Nov 042012
 

Visitors to NBC websites (e.g. Saturday Night Live) today may have noticed that several appear to have been defaced by a hacker, with some jarring background music thrown in for good measure.

The message “Hacked by Pyknic” appears first, followed by a repeated refrain of: “Remember, Remember The Fifth of November, The Gunpowder Treason and Plot. I know of no reason why the gunpowder treason should ever be forgot”.

As it’s still only November 4th, presumably this may be a reminder of tomorrow’s threatened attack by Anonymous against Facebook. Or it could just be symbolic of general Guy Fawkes Day anarchism – tendencies which may fit in well with the hacker ethos.

Then we see an obscene message to the ‘Feds’ and a reference to ‘419 is just a game’ – obviously hackers may have considerable antipathy to the police (or FBI in US slang) and the 419 quote is most likely to allude to the Nigerian 419 scam (419 refers to the article of the Nigerian Criminal Code dealing with fraud).

The quote may even be lifted direct from the 2005 Nigerian song ‘I Go Chop Your Dollar’ which starts: “419 is just a game, you are the losers, we are the winners”.

Finally, a more disturbing warning appears: USER INFO – EXPOSED      PASSWORDS – DUMPED

It is important to note that this is only a hard-coded piece of text – as far as we can tell there is no hacking of visitors to the NBC websites going on, it’s just a static text message. Whether it is designed just to cause concern to visitors or to predict a wider hack of info/passwords (whose/where/when?) is unclear – why can’t they just say what they mean…

NBChacked

Screenshot of hacked NBC site

A final word on the music which plays in the background whilst visiting the hacked sites – it’s a simple embedding of a song on YouTube called ‘Savages’ by Dyad Souls. The link to the actual song on YouTube is here (Warning: Parental Advisory – explicit lyrics).

There is no evidence yet as to how NBC sites were hacked. At the time of writing, the sites are still up but still defaced, more than 1 hour after the attack – surprising as the defacing text is coded simply enough into the source body of the sites’ HTML pages. Maybe there’s not a great deal of IT support working on a Sunday or they are having difficulty in the New York headquarters due to the after-effects of superstorm Sandy?