Hackers deface KevinMitnick.com

Instead of the usual description of Kevin Mitnick, his consulting services and books, the famed hacker's website on Sunday displayed a vulgar message.

Online vandals, apparently operating from Pakistan, broke into the computer hosting Mitnick's website on Sunday and replaced his front page with one of their own. As a result, four web addresses belonging to Mitnick, including KevinMitnick.com and MitnickSecurity.com, displayed an explicit message on Mitnick and hacking.

Mitnick told silicon.com sister site CNET News.com in an interview on Monday: "The web hosting provider that hosts my sites was hacked. Fortunately, I don't keep any confidential data on my website, so it wasn't that serious. Of course it is embarrassing to be defaced - nobody likes it."

Mitnick's name is synonymous with "notorious hacker" for many. He was caught by the FBI in 1995 after a well-publicised pursuit and spent five years behind bars for wire and computer fraud. Today he is a consultant, has written two books, and spends much of his time on the road at speaking engagements.

Mitnick heard about the defacement on Sunday afternoon, shortly after the initial compromise, he said. The attackers gained complete control over the server that hosts his site as well as others at hosting provider Hostedhere, Mitnick said. It is common that hosting companies store multiple customers' websites on one server.

Mitnick said: "The attackers from Pakistan took over that whole box. There were a whole bunch of customers, including myself, but my site was the only one defaced, so I was probably the target." The server was taken offline to be reinstalled, Mitnick said. The website was still offline as of late Monday afternoon, Pacific Time.

Website defacements still occur often but they have become less high profile in recent years as other, financially motivated threats take the spotlight.

The message placed on Mitnick's website started with: "ZMOG!! THE MITNICK GOTZ OWNED!!" and continues with expletives and a picture of Mitnick with some modifications. Security website Zone-H first reported the hack on Monday and has screenshots of the replaced web pages.

Defacing websites is akin to graffiti in the brick-and-mortar world. Mitnick said: "It is kind of stupid, they do it for the attention. When I was a hacker, I never stooped to defacing sites because that was more like vandalism, that wasn't any fun. It is more about getting in and being stealth and looking around and exploring."

Mitnick doesn't know how the server containing his website was compromised. "When you're with web hosting companies, your security is as good as theirs," he said. "You just have to live with that. When you want to raise the bar, you have to set it up yourself. I don't have the time to maintain a website."

Hostedhere did not immediately respond to an email seeking comment.

This isn't the first time that a Mitnick website has been defaced. Three years ago a site set up by Mitnick's supporters was repeatedly hacked. Mitnick did not operate those sites, he was not allowed to use computers at that time as part of the terms of his supervised release, he said.

Joris Evers writes for CNET News.com