Plug Pulled on Possible AP Hacker Group

A group that apparently defaced the Associated Press Web site early Wednesday morning has had its own Web site shut down., the company that hosted the hackers’ site, pulled the plug effective about 5:00 p.m. EST Wednesday because the group, which calls itself Hfury, “violated our terms of service … mainly because on [its] download page, [it] had links related to cracking,” said DomainDLX Chief Executive Officer Muhannad Said. “Cracking,” often used interchangeably with hacking, refers to breaking into a computer system without authorization, in order to show off or to create a problem.

DomainDLX, a closely held Rockville, Md., company, provides free Web-hosting services. Mr. Said said DomainDLX’s privacy policy prevented him from providing much information about Hfury, but he said he assumed the group was based in Brazil because its Web site was written mainly in Portuguese.

He noted that the Hfury site, which also included a list entitled “Members” along with a list of sites the group claimed to have defaced, typically received 20 to 30 hits a day. But on Wednesday, prior to the cancellation of service, Hfury’s home page got 1,189 hits, Mr. Said said.

At 2:19 a.m. Wednesday morning, the AP site was attacked, and its home page was replaced with a plain page of text headed “0wn3d by Hfury.” Most of the rest of the text appeared to be screen names made up of letters, numbers and symbols. AP took the site down at 4:35 a.m. and brought it back up on a new server at 6:10 a.m., said a spokewoman for the not-for-profit news organization.

The spokeswoman said it appeared that the attack affected only the home page of, a public, corporate Web site with news andinformation about the AP and its services and products. Stories and photos AP provides to the 1,550 daily U.S. newspapers and broadcasters that jointly own and fund it aren’t part of and weren’t affected by the attack, she said.

A similar attack occurred early Wednesday morning on the home page for the New York Parkinson’s Disease Foundation. This site was taken down and later put back up with the correct home page.

B.K. DeLong, a staff member of, a nonprofitcomputer-security-information Web site that tracks defacements, characterized the attacks as “digital graffiti” from what appears to be a “loose collection of ‘script kiddies’ who call themselves Hfury.”

He defined script kiddies as people, typically young men, who attackWeb sites using scripts, or pre-existing sets of commands that are programmed to automatically exploit the sites’ vulnerabilities. The scripts can provide access to a site or automatically deface a site.

Mr. DeLong said he found seven instances in Attrition’s reports this year of Web sites Hfury had allegedly defaced. All were sites running Windows NT, a computer-network program from Microsoft Corp. (MSFT).

Such defacements are growing more common on the Internet, as a means of showing off or promoting a cause or agenda. While annoying, and a sign of a weakness in a Web site’s defenses, they are usually less disruptive than so-called denial-of-service attacks, in which a hacker sends so much spurious data to a company’s Web servers that it interferes with legitimate Internet traffic.

Such attacks can disrupt e-commerce, e-mail and other Web-related activities. They have been launched against a number of high-profile companies including Microsoft; Yahoo! Inc. (YHOO); Inc.(AMZN); eBay Inc. (EBAY); Dell Computer Corp.’s (DELL); and Cable News Network, which is owned by AOL Time Warner Inc. (AOL.)