'Hack' prank angers many

What began as an unidentified cracker allegedly defacing Apple 'fanboi' sites last month has turned out to be nothing more than a prank. A cracker calling himself 'malcor' claimed responsibility for defacing GlennWolsey.com on November 17th, and similarly took credit for defacing MacApper.com just a few days later. After another alleged 'hack,' which resulted in the defacing both AppleMatters.com and iPhoneMatters.com, the hosting company of those sites immediately pulled the pages and initiated an investigation which brought the farce to light.

Site administrators involved initially claimed the hacks were due to a vulnerability in the open source content management system called 'Wordpress,' which spurred developers of that project to frantically search for potential security holes in their source code.

In the case of GlenWolsey.com, which is hosted by Media Temple and runs Wordpress, both the host and the site designer were apparently unaware that Mr. Wolsey had given control of his site to a third-party. During an investigation however the host and designer discovered the truth of the matter, but unfortunately failed to notify developers looking into potential Wordpress vulnerabilities. Email requests sent to Media Temple were ignored, according to open source software developer Ty Jang, while Mr. Wolsey suggested that an investigation was underway.

Several days later MacApper.com was defaced, and site owner Miles Evans wrote that his site was also compromised via a Wordpress vulnerability.

Again, the parties involved remained silent, according to Jang, and allowed the situation to escalate both within the Apple and open source developer community.

"Around this time, a Norwegian blog and a few others began posting the results of their initial investigation and suggested the involvement of macheist.com," Jang told MacNN.

It was only after the hosting company of AppleMatters.com and iPhoneMatters.com posted the results of its own investigation that the truth behind the alleged 'hacks' shown through. Site owner Hadley Stern hastily apologized for the hoax, admitting that he was contacted by the Macheist team to take part.

"I wasn't doing it for traffic, or fame, just for fun," Stern wrote. "Of course in the process I let down the readers of this site, and the web hosting provider, and the maker of the excellent CMS the site uses."

The owners of MacApper.com, MacHeist.com, and GlennWolsey.com (apologies linked) also admitted to the prank within 24 hours of Stern's apology.

Several well-known Apple bloggers shunned the stunt, with one even suggesting that all Mac users boycott MacHeist.com.

"There are quite a few people questioning the sincerity of any apologies as is quite likely that a significant amount of money was exchanged between those involved," Jang said.

Mr. Jang says he participates in the development and support of a variety of open source content management systems and Web forums in his spare time. The prank was, to put it lightly, not amusing to him and his fellow developers.

"I do not believe that any of us with experience developing online software are naive enough to believe our code is un-susceptible to some form of a hack. That being said, within the open source community, we spend a considerable amount of time checking, debugging and validating code before releasing it to the user community," Jang said. "Much of this is done in our free time for no monetary gain. The fact that the above-mentioned people have the audacity to publicly disrespect our hard work, in the name of profit, is infuriating."

by MacNN Staff