Some hackers have a particular attack that sets them apart or a method that they take to hack into a vulnerable website, but we haven’t seen any of these traits in Blast3R_ma, and our investigators wonder what their motives might be. In fact, they linked two attacks together- the Vehicle Certification Agency (VCA) of UK (found here) and with an attack here where Blast3R_ma created a page on the Vehicle Certification Agency’s Sitemap. While the Vehicle Certification Agency’s Website was completely defaced, the web page that he created on the agency’s page (http://www.dft.gov.uk/vca/blast3r.asp) that says:
Hello Admin 😀 ! This is me 🙂 !!
>>> Security 0% <<<
The VCA is the Executive agency for the UK’s Department of Transportation agency, and they’re responsible for all of the decisions that are being made on the roadways. While they say that they “pride themselves on providing expert test certification for vehicles,” they apparently haven’t put as much care into their website. The hacker Blast3R_ma hacked into the site’s mainframe, inserting his page on each landing page on the site’s server (including the VCA offices about VCA page).
Not a Politically Motivated Hack
It would appear that Blast3R_ma wasn’t politically motivated to perform this attack, and we’re not completely sure how he gained access. When this article was written, the main web page (www.dft.gov.uk/vca) was still defaced. This isn’t Blast3R_ma’s first attack either. This Moroccan hacker reportedly (according to the zone-h archives) breached the website of the City of Houston’s Water Bills Website and brought it down on February 7, 2016. The site was taken down and was replaced with a counter. We have to wonder what’s going to happen to this UK website— so we’ll keep you updated with any news or updates.
Post questions and comments at the bottom and let us know what you think!