Reply-To: iwar@egroups.com
Subject: [iwar] Historical posting
Trail Grows Cold in Hunt for Web Hackers
FBI Defends Pace of Investigation Feb. 17, 2000
By David Noack
NEW YORK (APBnews.com) -- Despite leads, log files, interviews and even some in the Internet community claiming responsibility for last week's massive cyberattack, it is unclear when the probe will end and how many people will be implicated.
Some computer security experts today raised the issues of the investigation's length and probability of success, saying parts of the case are growing cold.
"It's possible that the FBI is closing in on the people who launched the [denial-of-service] attacks against E*Trade, Amazon and the other sites that were hit on the second day," said a member of the Cult of the Dead Cow, a hacker organization.
"As far as the person who launched the Yahoo attack, I have a sneaking suspicion that the only way they'll be able to find them is if somebody tips them off."
Looking for braggarts
One computer security expert, who asked not to be identified because he consults with law enforcement, said the best chance of catching the culprits was in the early stages of the investigation, when the information was fresh and there was a better likelihood the culprit would brag.
"This is going to drag on for a while," the security expert said. "They are grasping at straws. They were ill-prepared to investigate this, and there was a sweet spot -- particularly when the hackers would go out and brag, usually three to four days after they would pull a stunt like this.
"You collect the information and pop somebody before the bragging stops. The bragging has stopped. The mischief has stopped," said the source.
Since the end of the large-scale attacks last week, for the most part, denial-of-service attacks have stopped. And it's unclear whether the few subsequent mini-attacks were the result of copycats or the original perpetrators.
FBI: 'There is no quick end'
The FBI defended the pace of its investigation.
"This is going to take as long as it takes," said Debbie Weierman, an FBI spokeswoman. "These are incredibly complicated investigations. One hacking incident alone is very time-consuming, resource-draining type of investigation, and [here] you have a multitude of them going on at the same time.
"There is no quick end to this story. This investigation, like other FBI investigations, have to be thorough; it's not something that we can accomplish in a 24-hour period."
She said all available resources are being dedicated to the case.
"There are no real physical fingerprints with these crimes; we have to go into an electronic world to collect fingerprints, and it does take some time. I think it might be a premature assertion by our critics to say that we've lost our opportunity to catch the criminals," Weierman said.
Melissa virus solved quickly
She said that while some people may claim they launched the cyberassault, there are no more than two or three people responsible.
Dave Dittrich, an expert in denial-of-service attacks and a consultant for the University of Washington's Computing & Communications Client Services group, said he believes investigators are working rapidly.
"It is not a simple matter just to sift through megabytes of logs, packet traces, etc., and put all the pieces together," Dittrich said. "I can't comment on the number of suspects, but it would not be unreasonable for the FBI to do a lot of interviews to determine the associations between individuals and groups, as well as what and how many nicknames belong to which people."
Mark Rasch, a former federal prosecutor who is now vice president of Global Integrity Corporation, said it's difficult to predict when the case will be cracked.
"I would not have predicted that the Melissa virus case would have been cracked that quickly," said Rasch, referring to last year's computer virus case, which was resolved in a few days.
'This is a media mess'
Space Rogue, editor of the Hacker News Network and a research scientist at the newly formed e-commerce security company @Stake, said he's unsure how long the investigation will last.
"I think this is a media mess. I don't think that Mafiaboy has anything to do with it. If you go out onto any IRC network now you will find a 'mafiaboy' -- lots of people are using that nick[name]," he said.
David Noack is an APBnews.com staff writer (david.noack@a...).
========================================================================
FBI unplugs McCain copycat site
Lookalike online contribution page took donations from supporters of presidential candidate John McCain.
By Brock N. Meeks, MSNBC
February 19, 2000 10:43 AM PT
The FBI Friday shut down a Web site collecting political contributions for presidential candidate Senator John McCain hours afterMSNBC began making inquires into its legal status.
The site, run by MediaKing International, a California based Internet services firm, had exactly copied McCain's online campaign contribution Web page and hosted it on its own servers, without permission and with no official affiliation to the McCain campaign.
Unwitting McCain going to the unauthorized site had no idea they weren't directly donating to the McCain campaign. Like the official McCain site, the unauthorized site collected donations via credit card.
========================================================================