Hackers deface Telegraph sites over 'gypsies' slight

News 16 Apr, 2010

A group of Romanian activists has hacked two Telegraph subdomains in response to a Top Gear episode mocking the country and casting Romanians as gypsies.

Two subdomains of The Daily Telegraph's website have been defaced by a group of Romanian hackers.

The domains – shortbreaks.telegraph.co.uk and wine-and-dine.telegraph.co.uk/site/index.php – were both hacked yesterday to display the same message from a previously unknown group calling itself the RNS – the Romanian National Security group.

Screenshots of the hacked pages can be seen on the Sunbelt Software blog, which first reported the defacing.

The hacked pages featured a Romanian flag against a black background, with a message in Romanian below protesting perceived racism against Romanians, followed by a link to a Romanian YouTube clip featuring excerpts from a Top Gear episode showing the country in an unflattering light and making several references to Romanians as gypsies.

Helped by Google Translate, Sunbelt roughly translated the message to read: “We are sick and tired of seeing how some garbage like you try to mock our country and try to create a completely different picture to the real one, calling us 'romanian gypsies' and broadcasting s****y TV programmes like Top Gear. If you have the nerve to anger an entire country, know that we will not stop here! Romania.”

The message ended with a single line in English: “Guess what, gypsies aren't Romanians, morons.”

Aside from the fact that Top Gear presenter James May is a columnist for The Telegraph, it's not clear the connection – if any – between the defaced sites and the RNS' grievances. Both subdomains were being used to advertise promotions for Daily Telegraph readers, and remain offline at present.

A Romanian hacker was blamed for a March 2009 attack on the [ital]Telegraph's system that exposed the email addresses of registered users, with some suggesting the site may have become a target for Romanian nationalists.

However, considering the broad nature of the allegations, it's more likely that the subdomains were simply being used to represent the broader UK media.