💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › HWA › hwa-hn24.… captured on 2022-01-08 at 15:59:45.
⬅️ Previous capture (2021-12-03)
-=-=-=-=-=-=-
[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
==========================================================================
= <=-[ HWA.hax0r.news ]-=> =
==========================================================================
[=HWA'99=] Number 24 Volume 1 1999 July 10th 99
==========================================================================
[ 61:20:6B:69:64:20:63:6F:75: ]
[ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ]
[ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ]
==========================================================================
"software doesn't kill data -- people do."
- Drew Ulricksen from zdnn
HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net
and www.digitalgeeks.com thanks to p0lix for the digitalgeeks bandwidth
and airportman for the Cubesoft bandwidth. Also shouts out to all our
mirror sites! tnx guys.
http://www.csoft.net/~hwa
http://www.digitalgeeks.com/hwa
HWA.hax0r.news Mirror Sites:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.csoft.net/~hwa/
http://www.digitalgeeks.com/hwa.
http://members.tripod.com/~hwa_2k
http://welcome.to/HWA.hax0r.news/
http://www.attrition.org/~modify/texts/zines/HWA/
http://packetstorm.harvard.edu/hwahaxornews/ * DOWN *
http://archives.projectgamma.com/zines/hwa/.
http://www.403-security.org/Htmls/hwa.hax0r.news.htm
SYNOPSIS (READ THIS)
--------------------
The purpose of this newsletter is to 'digest' current events of interest
that affect the online underground and netizens in general. This includes
coverage of general security issues, hacks, exploits, underground news
and anything else I think is worthy of a look see. (remember i'm doing
this for me, not you, the fact some people happen to get a kick/use
out of it is of secondary importance).
This list is NOT meant as a replacement for, nor to compete with, the
likes of publications such as CuD or PHRACK or with news sites such as
AntiOnline, the Hacker News Network (HNN) or mailing lists such as
BUGTRAQ or ISN nor could any other 'digest' of this type do so.
It *is* intended however, to compliment such material and provide a
reference to those who follow the culture by keeping tabs on as many
sources as possible and providing links to further info, its a labour
of love and will be continued for as long as I feel like it, i'm not
motivated by dollars or the illusion of fame, did you ever notice how
the most famous/infamous hackers are the ones that get caught? there's
a lot to be said for remaining just outside the circle... <g>
@HWA
=-----------------------------------------------------------------------=
Welcome to HWA.hax0r.news ... #24
=-----------------------------------------------------------------------=
We could use some more people joining the channel, its usually pretty
quiet, we don't bite (usually) so if you're hanging out on irc stop
by and idle a while and say hi...
*******************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' ***
*** ***
*** please join to discuss or impart news on techno/phac scene ***
*** stuff or just to hang out ... someone is usually around 24/7***
*** ***
*** Note that the channel isn't there to entertain you its for ***
*** you to talk to us and impart news, if you're looking for fun***
*** then do NOT join our channel try #weirdwigs or something... ***
*** we're not #chatzone or #hack ***
*** ***
*******************************************************************
=-------------------------------------------------------------------------=
Issue #24
=--------------------------------------------------------------------------=
[ INDEX ]
=--------------------------------------------------------------------------=
Key Intros
=--------------------------------------------------------------------------=
00.0 .. COPYRIGHTS ......................................................
00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC .......................
00.2 .. SOURCES .........................................................
00.3 .. THIS IS WHO WE ARE ..............................................
00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?..........................
00.5 .. THE HWA_FAQ V1.0 ................................................
=--------------------------------------------------------------------------=
Key Content
=--------------------------------------------------------------------------=
01.0 .. GREETS ..........................................................
01.1 .. Last minute stuff, rumours, newsbytes ...........................
01.2 .. Mailbag .........................................................
02.0 .. From the Editor..................................................
03.0 .. PacketStorm Security begins to rebuild and plans a come-back. ...
04.0 .. New zine from .nz AnarchyNZ......................................
05.0 .. DefCon & www.defcon.org cracked..................................
06.0 .. BO2k to be unveiled at Def-Con on Saturday at 7pm, wait for it...
07.0 .. CIA Not Breaking Into Banks .....................................
08.0 .. SETI@home gets cracked...........................................
09.0 .. Network Solutions DNS Spoofed ...................................
10.0 .. Bad permissions set on passwords stored by WebTrends software....
11.0 .. Three Blind Men Accused of Computer Tampering in Israel .........
12.0 .. FBI Opens Seattle Computer Crime Squad ..........................
13.0 .. Alaska Prosecutes First Case of Illegal Computer Intrusion.......
14.0 .. NOAA website hacked..............................................
15.0 .. U.S not the only ones to have high profile sites hacked .........
16.0 .. Social Engineering Alive and Well ...............................
17.0 .. Snooping OK on Pager Numbers?....................................
18.0 .. Fed Servers Face Severe Security Shortfall ......................
19.0 .. Mitnick in the News .............................................
20.0 .. Home PC Next Target for Hackers .................................
