Return-Path: <sentto-279987-2818-1002673411-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 09 Oct 2001 18:10:08 -0700 (PDT) Received: (qmail 14301 invoked by uid 510); 10 Oct 2001 01:07:54 -0000 Received: from n32.groups.yahoo.com (216.115.96.82) by 204.181.12.215 with SMTP; 10 Oct 2001 01:07:54 -0000 X-eGroups-Return: sentto-279987-2818-1002673411-fc=all.net@returns.onelist.com Received: from [10.1.1.223] by n32.groups.yahoo.com with NNFMP; 10 Oct 2001 00:26:28 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 10 Oct 2001 00:23:31 -0000 Received: (qmail 661 invoked from network); 10 Oct 2001 00:23:31 -0000 Received: from unknown (10.1.10.142) by 10.1.1.223 with QMQP; 10 Oct 2001 00:23:31 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 10 Oct 2001 00:25:48 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id RAA28598 for iwar@onelist.com; Tue, 9 Oct 2001 17:25:48 -0700 Message-Id: <200110100025.RAA28598@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 9 Oct 2001 17:25:48 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:'Terror.Killers'.Go.On.Site.Defacement.Spree] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit 'Terror Killers' Go On Site Defacement Spree By Brian McWilliams, Newsbytes, 10/9/2001 <a href="http://www.newsbytes.com/news/01/170957.html">http://www.newsbytes.com/news/01/170957.html> More than a dozen Web sites, many of them American, were vandalized today apparently by a group of vigilante hackers calling itself Young Intelligent Hackers Against Terrorism (YIHAT). The attackers replaced the home page of 13 sites with a graphic showing the YIHAT logo and a text message, which included this statement: "YIHAT's mission is focused on one topic: Kill the money sources of terror." A hacker using the nickname RaFa took credit for the defacements in the source code of the defaced pages. RaFa is the name used by a former member of World of Hell, a group that has defaced hundreds of Web sites this year. The YIHAT defacements, most of which were still viewable this morning, contained a link to Kill.net, a Web site operated by Kim Schmitz, a German hacker who founded YIHAT. Neither RaFa nor Schmitz were immediately available for comment on the defacements. In retaliation for the Sept. 11 terrorist attacks on America, RaFa last month defaced a site owned by Aon Corp., an insurance firm with offices in the World Trade Center that lost 200 employees in the attacks. In an e-mail to Newsbytes in September, RaFa said the defacement of the Aon site was "an accident." Among the sites defaced today was Tarjema.com, which is registered to a resident of Washington state, Timothy Gregory. "The only reason I can think of for the defacement would be the fact that my domain name is Arabic. It means 'translation,'" said Gregory, who said the site focuses on Arabic translation and Unix administration. Other YIHAT victims include Abooks.com, an online bookshop operated by a company in North Carolina. An Austrian site, Salzburg-info.co.at, which featured Web cams of the city of Salzburg, was also vandalized with the YIHAT message. Last week, Schmitz claimed that YIHAT breached the name server and firewall of the AlShamal Islamic Bank in Sudan and collected data from the accounts of Osama bin Laden and the Al Qaeda terrorist organization. Schmitz, who provided no proof of his claims, said at the time that he turned the purloined information over to the FBI. The FBI declined to confirm that, or to comment. Officials from CheckPoint, the Israeli manufacturer of the firewall allegedly used by the bank, said they do not believe the hacking occurred. Representatives of ActiveISP, the Norwegian company that hosts the Shamalbank.com site, said the hosting firm has not suffered any security breaches. All the sites defaced by RaFa today appear to be running the Apache Web server and PHP-Nuke, a web portal system written in the PHP scripting language. YIHAT's defacements are mirrored by the Interrorem archive here: <a href="http://www.interrorem.com/defaced/index.php3?grpq=YIHAT">http://www.interrorem.com/defaced/index.php3?grpq=YIHAT> . ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST