Known as "Pimpshiz," the hacker says he's exploited a Windows NT bug to hit NASA, the French national library and others.
Pro-Napster hacker "Pimpshiz" said Wednesday he has exploited a bug in Windows NT to deface five dozen Web sites in the past two weeks, including NASA and the French national library.
The as-yet-unidentified hacker is not telling anyone what the undocumented exploit is, possibly saving his ammunition for a fourth wave of attacks hinted at in messages sent to various news agencies.
Some of his victims said they've tracked "Pimpshiz" down in chat rooms, where he's been bragging of his exploits, and engaged him in conversation. But none have been able to shake loose any more information about his methods.
He wrote in a series of e-mails to ZDNet News that hacking the sites was easy and he was able to exploit "obvious" holes.
"I am doing this to get what I think is the right thing ... out to more people," he wrote. "Maybe others who don't even use Napster (such as myself) will even realize what is going wrong here."
A helpful hacker
The hacker left a calling card on each site: a pro-Napster screed about Metallica, which has sued the file-swapping site, and the recording industry which is suing Napster. Plimpshiz also left his e-mail address so Web masters could learn how to undo his hackings.
A Microsoft spokesman was not immediately available for comment.
"I don't like what they are doing to Napster," the hacker wrote in an e-mail, which stressed that he was acting independently of the music-sharing site.
Brief due Friday
"They" are the Recording Industry Association of America, which has sued Napster over alleged copyright infringements. Last month, a federal appeals court stayed an injunction that would have effectively shut down Napster. The company has until Friday to file a brief explaining why the temporary stay should become permanent.
Napster had no immediate comment on the hackings.
The FBI is investigating the Web attacks, in which the site's usual content is replaced with a pro-Napster screed, an agency spokesman said.
The hacker apparently began by defacing a series of TV Web sites, including one for The Martin Short Show. The second wave of attacks included automobile manufacturers, such as Honda's in the United Kingdom site, and various banks.
The third latest wave of attacks apparently included more TV Web sites, such as The Odyssey Channel. "Pimpshiz" also claims to have defaced four different sites operated by 800-Shoes.