One Hacker May Conceal Another

The current crisis in Gaza between Palestinians and Israelis marks a renewal of web defacement activities. Various Morocco hacker groups have been pointed out by the press; the best known is “Team-Evil,” which just hacked the Ynet Israeli news site.

This weekend, I read various French posts speaking about ethical hacking and “e-jihad” operations made by “pacifist hackers” motivated only by their political ideology. However, reality is sometimes different from perception, and one hacker may conceal another.

On New Year’s Day various web sites were hacked by people introducing themselves as “Morocco & Gaza Hackers” or the “Team Cruel Boys” group.

On the defaced page, one attacker–whose email address is m0x0m_at_hotmail.fr–introduced himself as “M. SoOoSo.” His message seems clear: “I’m not a saboteur, and I didn’t hack this site as an act of sabotage.” At first glance, this guy could gain some sympathizers of the Palestinians’ cause.

But the story is not so simple. A week before, on Christmas Day, I heard about a phishing attack against Orange.fr, a French Internet Provider. Using a mirror site, hackers tried to intercept user names and passwords to access emails and personal data.

Speaking with the discoverers of this identity theft attempt and looking at the code, I noted the stolen data were sent to the same m0x0m email address. Moreover, the PHP script was named soooso.php. What a curious coincidence!

A second email address pointed to another possible Moroccan. As result of some searches I made today, I would not be surprised if this second guy (if it is not the same as the first) was also involved in some fake auction operations.

Of course I can prove nothing, but it would not be the first time we have heard hackers claiming to be ethical “white hats” who are really engaged in criminal activities.