[iwar] [fc:Security.Site.Succumbs.Again.To.Hackers]

From: Fred Cohen (fc@all.net)
Date: 2001-10-30 06:13:26
Next message: Fred Cohen: "[iwar] [fc:NJ.Removes.Chemical,.Reservoir.Data.From.State.Web.Sites]"
Previous message: Fred Cohen: "[iwar] [fc:FBI.Seeking.to.Wiretap.Internet]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200110301413.f9UEDRb17029@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Tue, 30 Oct 2001 06:13:26 -0800 (PST)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Security.Site.Succumbs.Again.To.Hackers]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Security Site Succumbs Again To Hackers 
By Brian McWilliams, Newsbytes, 10/29/2001
<a href="http://www.newsbytes.com/news/01/171555.html">http://www.newsbytes.com/news/01/171555.html>

Proving that hackers can sometimes be masters of irony, a popular
security news site has been defaced for the second time this week. 
Visitors to SecurityNewsPortal.com (SNP) Thursday night were greeted by
a statement apparently from Marquis Grove, the non-profit site's
operator.

The attacker's message, which cleverly mimicked the style and format of
an earlier announcement from Grove, said that German
hacker-turned-entrepreneur Kim Schmitz had agreed to finance the site. 
"Soon we will be moving the Web site to his secure, hacker-proof servers
(thanks Kim!). We are also hiring a full-time staff of experienced
hackers to manage the site and its content, since I am not suited to run
such a site. I will manage the business aspects of it, but I will no
longer continue to pose as a hacker," said the phony message, which was
signed "Marquis Grove, YIHAT Vice President of Marketing." 
Yihat, which stands for Young Intelligent Hackers Against Terrorism, is
the controversial group of international hackers organized by Schmitz
with the mission of disrupting the financial networks used by
terrorists. 
The Yihat site at Kill.net, as well as Schmitz's personal site
Kimble.org, were recently defaced by a notorious hacking group called
Fluffy Bunny. 
In an e-mail interview, Grove said today that he anticipated the
redefacement of SNP because the attackers had both motive and
opportunity. 
"The defacer is probably very upset that his original defacement
backfired. I really do not think he expected us to be receiving all
those kind offers of support and secure hosting from major security
companies and the Universities. It must have truly rotted his socks,"
said Grove, who is currently on medical leave from his position as
director of information security for a large telecommunications firm 
On Tuesday evening, attackers defaced SNP with a message, apparently
signed by Schmitz, accusing SecurityNewsPortal.com of catering to
"script kiddies" and accusing the site's operators of being "security
scenewhores." 
Although Grove said he did not believe Schmitz or Yihat were
responsible, he responded Tuesday by posting a statement announcing that
he would discontinue SNP as a result of the defacement. In an interview
after the first attack, Grove said shutting down the site would "prove a
point to the defacer and to the security industry." 
In the wake of the first defacement, Grove reported receiving thousands
of e-mails from supporters as well as offers for secure hosting and
financial assistance. 
The company currently hosting SNP, Skyport Hosting Services, obviously
failed to take the proper measures to properly secure the system
following the first defacement, said Grove. As a result, Grove said he
has instructed the firm to shut down the site until they can determine
how the attackers are getting in and can secure the server. 
Grove told Newsbytes he suspects the two defacements are the work of an
attacker who calls him Gobbles and who vandalized another security site,
New Order, with a similarly ironic message last weekend. 
While many readers apparently were duped by the first defacement of SNP,
few fans of the site are likely to swallow the latest message left by
attackers. 
The defacement implored the media to stop ridiculing the flamboyant
Schmitz, who is reportedly near bankruptcy. 
"This man is an incredible asset to the world right now, and we should
not reward his heroism with unkind words concerning his current state of
bankruptcy," said the defacer's message. 
The latest defacement did contain one piece of somewhat factually
accurate information, according to Grove. 
The bogus message promised SNP would be "re-opening" Oct. 31. In fact,
while Grove plans to bring the site back in the future, he said he is
still considering hosting and financial assistance offers and could not
predict how fast those discussions would proceed. 
A mirror of the latest SNP defacement is at
<a href="http://defaced.alldas.de/mirror/2001/10/26/www.securitynewsportal.com">http://defaced.alldas.de/mirror/2001/10/26/www.securitynewsportal.com> 
. 
The original defacement is online at
<a href="http://defaced.alldas.de/mirror/2001/10/24/www.securitynewsportal.com">http://defaced.alldas.de/mirror/2001/10/24/www.securitynewsportal.com> 
.

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more!
http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Fred Cohen: "[iwar] [fc:NJ.Removes.Chemical,.Reservoir.Data.From.State.Web.Sites]"
Previous message: Fred Cohen: "[iwar] [fc:FBI.Seeking.to.Wiretap.Internet]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:58 PST