21.0 .. LSA can be crashed ..............................................
22.0 .. Hack-Net announces the BURN ANTIONLINE campaign..................
23.0 .. All-Star voting cheater nabbed ..................................
24.0 .. Hackernews Now Available on Palm VII ............................
25.0 .. U.S. Vulnerable to Cyber Attack .................................
26.0 .. Logging on to cyber-crime .......................................
27.0 .. Parts 1 and 2 of the infowar series ran by the Christian Monitor
28.0 .. Novell Cracker Pandora 4.0 Released .............................
29.0 .. Cypherpunks will hold meeting at DefCon .........................
=--------------------------------------------------------------------------=
RUMOURS .Rumours from around and about, mainly HNN stuff (not hacked websites)
AD.S .. Post your site ads or etc here, if you can offer something in return
thats tres cool, if not we'll consider ur ad anyways so send it in.
ads for other zines are ok too btw just mention us in yours, please
remember to include links and an email contact. Corporate ads will
be considered also and if your company wishes to donate to or
participate in the upcoming Canc0n99 event send in your suggestions
and ads now...n.b date and time may be pushed back join mailing list
for up to date information.......................................
Current dates: Aug19th-22nd Niagara Falls... .................
HA.HA .. Humour and puzzles ............................................
Hey You!........................................................
=------=........................................................
Send in humour for this section! I need a laugh and its hard to
find good stuff... ;)...........................................
SITE.1 .. Featured site, .................................................
H.W .. Hacked Websites ...............................................
A.0 .. APPENDICES......................................................
A.1 .. PHACVW linx and references......................................
=--------------------------------------------------------------------------=
@HWA'99
00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE
OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO
WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT
(LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST
READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ).
Important semi-legalese and license to redistribute:
YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF
AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE
ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED
IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE
APPRECIATED the current link is http://welcome.to/HWA.hax0r.news
IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK
ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL
ME PRIVATELY current email cruciphux@dok.org
THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL
WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL
THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS:
I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE
AND REDISTRIBUTE/MIRROR. - EoD
Although this file and all future issues are now copyright, some of
the content holds its own copyright and these are printed and
respected. News is news so i'll print any and all news but will quote
sources when the source is known, if its good enough for CNN its good
enough for me. And i'm doing it for free on my own time so pfffft. :)
No monies are made or sought through the distribution of this material.
If you have a problem or concern email me and we'll discuss it.
cruciphux@dok.org
Cruciphux [C*:.]
00.1 CONTACT INFORMATION AND MAIL DROP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wahoo, we now have a mail-drop, if you are outside of the U.S.A or
Canada / North America (hell even if you are inside ..) and wish to
send printed matter like newspaper clippings a subscription to your
cool foreign hacking zine or photos, small non-explosive packages
or sensitive information etc etc well, now you can. (w00t) please
no more inflatable sheep or plastic dog droppings, or fake vomit
thanks.
Send all goodies to:
HWA NEWS
P.O BOX 44118
370 MAIN ST. NORTH
BRAMPTON, ONTARIO
CANADA
L6V 4H5
WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are
~~~~~~~ reading this from some interesting places, make my day and get a
mention in the zine, send in a postcard, I realize that some places
it is cost prohibitive but if you have the time and money be a cool
dude / gal and send a poor guy a postcard preferably one that has some
scenery from your place of residence for my collection, I collect stamps
too so you kill two birds with one stone by being cool and mailing in a
postcard, return address not necessary, just a "hey guys being cool in
Bahrain, take it easy" will do ... ;-) thanx.
Ideas for interesting 'stuff' to send in apart from news:
- Photo copies of old system manual front pages (optionally signed by you) ;-)
- Photos of yourself, your mom, sister, dog and or cat in a NON
compromising position plz I don't want pr0n. <g>
- Picture postcards
- CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250
tapes with hack/security related archives, logs, irc logs etc on em.
- audio or video cassettes of yourself/others etc of interesting phone
fun or social engineering examples or transcripts thereof.
Stuff you can email:
- Prank phone calls in .ram or .mp* format
- Fone tones and security announcements from PBX's etc
- fun shit you sampled off yer scanner (relevant stuff only like #2600 meeting activities)
- reserved for one smiley face -> :-) <-
- PHACV lists of files that you have or phac cd's you own (we have a burner, *g*)
- burns of phac cds (email first to make sure we don't already have em)
- Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc in .ram etc format or .mp*
If you still can't think of anything you're probably not that interesting
a person after all so don't worry about it <BeG>
Our current email:
Submissions/zine gossip.....: hwa@press.usmc.net
Private email to editor.....: cruciphux@dok.org
Distribution/Website........: sas72@usa.net
@HWA
00.2 Sources ***
~~~~~~~~~~~
Sources can be some, all, or none of the following (by no means complete
nor listed in any degree of importance) Unless otherwise noted, like msgs
from lists or news from other sites, articles and information is compiled
and or sourced by Cruciphux no copyright claimed.
