[iwar] Historical posting


From: Fred Cohen
From: fc@all.net
To: iwar@onelist.com

Mon, Jan 1, 1999


fc  Mon Jan 1, 1999
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id FAA15269 for iwar@onelist.com; Tue, 18 Apr 2000 05:21:43 -0700
To: iwar@onelist.com
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Mon, Jan 1, 1999
From: Fred Cohen 
Reply-To: iwar@egroups.com
Subject: [iwar] Historical posting

          

FBI unplugs McCain copycat site
The FBI Friday shut down a Web site collecting political contributions for presidential candidate Senator John McCain hours after MSNBC began making inquires into its legal status. The site, run by MediaKing International, a California based Internet services firm, had exactly copied McCain's online campaign contribution Web page and hosted it on its own servers, without permission and with no official affiliation to the McCain campaign. Unwitting McCain going to the unauthorized site had no idea they weren't directly donating to the McCain campaign. Like the official McCain site, the unauthorized site collected donations via credit card. The Federal Trade Commission has dubbed such practices "page jacking" and has already pursued one huge case in which millions of unsuspecting Web surfers were redirected to porn sites as a result of being snagged in the page-jacking scam. http://www.zdnet.com/zdnn/stories/news/0,4586,2444145,00.html

FBI Hacker Caseload Multiplies
The rash of hacker attacks against Web sites continued this week, directed mainly against e-commerce sites, and the FBI reportedly is now investigating a total of 17 distributed denial of service (DDoS) intrusions. News reports today indicate that the number of newly opened FBI DDoS dossiers has quadrupled since the first sites were attacked last week, leading sleuths to theorize that copycats have joined the frenzy with attacks against several less well-known sites. FBI investigators have reportedly confirmed that DDoS attacks have continued, and no one knows when they will end. One agent said that attacks have also occurred against overseas sites. http://www.currents.net/newstoday/00/02/22/news13.html

FBI looks at NZ student in DoS attack investigation Man tells US newspaper he wasn't involved. The FBI is looking at a New Zealand student in its investigation of the recent denial of service attacks on major US Internet sites. The name of the man came up last week along with those of others in the US, Canada and Germany. In his early 20s, he goes by the nickname Venomous and lives in Auckland. In an interview with the US newspaper USA Today, Venomous acknowledged that he was capable of carrying out a denial of service attack, but said he was not involved in the recent spate of attacks. "All it does is call attention to you," he told the paper. http://www.idg.net.nz/webhome.nsf/UNID/DA146ECC445D04C1CC25688B00642BF0!opendocument

SEC Hiring Cybercops
Securities and Exchange Commission (SEC) Chairman, Arthur Levitt, is out to wage war against Internet fraud, and he's hiring the some virtual gumshoes to help him do it. According to a published report in Reuters today, the SEC has already hired half of its desired goal of some 60 new cybercops to ride herd on the "lawlessness," which Levitt believes exists on the World Wide Web. Following last week's hacker attacks on several popular Web sites, Levitt reportedly indicated that the SEC plans to add up to 100 people to its 850-member enforcement staff. This enforcement staff is made up primarily of lawyers and analysts, with about 60 of them dedicated to combating what is being described as "burgeoning Internet fraud." http://www.currents.net/newstoday/00/02/22/news2.html

Israel Pirates Live the Chai Life
"Is Microsoft, yes. But not exactly Microsoft," said the Russian stall-holder -- in heavily accented Hebrew -- on the sixth floor of Tel Aviv's Central Bus Station. The poor graphics and Russian text on his "Microsoft Windows 2000" software give the game away, as does the price: 100 shekels (about US$25) for a CD packed with applications. Bus station visitors can find Microsoft Windows
2000, Office 2000, virus software Symantec, CorelDraw, AutoCad and all kinds of other software -- in English, Russian, and other languages -- not to mention a slew of pirated computer games, music, and videos. http://www.wired.com/news/business/0,1367,34467,00.html

Web attacks: Are ISPs doing enough?
Security experts and Internet users are becoming increasingly vocal about their concerns that high-speed Internet providers are not doing enough to ensure the data security of home users. "It's been two months (since I notified my provider of three potential attacks)," wrote a Santa Clara, Calif.-based Web production manager to ZDNet News Talkback. "And I still haven't heard from (them). I'm not overly concerned about prosecuting hackers ... but I do care about my own privacy and the security of my system." In the wake of the recent denial-of-service attacks against eight major Web sites, including ZDNet, personal security has become less of an add-on and more of a must-have feature for Internet surfers. http://www.zdnet.com/zdnn/stories/news/0%2C4586%2C2444159%2C00.html

