affected:

• Ministry of Railways,
• Air Cargo Customs (Mumbai),
• Forward markets Commission,
• National Institute of Health and Family Welfare,
• National Institute of Social Defence,
• Department of Administrative Reforms and Public Grievances,
• Wireless Planning & Coordination Wing,
• Bharat Sanchar Nigam Limited,
• Telecom Regulatory Authority of India,
• Department of Information Technology and
• Anthropological Survey of India.

Recently the domain names has been the focus on hacking activity. Hackers found that hijacking a domain is as effective if not more than attacking the web site itself.

Are domain hacking a case of web hacking? should they be included in WHID? in this case it seems, according to the Wired report that the hack itself involved attacking the domains registrar's (Network Solutions) web interface.

However, we believe that the resulting "virtual" defacement of the web site by redirecting users to a fraudulent web site is still a web hack, even if the DNS hijacking is not web related.

The defaced site, as logged by the register was:

Update (Jan 13^th 2009) - Ynet, an Israeli paper, reports that many of the sites defaced where actually DNS hijacked following a break-in to the servers of DomainTheNet, an Israeli registrar.