News & I/O zine ................. <a href="http://www.antionline.com/">http://www.antionline.com/</a>
Back Orifice/cDc..................<a href="http://www.cultdeadcow.com/">http://www.cultdeadcow.com/</a>
News site (HNN) .....,............<a href="http://www.hackernews.com/">http://www.hackernews.com/</a>
Help Net Security.................<a href="http://net-security.org/">http://net-security.org/</a>
News,Advisories,++ .(lophtcrack)..<a href="http://www.l0pht.com/">http://www.l0pht.com/</a>
NewsTrolls .(daily news ).........<a href="http://www.newstrolls.com/">http://www.newstrolls.com/</a>
News + Exploit archive ...........<a href="http://www.rootshell.com/beta/news.html">http://www.rootshell.com/beta/news.html</a>
CuD Computer Underground Digest...<a href="http://www.soci.niu.edu/~cudigest">http://www.soci.niu.edu/~cudigest</a>
News site+........................<a href="http://www.zdnet.com/">http://www.zdnet.com/</a>
News site+Security................<a href="http://www.gammaforce.org/">http://www.gammaforce.org/</a>
News site+Security................<a href="http://www.projectgamma.com/">http://www.projectgamma.com/</a>
News site+Security................<a href="http://securityhole.8m.com/">http://securityhole.8m.com/</a>
News site+Security related site...<a href="http://www.403-security.org/">http://www.403-security.org/</a>
News/Humour site+ ................<a href="http://www.innerpulse.com/>http://www.innerpulse.com</a>
News/Techie news site.............<a href="http://www.slashdot.org/>http://www.slashdot.org</a>
+Various mailing lists and some newsgroups, such as ...
+other sites available on the HNN affiliates page, please see
http://www.hackernews.com/affiliates.html as they seem to be popping up
rather frequently ...
http://www.the-project.org/ .. IRC list/admin archives
http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk
alt.hackers.malicious
alt.hackers
alt.2600
BUGTRAQ
ISN security mailing list
ntbugtraq
<+others>
NEWS Agencies, News search engines etc:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.cnn.com/SEARCH/
<a href="http://www.cnn.com/SEARCH/">Link</a>
http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0
<a href="http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0">Link</a>
http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack
<a href="http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack">Link</a>
http://www.ottawacitizen.com/business/
<a href="http://www.ottawacitizen.com/business/">Link</a>
http://search.yahoo.com.sg/search/news_sg?p=hack
<a href="http://search.yahoo.com.sg/search/news_sg?p=hack">Link</a>
http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack
<a href="http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack">Link</a>
http://www.zdnet.com/zdtv/cybercrime/
<a href="http://www.zdnet.com/zdtv/cybercrime/">Link</a>
http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column)
<a href="http://www.zdnet.com/zdtv/cybercrime/chaostheory/">Link</a>
NOTE: See appendices for details on other links.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm
<a href="http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm">Link</a>
http://freespeech.org/eua/ Electronic Underground Affiliation
<a href="http://freespeech.org/eua/">Link</a>
http://ech0.cjb.net ech0 Security
<a href="http://ech0.cjb.net">Link</a>
http://axon.jccc.net/hir/ Hackers Information Report
<a href="http://axon.jccc.net/hir/">Link</a>
http://net-security.org Net Security
<a href="http://net-security.org">Link</a>
http://www.403-security.org Daily news and security related site
<a href="http://www.403-security.org">Link</a>
Submissions/Hints/Tips/Etc
~~~~~~~~~~~~~~~~~~~~~~~~~~
All submissions that are `published' are printed with the credits
you provide, if no response is received by a week or two it is assumed
that you don't care wether the article/email is to be used in an issue
or not and may be used at my discretion.
Looking for:
Good news sites that are not already listed here OR on the HNN affiliates
page at http://www.hackernews.com/affiliates.html
Magazines (complete or just the articles) of breaking sekurity or hacker
activity in your region, this includes telephone phraud and any other
technological use, abuse hole or cool thingy. ;-) cut em out and send it
to the drop box.
- Ed
Mailing List Subscription Info (Far from complete) Feb 1999
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~
ISS Security mailing list faq : http://www.iss.net/iss/maillist.html
THE MOST READ:
BUGTRAQ - Subscription info
~~~~~~~~~~~~~~~~~~~~~~~~~~~
What is Bugtraq?
Bugtraq is a full-disclosure UNIX security mailing list, (see the info
file) started by Scott Chasin <chasin@crimelab.com>. To subscribe to
bugtraq, send mail to listserv@netspace.org containing the message body
subscribe bugtraq. I've been archiving this list on the web since late
1993. It is searchable with glimpse and archived on-the-fly with hypermail.
Searchable Hypermail Index;
http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html
<a href="http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html">Link</a>
About the Bugtraq mailing list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following comes from Bugtraq's info file:
This list is for *detailed* discussion of UNIX security holes: what they are,
how to exploit, and what to do to fix them.
This list is not intended to be about cracking systems or exploiting their
vulnerabilities. It is about defining, recognizing, and preventing use of
security holes and risks.
Please refrain from posting one-line messages or messages that do not contain
any substance that can relate to this list`s charter.
I will allow certain informational posts regarding updates to security tools,
documents, etc. But I will not tolerate any unnecessary or nonessential "noise"
on this list.
Please follow the below guidelines on what kind of information should be posted
to the Bugtraq list:
+ Information on Unix related security holes/backdoors (past and present)
+ Exploit programs, scripts or detailed processes about the above
+ Patches, workarounds, fixes
+ Announcements, advisories or warnings
+ Ideas, future plans or current works dealing with Unix security
+ Information material regarding vendor contacts and procedures
+ Individual experiences in dealing with above vendors or security organizations
+ Incident advisories or informational reporting
Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq
reflector address if the response does not meet the above criteria.
Remember: YOYOW.
You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of
those words without your permission in any medium outside the distribution of this list may be challenged by you, the author.
For questions or comments, please mail me:
chasin@crimelab.com (Scott Chasin)
Crypto-Gram
~~~~~~~~~~~
CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,
insights, and commentaries on cryptography and computer security.
To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a
blank message to crypto-gram-subscribe@chaparraltree.com.� To unsubscribe,
visit http://www.counterpane.com/unsubform.html.� Back issues are available
on http://www.counterpane.com.
CRYPTO-GRAM is written by Bruce Schneier.� Schneier is president of
Counterpane Systems, the author of "Applied Cryptography," and an inventor
of the Blowfish, Twofish, and Yarrow algorithms.� He served on the board of
the International Association for Cryptologic Research, EPIC, and VTW.� He
is a frequent writer and lecturer on cryptography.
CUD Computer Underground Digest
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This info directly from their latest ish:
Computer underground Digest��� Sun� 14 Feb, 1999�� Volume 11 : Issue 09
�����
��������������������� ISSN� 1004-042X
������ Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
������ News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
������ Archivist: Brendan Kehoe
������ Poof Reader:�� Etaion Shrdlu, Jr.
������ Shadow-Archivists: Dan Carosone / Paul Southworth
������������������������� Ralph Sims / Jyrki Kuoppala
������������������������� Ian Dickinson
������ Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
[ISN] Security list
~~~~~~~~~~~~~~~~~~~
This is a low volume list with lots of informative articles, if I had my
way i'd reproduce them ALL here, well almost all .... ;-) - Ed
Subscribe: mail majordomo@repsec.com with "subscribe isn".
@HWA
00.3 THIS IS WHO WE ARE
~~~~~~~~~~~~~~~~~~
Some HWA members and Legacy staff
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cruciphux@dok.org.........: currently active/editorial
darkshadez@ThePentagon.com: currently active/man in black
fprophet@dok.org..........: currently active/IRC+ man in black
sas72@usa.net ............. currently active/IRC+ distribution
vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black
dicentra...(email withheld): IRC+ grrl in black
Foreign Correspondants/affiliate members
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Qubik ............................: United Kingdom
D----Y ...........................: USA/world media
HWA members ......................: World Media
Past Foreign Correspondants (currently inactive or presumed dead)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
N0Portz ..........................: Australia
system error .....................: Indonesia
Wile (wile coyote) ...............: Japan/the East
Ruffneck ........................: Netherlands/Holland
And unofficially yet contributing too much to ignore ;)
Spikeman .........................: World media
Please send in your sites for inclusion here if you haven't already
also if you want your emails listed send me a note ... - Ed
Spikeman's site is down as of this writing, if it comes back online it will be
posted here.
http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian)
*******************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' ***
*******************************************************************
:-p
1. We do NOT work for the government in any shape or form.Unless you count paying
taxes ... in which case we work for the gov't in a BIG WAY. :-/
2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news
events its a good idea to check out issue #1 at least and possibly also the
Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ...
@HWA
00.4 Whats in a name? why HWA.hax0r.news??
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Well what does HWA stand for? never mind if you ever find out I may
have to get those hax0rs from 'Hackers' or the Pretorians after you.
In case you couldn't figure it out hax0r is "new skewl" and although
it is laughed at, shunned, or even pidgeon holed with those 'dumb
leet (l33t?) dewds' <see article in issue #4> this is the state
of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you
up and comers, i'd highly recommend you get that book. Its almost
like buying a clue. Anyway..on with the show .. - Editorial staff
@HWA
00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Also released in issue #3. (revised) check that issue for the faq
it won't be reprinted unless changed in a big way with the exception
of the following excerpt from the FAQ, included to assist first time
readers:
Some of the stuff related to personal useage and use in this zine are
listed below: Some are very useful, others attempt to deny the any possible
attempts at eschewing obfuscation by obsucuring their actual definitions.
@HWA - see EoA ;-)
!= - Mathematical notation "is not equal to" or "does not equal"
ASC(247) "wavey equals" sign means "almost equal" to. If written
an =/= (equals sign with a slash thru it) also means !=, =< is Equal
to or less than and => is equal to or greater than (etc, this aint
fucking grade school, cripes, don't believe I just typed all that..)
AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21)
AOL - A great deal of people that got ripped off for net access by a huge
clueless isp with sekurity that you can drive buses through, we're
not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the
least they could try leasing one??
*CC - 1 - Credit Card (as in phraud)
2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's
CCC - Chaos Computer Club (Germany)
*CON - Conference, a place hackers crackers and hax0rs among others go to swap
ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk
watch videos and seminars, get drunk, listen to speakers, and last but
not least, get drunk.
*CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker
speak he's the guy that breaks into systems and is often (but by no
means always) a "script kiddie" see pheer
2 . An edible biscuit usually crappy tasting without a nice dip, I like
jalapeno pepper dip or chives sour cream and onion, yum - Ed
Ebonics - speaking like a rastafarian or hip dude of colour <sic> also wigger
Vanilla Ice is a wigger, The Beastie Boys and rappers speak using
ebonics, speaking in a dark tongue ... being ereet, see pheer
EoC - End of Commentary
EoA - End of Article or more commonly @HWA
EoF - End of file
EoD - End of diatribe (AOL'ers: look it up)
FUD - Coined by Unknown and made famous by HNN <g> - "Fear uncertainty and doubt",
usually in general media articles not high brow articles such as ours or other
HNN affiliates ;)
du0d - a small furry animal that scurries over keyboards causing people to type
weird crap on irc, hence when someone says something stupid or off topic
'du0d wtf are you talkin about' may be used.
*HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R
*HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to
define, I think it is best defined as pop culture's view on The Hacker ala
movies such as well erhm "Hackers" and The Net etc... usually used by "real"
hackers or crackers in a derogatory or slang humorous way, like 'hax0r me
some coffee?' or can you hax0r some bread on the way to the table please?'
2 - A tool for cutting sheet metal.
HHN - Maybe a bit confusing with HNN but we did spring to life around the same
time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper
noun means the hackernews site proper. k? k. ;&
HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html
J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d
MFI/MOI- Missing on/from IRC
NFC - Depends on context: No Further Comment or No Fucking Comment
NFR - Network Flight Recorder (Do a websearch) see 0wn3d
NFW - No fuckin'way
*0WN3D - You are cracked and owned by an elite entity see pheer
*OFCS - Oh for christ's sakes
PHACV - And variations of same <coff>
Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare
Alternates: H - hacking, hacktivist
C - Cracking <software>
C - Cracking <systems hacking>
V - Virus
W - Warfare <cyberwarfare usually as in Jihad>
A - Anarchy (explosives etc, Jolly Roger's Cookbook etc)
P - Phreaking, "telephone hacking" PHone fREAKs ...
CT - Cyber Terrorism
*PHEER - This is what you do when an ereet or elite person is in your presence
see 0wn3d
*RTFM - Read the fucking manual - not always applicable since some manuals are
pure shit but if the answer you seek is indeed in the manual then you
should have RTFM you dumb ass.
TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0
TBA - To Be Arranged/To Be Announced also 2ba
TFS - Tough fucking shit.
*w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions
from the underground masses. also "w00ten" <sic>
2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers)
*wtf - what the fuck
*ZEN - The state you reach when you *think* you know everything (but really don't)
usually shortly after reaching the ZEN like state something will break that
you just 'fixed' or tweaked.
@HWA
-=- :. .: -=-
01.0 Greets!?!?! yeah greets! w0w huh. - Ed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks to all in the community for their support and interest but i'd
like to see more reader input, help me out here, whats good, what sucks
etc, not that I guarantee i'll take any notice mind you, but send in
your thoughts anyway.
* all the people who sent in cool emails and support
FProphet Pyra TwstdPair _NeM_
D----Y Kevin Mitnick (watch yer back) Dicentra
vexxation sAs72 Spikeman
p0lix Vexx
Ken Williams/tattooman of PacketStorm, hang in there Ken...:(
and the #innerpulse, crew (innerpulse is back!) and some inhabitants
of #leetchans .... although I use the term 'leet loosely these days,
<k0ff><snicker> ;) shouts to #feed-the-goats and #cache
kewl sites:
+ http://www.securityfocus.com NEW
+ http://www.hackcanada.com
+ http://www.l0pht.com/
+ http://www.2600.com/
+ http://www.freekevin.com/
+ http://www.genocide2600.com/
+ http://www.packetstorm.harvard.edu/ ******* DOWN ********* SEE AA.A
+ http://www.hackernews.com/ (Went online same time we started issue 1!)
+ http://www.net-security.org/
+ http://www.slashdot.org/
+ http://www.freshmeat.net/
+ http://www.403-security.org/
+ http://ech0.cjb.net/
@HWA
01.1 Last minute stuff, rumours and newsbytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"What is popular isn't always right, and what is right isn't
always popular..."
- FProphet '99
+++ When was the last time you backed up your important data?
++ Read email from DNV in the mailbag about a bug in many www on-site search options
++ Packet Storm Security Data Returned
From HNN http:www.hackernews.com/
contributed by Ken Williams
Harvard University has graciously shipped a 17.2GB hard
drive that should contain the complete Packet Storm
Security Archives to Ken Williams. Ken has told HNN that
he is currently investigating the numerous offers he has
received to host the site and hopes to have it back
online soon. He has said that the legal issues
surrounding this mess still need to be resolved.
For more information on this story see the HNN archives.
HNN Archive for July 1, 1999
http://www.hackernews.com/arch.html?070199
++ GOBBLING UP A PAC-MAN RECORD (CULT. 3:00 am)
http://www.wired.com/news/news/email/explode-infobeat/culture/story/20607.html
from Wired News
Practice makes perfect, and someone has reached the
unreachable score on the popular Pac-Man arcade game. It
only took Billy Mitchell 15 years to do it. By
Leander Kahney.
++ INSIDE THE VIRUS WRITER'S MIND (POL. 9:15 am)
http://www.wired.com/news/news/email/explode-infobeat/politics/story/20624.html
from Wired News
Hackers who author the programs that infect PCs are not all
adult sociopaths or adolescent dropouts. But they are
usually male and well-to-do. Vince Beiser reports from
Las Vegas.
++ DEFCON: BRING IN DA NOISE (TECH. 8:15 am)
http://www.wired.com/news/news/email/explode-infobeat/technology/story/20621.html
from Wired News
The annual hacker convention kicks off in Las Vegas Friday.
Some will be here for talk of exploits and scripts. Others
just want to party. By Polly Sprenger.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
++ MAILZONE'S NEW MP3 MONITOR (CULT. 3:00 am)
http://www.wired.com/news/news/email/explode-infobeat/culture/story/20619.html
from Wired News
New software can block MP3 file attachments in corporate
email and tell the difference between legal and illegal
music files. Skeptics abound. By Joe Ashbrook Nickell.
++ REPORT: MIDEAST MISSES THE NET (POL. 3:00 am)
http://www.wired.com/news/news/email/explode-infobeat/politics/story/20616.html
from Wired News
Censorship, taxes, and traditional Muslim mores have curbed
Net use throughout much of the Middle East. A human rights
organization reports on the restrictions. Declan McCullagh
reports from Washington.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
++ EX-SPAM KING SHOWS NO MERCY (POL. 3:00 am)
http://www.wired.com/news/news/email/explode-infobeat/politics/story/20618.html
from Wired News
Once the undisputed king of spam, Sanford Wallace sues a
competitor for US$1 million for allegedly libeling him as a
spammer. By Deborah Scoblionkov.
++ ONLY YOU CAN PREVENT CYBERCRIME (POL. Wednesday)
http://www.wired.com/news/news/email/explode-infobeat/politics/story/20609.html
from Wired News
The man charged with streamlining the US government's cyber
defenses says the public and private sectors must share
resources to prevent attacks. Vince Beiser reports from
Las Vegas.
Thanks to myself for providing the info from my wired news feed and others from whatever
sources, also to Spikeman for sending in past entries.... - Ed
@HWA
01.2 MAILBAG - email and posts from the message board worthy of a read
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: dev-null@no-id.com
Date: Fri, 9 Jul 1999 20:13:53 -0400
Message-Id: <199907100013.UAA02126@pistol.cde.com>
To: hwa@press.usmc.net
Reply-To: hwa@press.usmc.net
Subject: Credit Card
reply-to: gadjoman@bigfoot.com
This time there is some news in france:
It seems that a french techincian was able to break the credit card system used in france
(and worldwide) using some common hardware. Using his PC, he build a false credit card and
used it (not in an illegal way).
Of course, being a "good" citizen he warned the "banque de fance" (fench cental bank) of
the poblem. To thank him, he had the visit fom the fench cops and was chaged of credit card
fraud ...
for more infomation (sorry it is all in fench) see: http://altern.org/humpich/
and http://www.zataz.com/Magazine/SH.html
gadjo
--
This message has been sent via an anonymous mail relay at www.no-id.com.
-=-
From: "DNV" <dnv@xxxxxx.dk>
Reply-To: "DNV" <dnv@xxxxxxx.dk>
Date: Wed, 7 Jul 99 23:40:48 +0100
To: hwa@press.usmc.net
Subject: a small Bug..and maybe old...I don't know!
HI!!
Great Mag you got...keep you the good work.
Anyway....
I write to you because I found a funny 'bug'.
On many homepages there is a "search" botten ,try it!!
I tryed and found alot of funny stuff like emails,login...
and other stuff. It can give you a good idea if you are going to SE the firm. The best
to look for is files like .dat .passwd .htpasswd and other system files that
are interesting too "look" at.
----
Here is one the exampel i tryed:
www.global-one.net (a very BIG ISP)
search for .dat
http://www.global-one.net/en/consultant/con-reg.dat
----
I have seen many other site with the same 'bug' ,but I really don't know is its a old bug..
or just a programmer error.
please give me some credit for it if you are going to
publish it and if its any good.... (I hope so....hehehe)
------------
Your fan and friend...