Beckett calls for more secure infrastructure
The UK Government should use the lessons learned from the millennium bug to help it deal with the threat from hackers. House of Commons leader and former Y2K minister Margaret Beckett said today that infrastructure protection - keeping the UK's phones, power, financial and transport systems safe from hackers - is the new challenge for this millennium. Beckett was delivering a keynote on protecting the national infrastructure to IT executives in London today. Despite the criticism governments around the world faced following the relatively quiet transition from the last century to the Year 2000, Beckett said the success of the Y2K campaign could help protect against cyber-threats. http://www.vnunet.com/News/107059

Dot-Com firms are hacking each other -- expert
All this talk of fifteen-year-old kids vandalising the Web is a smoke screen behind which dangerous, professional crackers are pleased to take cover, security expert Mark Rasch revealed during testimony before a Senate hearing on Internet security earlier this week. The lure of big, fast-money scores in virtual commerce is making it common for skilled hackers to attack competitors in search of free intellectual property, Rasch said before the Senate Appropriations Subcommittee. The present era of "dot-com millionaires and IPO frenzies and the ease of starting your own business" on the Web is creating "a tremendous amount of competition to acquire intellectual property" by any means at hand, Rasch, a vice president with security outfit Global Integrity, explained. http://www.theregister.co.uk/000218-000018.html

Finjan Warns About Rogue Site
Finjan has issued a warning to its customers about a potentially rogue Web site called Gohip.com. The firm said that the site is one of the first to employ an ActiveX download that automatically modifies several components on a user's PC, including adding its own commercial advertisement for the site at the end of the user's outgoing e-mail. Finjan said that the ActiveX program is an example of unauthorized use of an ActiveX control. Because of this, the firm advised customers to take proper precautions to educate their employees about how Web sites can mislead users by performing operations automatically on their computers without their knowledge. http://www.currents.net/newstoday/00/02/22/news12.html

Disgruntled open-DVD proponent unveils completely useless DeCSS 2.0: In an effort to express his complete and utter outrage at the MPAA over the recent DeCSS debacle, someone known only as "Mr. Bad" has developed a sinister new software that, while taking DeCSS as its name, strips Cascading Style Sheet tags from an HTML document instead of enabling DVDs to be played on Linux. Apparently this is an "'I am Spartacus' type thing"... http://www.totse.com/DeCSS/

KGB successor said to penetrate Internet
The KGB's successor is now also spying on the Internet, raising fears that the information it collects could be used for blackmail and business espionage. "The whole Federal Security Service will be crying tomorrow over your love letters," warns one of the banners angry Russian Web designers have posted on the Internet. Russian human-rights and free-speech advocates say the security service has already forced many of the country's 350 Internet service providers to install surveillance equipment. "Most Internet providers in Moscow, including all the large providers and many in the provinces, have opened a hole" for security agents to peep at traffic, said Anatoly Levenchuk, a Russian Internet expert. http://www.nandotimes.com/technology/story/0%2C1643%2C500171461-500220807-50
1048365-0%2C00.html http://www.sjmercury.com/svtech/news/breaking/ap/docs/233645l.htm http://www.it.fairfax.com.au/breaking/20000222/A32675-2000Feb22.html

Distinguishing `Packet Monkey' Hackers from `Black Hats' Who's been hacking into eBay and Yahoo and other popular Web sites? So far, nobody knows for sure: The technology required for such denial-of-service attacks has been in the public domain for months, easily accessible to any malcontent with a working knowledge of computers. But experts in the Internet underground are betting that the culprits are adolescent misfits looking for cheap thrills and bragging rights. They call them ``script kiddies,'' ``code kiddies,'' or ``packet monkeys,'' brazen teen-agers who use other people's programs to wreak havoc in cyberspace. To the lay Web user, these ``kiddies'' are mysterious and even dangerous figures. But in the hierarchy of the hacking subculture, they're at the bottom of the food chain, vermin who thrive on other people's skills. They're disdained by serious hackers who view themselves as security vigilantes or activists who hack with a purpose. http://199.97.97.16/contWriter/cnd7/2000/02/18/cndin/0787-0005-pat_nytimes.html

Korean domain names snatched by hackers - report
Lax security procedures has led to the theft and resale of two Internet domains from unsuspecting Korean Web site owners, according to a local media report. Korean Internet services firm Internet Plaza City has reported two recent cases in which Internet domain names have been transferred from their rightful owners, according to the Korea Herald newspaper. The ownership of www.prxxx.com and www.wmp3.com was transferred to an Indian and American, respectively, without the knowledge or consent of their original owners. Hackers obtained information from computer systems, entered new ownership records into the domain name database operated by Network Solutions (NSI) and sold the domains on to new owners. http://www.technologypost.com/internet/DAILY/20000223124309111.asp

