A total of 6 domains that redirect users to the official Ubuntu One domain, one.ubuntu.com, have been apparently hijacked by the Indonesian hacker SultanHaikal of the Gantengers Crew.
The attack has been brought to my attention by HackRead. Each of the impacted domains – ubuntuone.com, ubuntuone.net, ubuntuone.org, ubuntu1.com, ubuntu1.net and ubuntu1.org – redirect visitors to one.ubuntu.com.
However, the hacker has managed to add what appears to be a defacement page (ubuntuone.com/4UJTwrIX65LXVatulEn41C) to each of them.
“Special Message: You say that you are a hacker, Defacer, but you are proud? it turns out that you are proud, you are a newbie,” reads a message posted by the hacker.
At the time of writing, the defacement pages are still live. Links to defacement mirrors are available on SultanHaikal’s Pastebin account.
It’s likely that the domains targeted by the Indonesian hacker have been acquired by the company to prevent scammers and cybercriminals from abusing them.
I will update the article in case additional details become available.
Update. The following statement has been provided by Canonical representatives:
“We’re looking into this; but on initial investigation, it looks as though these people have simply uploaded a ‘defacement’ HTML file to the Ubuntu One file-sharing service.
This would not be considered a ‘hack’, and is part of the normal operation of Ubuntu One. A file uploaded in this way does not pose a risk to Ubuntu One or its users.”
Update 2. Ubuntu Server Product Manager Mark Baker has confirmed that this appears to be the case, that the hackers have simply uploaded an image to make it look like the domains have been defaced.
The company’s security team is investigating, but for the time being it doesn’t appear that there’s any hacking involved.
The files uploaded by the hackers have been removed.