DNV@xxxxxxx.dk
================================================================
@HWA
02.0 From the editor.
~~~~~~~~~~~~~~~~
#include <stdio.h>
#include <thoughts.h>
#include <backup.h>
main()
{
printf ("Read commented source!\n\n");
/*
*Seems like Ken's doing ok with his data, after all the hullaballoo and
*yellin it turns out Harvard kicked up the data that consisted of his
*site so that poor packetstorm.nl.linux.org 486 needn't have gone thru
*all that networking pain, well maybe this was a wake up call a great site
*like PSS *should* be mirrored and it sounds like this is whats in the
*works now with the new 'multiple server approach' to the rebuilding of
*the site, so soon all you leeches (like me) can jump back in and grab
*your fill of the 0-day security juarez....
*
*
*Meamwhile, slim pickings this week, i'm not rich and can't afford the
*flight to DefCon so i'll be reporting third hand as usual as to what's up
*and will keep you up to date on the webcasts and shit like Parse doing a
*gig from the conf... so this issue will probably be released after FedCon
*erh DefCon 99...in case you hadn;t figured that out by reading it now.
*
*THE NEW AND IMPROVED (MORE STARCH!) ISSUE #24 IS NOW ON YOUR SCREEN!
*visuals by Cruciphux, lenses by my Dad, Colour by colourful puppies
*
*/
printf ("EoF.\n");
}
Congrats, thanks, articles, news submissions and kudos to us at the
main address: hwa@press.usmc.net complaints and all nastygrams and
mailbombs can go to /dev/nul nukes, synfloods and papasmurfs to
127.0.0.1, private mail to cruciphux@dok.org
danke.
C*:.
@HWA
03.0 PacketStorm Security begins to rebuild and plans a come-back
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From packetstorm.genocide2600.com July 6th 1999
The index.html; (links not included, check it out yourself)
Packet Storm Security is Closed.
But it will be coming back soon, bigger and better than ever, to servers (yes, servers is very plural) near you.
And, of course, it'll be sponsor-free, banner-free, no membership fee. Just plain fucking FREE. :)
The way your personal and network security and privacy should be.
FREE Security and Crypto warez here:
ATTRITION
Bruce Schneier's Counterpane Systems
Spaf's Hotlist
HNN
HNC
Insecure.org
John Young's Cryptome
L0pht Heavy Industries
s e c u r i t y f o c u s
Technotronic
pgp keys are cool
click me!
click me too!
Hit me, baby!
You are visitor number 1 since Dec 31, 1969.
view the source, luke.
The HTML Source;
<!--- what does JP really have to say?
"One hardly has to "hack a webpage" to get their point of view told. That's the wonder of the Internet." -- John Vranesevich, Founder, AntiOnline
"I'd like to take this opportunity to say that I do all of the html on this site by hand." -- John Vranesevich, Founder, AntiOnline, 10-13-98
"I'm on AOL's restricted list. Oh well, it's worth it. Hahaha." -- John Vranesevich, Founder, AntiOnline, 10-13-98
"'Confessions of a Script Kiddie', I can see it now..." -- John Vranesevich, Founder, AntiOnline, 10-5-98
"Hack a site today, develop a strong political agenda tomorrow." -- John Vranesevich, Founder, AntiOnline, 10-5-98
"For those neophytes reading this right now, he is NOT a hacker, he's what we in the computer security field call a jack ass." -- John Vranesevich, Founder, AntiOnline, 9-9-98
"I just don't want to see anyone getting hacked, fired, or arrested, for publishing an article here on AntiOnline." -- John Vranesevich, Founder, AntiOnline, 7-22-98
"It would take a lot more than an act of congress to get AntiOnline shut down." -- John Vranesevich, Founder, AntiOnline, 7-13-98
"Do we object to hack attempts against our system? Well, I certainly haven't handed out invitations. But, being the type of site we are, and being as hated as I am, it's something that I've come to expect." -- John Vranesevich, AntiOnline Founder, getting a clue on 3/15/99
"Well, some have written me accusing me of being a flat out biggot. But, I think that every week I take the opportunity to rag on a different country, nationality, or a University of Pittsburgh employee, equally." -- AntiOnline Founder John Vranesevich (JP), 3/22/99
"Ok, last year it was some dude named Kalid Ibrahim from Harkat-ul-Anser with his yellow rider rent-a-truck, this year it's a disgruntled Brazilian. BTW: it's not my fault that their president can't get head." -- AntiOnline Founder John Vranesevich (JP), 3/22/99
"Well, most of my investment money went to support a cocaine addiction, everything that I have left is going towards re-hab." -- AntiOnline Founder John Vranesevich (JP), 3/22/99, explaining what happened to all of the AntiOnline funding capital
"As for my lobby, it's hardly unkept. We have a team of migrant mexican workers come in weekly to vacuum and dust." -- AntiOnline Founder John Vranesevich (JP), 3/22/99
"Is it just me, or does this guy sound like he's spewing out propaganda fed to him by Janet Reno herself?" -- John Vranesevich, AntiOnline Founder, 4/5/99, responding to criticism from NeonSurge
"The first minute I'm running a hacker underground railroad, the second I'm secret agent man." -- John Vranesevich, AntiOnline Founder, 4/5/99
"Let's keep one thing straight. I never 'been there and done that'. I've always been on the right side of the law as far as those sort of things go (well, as far as all things go for that matter). In my case it's more like 'was there, watched that from a distance, took notes'. Heh." -- John Vranesevich, AntiOnline Founder, 4/5/99