Dangerous Hacking Agent Discovered
Another, more dangerous Trojan "in the wild" agent can stage deliberate denial of service (DDoS) attacks on Windows environments, Trend Micro Inc., said today. "We've discovered a new agent," Trend Micro Public Education Director David Perry told Newsbytes. "Rather than targeting Solaris boxes, it targets Windows NT, 95 and 98." The agent, identified aS TROJ_TRINOO, gives hackers access to a network through a vulnerable point on a computer within the system. http://www.currents.net/newstoday/00/02/23/news4.html

New hacker software could spread by email
A group of anonymous programmers has released a new version of the software that may have helped shut down Yahoo and Amazon.com earlier this month--one that makes it far easier to launch attacks, computer experts say. The tools, a new version of a software package dubbed "Trinoo," could allow attackers to infiltrate ordinary desktop computers though an innocent-looking email attachment. These computers -- particularly those connected to high-speed Internet services --could then be used as unwitting accomplices in assaults on other Web sites, security analysts say. "(The previous attacks) took someone who knew what they were doing," Trend Micro spokesman David Perry said. "This turns it into a kid-on-the-street problem." http://news.cnet.com/news/0-1005-200-1555637.html

ISPs form alliance for Internet security
Several major Internet service providers and security firm ICSA.net announced on Tuesday the Alliance for Internet Security, an organization formed to smooth communications between high-level Internet providers and prevent attacks like the denial of service incident that downed major Web sites earlier this month. As part of the AIS, member companies will pledge to implement appropriate security measures to prevent themselves from being used a staging ground for future attacks. http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2445137,00.html

Ex-hacker says Japan takes Web safety for granted
The vulnerability of Japan's Internet sites to hackers reflects a tendency in the country to take safety for granted, but Net security was improving, a hacker-turned-computer security expert said on Wednesday. ``They thought there would be no bad guys out there. They took safety for granted,'' Eiji Ishikawa, chairman of computer security firm Artemis, said in an interview on Wednesday. He said Japan has become far more aware of the Web's pitfalls after a series of attacks late last month on government Web sites by hackers who posted messages on Japan's World War Two record, stole personnel files and added links to pornographic sites. http://www.sjmercury.com/svtech/news/breaking/merc/docs/070934.htm

CIA says Russia, China build cyber attack abilities The Central Intelligence Agency said on Wednesday it was picking up growing signs that countries such as Russia and China were developing tools to attack commercial computer networks at the heart of U.S. might. ``We are detecting with increasing frequency the appearance of doctrines and dedicated offensive cyber warfare programs in other countries,'' John Serabian, the CIA's ``information operations issue manager,'' told Congress. He cited public statements by a Chinese general and a senior Russian official -- neither named in his testimony -- to illustrate what he called the importance of ``information warfare'' in coming decades. No other country was identified by name as developing such cyber weapons. But the CIA official said, `The battle space of the information age would surely include attacks against our domestic infrastructure.'' ``Many of the countries whose cyber warfare programs we follow are the same ones that realize that, in a conventional military confrontation with the United States, they will not prevail,'' Serabian said in testimony prepared for the Joint Economic Committee. http://www.sjmercury.com/svtech/news/breaking/reuters/docs/242384l.htm

EU, US Reach 'Tentative' Data Privacy Accord
Although a Commerce Department official on Tuesday told Newsbytes that there is no formal accord, the Wall Street Journal (WSJ) today is reporting that European Union (EU) and US government officials have reached a tentative plan to resolve a data privacy dispute that could have halted e-commerce between companies and individuals in the US and EU member states. EU officials in Brussels referred all questions on the data protection issue to the EU's Washington delegation, though staffers in the DC headquarters were unable to comment on the status of the talks. The potential dispute has been simmering for months, but escalated a head in recent weeks as government officials on both sides of the Atlantic continued to grapple with the enormity of the problem. At issue is the EU Privacy Directive that gives EU member country citizens the right to know about their personal data being held online elsewhere in the EU. http://www.newsbytes.com/pubNews/00/144314.html

Personal-data sites may have to register
Hong Kong-based Web sites that collect personal information may have to register with the Privacy Commissioner's office under a plan that could start as early as next year. Commissioner Stephen Lau Ka-men said yesterday he was drawing up a proposal which would make it mandatory for sites to register the type of personal data they collect, why they collect it and how they protect customers' privacy. Failure to register could incur a fine of up to $10,000 under privacy laws which give the commissioner the power to institute such schemes. http://www.technologypost.com/internet/Daily/20000223094912184.asp

Jaws Technologies' U.S. arm in hunt for hackers
Companies doing own investigations U.S. and Canadian companies that believe they were sabotaged in a series of Web site hacker attacks this month are hiring security firms to investigate the matter on their own. Jaws Technologies Inc.'s newly acquired New Jersey arm is conducting an investigation for at least two organizations attacked during the same time period to determine whether they were intermediaries or separate break-ins, Thomas Welch, director of law enforcement for Jaws, said yesterday. "There are a number of auxiliary hacks around this that haven't made the press, but they did occur," he said. He said the organizations are conducting their own searches for perpetrators rather than going to criminal investigators already on the case because they are worried about negative publicity. http://www.nationalpost.com/financialpost.asp?f=000222/211363


15 Year Old Former Hacker Becomes Multi-Millionaire His name is Rishi Bhat. He's a 15-year old computer genius who lives with his parents in Chicago. And as of today, he's worth around $3 million. A few months ago, Rishi sold the rights to his Internet privacy software product to a Vancouver, British Columbia company -- Rocca Resources Ltd. -- for $40,000 USD cash plus 1.5 million performance shares. On February
9th of this year, Rocca Resources announced a $10 million financing with a Hong Kong group to market the company's Internet privacy software in Asia. The stock was halted as a result, and came back on the Canadian Venture Exchange yesterday at $2.25. It's ironic that during a time in which Internet privacy issues have dominated headlines around the world, a 15 year old self-proclaimed former hacker has become a multi-millionaire. And his new-found wealth has been acquired by applying his intelligence and computer savvy in a positive way: by taking a hacker's approach to figuring out how to better protect businesses and consumers from prying eyes on the Internet. http://biz.yahoo.com/prnews/000223/il_rocca_r_1.html

=============================================================================
   Date: Wed, 23 Feb 2000 20:33:00 -0500
   From: alerts@t...
Subject: Latin America-Hacker Attacks

Latin America-Hacker Attacks

By MARGARITA MARTINEZ Associated Press Writer BOGOTA, Colombia (AP) -- Internet vandals are wreaking havoc in Latin America's fast-growing cyberspace frontier, knocking out everything from a newspaper portal in Colombia to the government's election Web site in Peru.

- From Mexico to Argentina, hackers have left behind mocking graffiti on Web sites they've violated, boasting of their programming prowess and sometimes making political statements.

Elian Gonzalez, the 6-year-old Cuban boy who is the center of an international custody fight, was the subject of Web vandalism in Havana last weekend.

"He doesn't belong in the United States of America. He belongs in Cuba, with his family," wrote the hacker from "Team-Echo," who said he broke into the Cuban Meteorological Institute's site to expose its lax security.

Internet vandals caused millions of dollars in lost business to major U.S.-based Web portals, including Yahoo!  and Buy.com, this month with saturation attacks that made them inaccessible for hours.

In Latin America, it's even easier to break into many Web sites because Internet culture is relatively immature and authorities are generally ill-prepared to respond, experts say.

"The security of Latin American portals is extremely weak. Adequate measures have not been taken to protect them," said John Galindo, whose Bogota company, Digiware, provides security for Web sites in Colombia and Ecuador.

Many Latino cyber-intruders are simply teen-agers testing their mettle, while others are professionals who delve deep inside corporate sites without leaving a trace, Galindo said.

In the past week, 13 attacks were recorded on Latin American sites by a U.S.-based group that catalogues Internet defacements, www.attrition.org.

In Argentina, seven were recorded in a single night, said Gustavo Aldegani, director of the Information Technology Security Group in Buenos Aires.

"These are attacks by enthusiasts who try out (software) tools they download from the Internet," said Aldegani. Favorite targets in Argentina have included the Web sites of e-commerce companies and major corporations, he said.

Peru's election office's Internet pages remained crippled Wednesday, three days after teen-age Brazilian hackers broke in and altered the names of monitors for the April 9 presidential vote, authorities said.

In Colombia, the leading newspaper in Medellin, El Colombiano, had its Web site knocked out for two hours earlier this month.

"They left us a note on the main page, saying basically 'We found a little doorway,'" said Fernando Quijano, the news editor.

Seven of the 27 attacks registered in Peru over the past six months originated in the United States, according to the president of the National Informatics Society, Cesar Vargas.

In Colombia, keepers of the government's Industrial Development Institute said they believe the hackers who defaced their Web pages with skulls and drug-related messages in fractured English last month were either French or Canadian.

Mexico and Brazil currently have about two-thirds of Latin America's Internet users, 3.8 million and 1.5 million, respectively, according to the technology analysts at International Data Corporation.

Cyber-vandalism has received little attention from Latin American governments, which have done little to address digital crime, said Galindo.

Colombia's equivalent of the FBI created a special investigative unit in 1997 for electronic crimes. But it has focused on money-laundering, and the country's penal code doesn't even address cybercrime.

So Internet entrepreneurs often have to fend for themselves.

The Web portal bogota.com opted for a typical solution after a
14-year-old hacked its site a month ago, replacing its logo with a picture of cartoon character Homer Simpson.

Instead of trying to prosecute the youth, bogota.com asked him to help improve its security -- free-of-charge.


============================================================================= FC