A hacker has successfully attacked more than a hundred corporate websites to post a message in support of demonstrators protesting against high fuel taxes in the UK.

Herbless, who defaced nine local government web agencies last month and the Legoland.co.uk website last week, yesterday posted the pro-petrol protest on the front pages of 168 corporate websites.

It follows a similar attack earlier this week by a different hacker, who added a message protesting against oil prices to the website of the Organisation of Petroleum Exporting Countries (Opec).

Herbless posted his message on websites as diverse as specsavers.com, jobs.co.uk, itforhire.co.uk, travelfocus.co.uk and brand experts brandimage.co.uk among others.

The message has since been removed from the majority of the affected websites, but could still be seen at bobbybrowns.co.uk as of 4pm (BST) Thursday.

The text of the message claimed that 72 per cent of the price of petrol in the UK is tax, that production costs are one of the cheapest in Europe, and retail pricing the most expensive in Europe.

Herbless explained that: "This web page has been hacked as a public protest against government greed. I urge you to help the protest using any non-violent, non-abusive means possible."

His message ended by exhorting the public to support those on the picket lines. "If you live near a picket line, go and give your support. Applaud the lorry drivers. Make cups of tea and sandwiches for the picketers. Write to your MP pledging your support," wrote Herbless.

The hack appears to have used the same method deployed to post anti-smoking messages on the websites of a number of local government and government agency websites last month and a rant supporting DVD cracking software on the Legoland.co.uk website last week.

"I can confirm it uses the same method," Paul Rogers, network security analyst at MIS Corporate Defence Solutions, told vnunet.com.

When SQL server is set up there is a simple default password for the SQL administrator. Unless the system is being used on a trusted network, which the company owns entirely, Microsoft recommends this password be changed. In an unchanged configuration hacks can take place.

"We think he [Herbless] has performed a mass scan over a large range of sites checking for the MS SQL admin port, flagging insecure websites to be used in a masses hack. The hack itself was noticeable for the sheer number of websites involved," said Rogers.

Microsoft has said that the vulnerability exploited was a result of administrators not following basic instructions on configuring the software, rather than an intrinsic problem with its SQL server product.

See also:

HSBC web host under fire over fuel hack

The external supplier believed to be responsible for managing the areas of HSBC's website vandalised by a hacker this week has been criticised in connection with the incident.  22 Sep 2000

Herbless - five weeks of 'hacktivism'

From Sheffield City Council to Hong Kong and Shanghai Banking Corporation, via Legoland.  21 Sep 2000

Fuel protest hacker Herbless quits

EXCLUSIVE: Herbless, the hacker who defaced the websites of HSBC, Legoland and 450 others as part of the fuel protest in the last month, has announced his sudden exit from the hacking scene.  21 Sep 2000

Security attitudes in the firing line

Prepare for the worst with a security policy that defends your network against hacker attacks and malicious emails.  20 Sep 2000

Network security threats to grow

Eighty-seven per cent of network managers and managing directors think the security threat to corporate networks will grow during the next five years, according to a report commissioned by Siemens Network Systems.  20 Sep 2000

HSBC reassures customers after hack attack

HSBC said no customer details or bank accounts were at risk when a hacker broke into several of its websites on Tuesday night.  20 Sep 2000

HSBC internet sites hacked

HSBC's UK internet site and three of its international sites have been hacked as part of an ongoing campaign in support of the fuel protest.  20 Sep 2000

Channel warned over next fuel crisis

Distributors and resellers have been urged to form contingency plans in case of further UK fuel shortages.  20 Sep 2000

Fuel crisis sparks teleconferencing surge

Telcos have reported surges in network traffic for general calls, conference calls and video conferencing during the past two days as meetings are cancelled because of the UK's fuel crisis.  14 Sep 2000

Hacker flattens Legoland

Plastic brick theme park Legoland has had its UK website defaced by a hacker who took advantage of an inadequately secured SQL server.  10 Sep 2000

Hacked websites 'didn't read the manual'

Microsoft has blamed administrator error, rather than a bug in its software, for leaving hundreds of websites running SQL server open to attack this week.  18 Aug 2000

Hacker attacks UK government websites

Several UK government websites have been defaced by a hacker protesting about the dangers of smoking.  17 Aug 2000

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!