Hacker group r00t3rs, which has defaced a handful of local Web sites in the past two months, is a group of Brazilian high-school teenagers who are "doing it for fun", says Justin Stanford of security company 4D Digital Security.
Stanford says he traced the hacker group by building a profile of evidence left behind when it defaced local sites. His profile, he says, made him believe the group consisted of members of high-school-going age who were most likely to be "hacking for fun". The profile, together with industry speculation that the group was Brazilian, led him to an online chat room in which he was able to establish contact with members of the group.
The group told him its actions aimed "to punish those administrators that are not security-conscious". Stanford says the group doesn't appear to have any real understanding of the damage it might be causing, and members of the group are doing it in part to boost their own egos.
Stanford says the group appears to be Brazilian and closely matches the profile he had drawn up. Members of the group include Master_gh0st, d4rk4rk and c0d3r3d, all of whom have left their names on hacked sites.
Stanford says the group uses automated searches to scan wide ranges of IP addresses in the search for vulnerable servers. "I wouldn't say by any means they are highly technically skilled, although they probably are fairly clever and reasonably skilled in computers."
The attacks should be a wake-up call to local businesses and hosting companies, he adds. r00t3rs used standard exploits and tools downloaded from the Internet to hack into vulnerable servers. "Today hacking is as easy as point-and-click. And this activity is on the rise because it is becoming even easier to hack."
Many of the sites were housed in hosted environments in which a single break-in would make multiple Web sites vulnerable.
The group isn't targeting local Web sites, says Stanford. "They scan wide ranges of IPs looking for vulnerabilities and when they find one they hack it, irrespective of where the site is located." The list of other Web sites hacked by the group substantiates this as they range across a wide spectrum of countries.