Thursday, 13 April, 2000, 19:03 GMT 20:03 UK
'Serb hackers' on the rampage

More than 50 websites have been taken over by what is suspected to be a group of Serb hackers.

The websites - which include such high-profile names as Manchester United and Adidas - were stripped of their content, and branded with the image of a double-headed eagle, with the words "Kosovo is Serbia".


Many of the websites were Yugoslav, Bosnian and Croatian. The Kosovo Albanian newspaper Koha Ditore and the Albanian site Kosovapress were also among those hacked.

Most of the companies have since reclaimed their websites.

Manchester United believes the culprits were "cyber-squatters", who register Internet sites in the names of celebrities or well-known companies, and then try to sell them back again.

Chance discovery

An internet company which monitors domain names, WebDNS, spotted that the hacking was part of a sustained campaign.

Alex Jeffreys, the techical director of WebDNS, said he noticed that several high-profile web-sites were being hacked on Monday.

"I almost stumbled over it by chance, when I noticed that a number of large company domain names had changed ownership," he told News Online.

As he began checking details of some of the thousands of websites being supported by the server Webprovider Inc, he discovered more than 50 sites that had been hacked from the same address.


Hacked websites
viagra.com
eunet.com
winston.com
jamesbond.com
indianajones.com
mafia.com
kosova.com
yu.com
slovenia.com
bosnia.com
sarajevo.com
warcrimesmonitor.com
arkan.com
tudjman.com
The hacked websites had all been registered with Network Solutions, the world's largest register.

Mr Jeffreys said it appeared that the hackers had changed the contact details in Network Solutions' database on Sunday night.

The contact addresses were at first transferred to a Yugoslav address, and then on Monday night to an Albanian address.

"It seems that the Network Solutions database is quite open for hacking, rather than it being one company in particular," he said.

How the hackers worked

It is impossible to say exactly who the hackers are, or how they managed to breach databases that should be secure.

However, Mr Jeffreys said they probably sent spoof e-mails to Network Solutions, pretending to be from the company concerned, and requesting a change of address.

The requests for a modification are sent by an automatic e-mail form.

Although Network Solutions was not available for comment, a message on their answer machine said that "if you are making a registrar name change or contact modifications request" there would be delays while they "carefully review your request for change".