Hacking the Kuffar: Updated
The original Hacking the Kuffar post gave relatively detailed background on the Jihadist cyber-attacks on a multitude of Western blogs and websites. Specifically, Distributed Denial of Service attacks via botnets and website defacements. Aarons Rantblog was defaced as recently as this morning by a defacer who left his mark as "NeEe0_Hack". It seems that NeEe0_Hack likes to do a bit of site defacing on site's other than Aarons, this is evidenced by the archives over at Zone-H.
Realizing that NeEe0_Hack probably doesn't take that much care in hiding his tracks I decided to do a bit of Googling and see what I could find.
The search actually returned three pages of results, some more revealing than others. There were a few hit's for defaced pages, a few for forums and Yahoo groups he's been posting on and the interesting websites of "kkjmj.com" and "soofaa.org". The first one appears to be a placeholder website for NeEe0_Hack, the second is a site that NeEe0_Hack was evidently affiliated with (you'll see his name about halfway down).
The kkjmj site isn't that remarkable in itself at first glance because it initially goes to a red page with NeEe0_Hack's name on it and then after a few seconds it redirects from "http://www.kkjmj.com" to "http://www.kkjmj.com/home/" with a different page residing in /home. The /home web page is complete with ant-Denmark banners and claims of "The World Hacker".
The page seems to be empty of anything interesting and even the links are dead, with that in mind direct your attention back to the "kkjmj.com" page.Notice how that page waits a few seconds before redirecting you to the other one? When the page with the red background appears "right click" with your mouse and quickly select "view page source" from the menu.
Stay with me here, this is where it gets good. The source of that page reveals (in English):
<head> <meta http-equiv="Content-Language" content="en-us"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1256"> <title>NeEeO_HaCk</title> </head>
Let's perform a WHOIS lookup on that "kkjmj.com domain name shall we?
khalid waleed (KKJMJ-COM-DOM)
Suadi arabia, 159789
Domain Name: KKJMJ.COM
khalid waleed email@example.com
Suadi arabia, 159789
Technical Contact, Zone Contact:
Record last updated on 26-Jul-2005.
Record expires on 26-Jul-2006.
Record created on 26-Jul-2005.
Domain servers in listed order:
Name Server: ns7.hostingarabs.com
Name Server: ns8.hostingarabs.com
Note the email address of "firstname.lastname@example.org" as a registrant contact.
Let's google that and check the results. This leads us off to the website "Hurricane Net" which has a focus on computer hacking. There are inumerable other bit's of information to be found if one is willing to spend the time Googling for them. This DNS record may or may not be goood info on our target here but I'd say there's a pretty good chance it's him. Remember what I mentioned in the previous article about "no fear of law enforcement?" If this is our guy and he really is in Riyadh you can give up any hope of ever getting to him.
As always, questions and comments are welcome.