"God help me if she ever becomes a computer security expert." -- John Vranesevich (JP), AntiOnline Founder, 4/20/99, referring to his mother
"Ok, so she wasn't a bitch, she was a whore (Did that last comment go to far? Last thing I need is to loose corporate sponsors. Oh well...)." -- John Vranesevich (JP), AntiOnline Founder, 4/26/99
"If you see a man standing on a street corner snorting crack with a bunch of hookers, you can assume he's not the neighborhood priest. Well, you used to be able to assume that." -- John Vranesevich, AntiOnline founder and crackhead, in his "How To Be A Hacker Profiler - III" article
"Believe me, you'll never know the true meaning of the word "cracker" until you've been down there [Tennessee]." -- AntiOnline Founder and ignorant bitch, John Vranesevich, 5/10/99
"Start talking badly about the 'founder' of the group to other 'members' ... spread lies or rumors ... make fictitious posts to popular underground webboards." -- John Vranesevich, AntiOnline founder and crackhead, 5/3/99
"Unfortunately, I've found myself looking in the mirror with disgust these past few months." -- John Vranesevich, Founder, AntiOnline, 6/4/99
//-->
<!-- for the record --
AntiOnline's claims that i posted harassing and threatening comments, that i threatened JP and family,
that i posted anybody's names and addresses, that there was gay porn and "nuns covered in seminal fluid"
are all pure BULLSHIT.
You are free to believe what you want. JP's statements above say it all, imho.
//-->
-=-
Here's an article of interest linked to from the old packetstorm url...
http://www.globe.com/dailyglobe2/184/metro/Harvard_defends_role_in_dean_s_resignation_amid_porn_claims+.shtml
Harvard defends role in dean's resignation
amid porn claims
By James Bandler, Globe Correspondent and Ross Kerber Globe Staff, 07/03/99
n his first public comment on the matter, Harvard President Neil L.
Rudenstine has defended his university's role in the forced resignation
of the Harvard Divinity School dean who stepped down last fall amid
allegations of pornography use on his office computer.
Rudenstine rejected criticism in the press that divinity school technicians had
violated the privacy of Dean Ronald Thiemann by notifying authorities about
the presence of pornography on his office computer.
''At no time did any Harvard personnel violate Professor Thiemann's privacy,''
Rudenstine said in a written statement released Thursday.
The role of the university's technology staff was reviewed at the senior levels
of the university and there was nothing invasive or inappropriate about the
staff's actions, he said.
''Rather, staff members repeatedly and over a period of more than a year
carried out tasks that the dean directed them to perform, consistent with their
official duties, in a place that had clearly become part of their professional
work environment.
''In so doing, they were unavoidably and involuntarily exposed to inappropriate
materials which they found to be not only offensive, but severely distressing.''
Thiemann, who presided over the divinity school for nearly 13 years, stepped
down in November citing personal and professional reasons. He has not
commented publicly on the matter.
Thiemann's lawyer, Harvard Law School professor Charles Ogletree, said
Thiemann was profoundly disappointed by Rudenstine's statement. He said
that it was difficult to understand why the university did not contact Thiemann
about the allegations earlier if there really had been problems for a year.
''Dean Thiemann has made every effort to respect and maintain the privacy
for him and his family and has avoided any public comment on the allegations,''
Ogletree said. ''After 13 years of unprecedented success serving as dean of
the divinity school, there is a strong feeling that he is now being kicked in the
stomach when he's down, while the university continues to protect the privacy
of those who have made allegations against dean.''
Sources at Harvard said the pornographic material was discovered in October
on Thiemann's Harvard-owned computer after he requested a new hard drive
to replace his existing one, which was full. The computer was in the office of
Thiemann's Harvard-owned residence.
Sources said that an explicit pornographic image was on the computer screen
when a technician walked into the room. Ogletree said the incident did not
happen.
In a process that involved down-loading the files from the old hard drive to the
divinity school's mainframe to the new hard drive the technician saw sexually
explicit file names crossing the screen, according to sources.
Because of the presence of so many image files, the file transfer process took
an entire work day, the sources said. When the technician's supervisor
inquired why the transfer was taking so long, he did not want to answer, but
eventually did, the sources said.
Rudenstine said in his statement that staff members were ''reluctant to report
the matter,'' and eventually spoke only to senior officers at the divinity school.
After consultation, the senior officers reported the facts to the university
president's office, Rudenstine said.
After the pornography scandal became public this spring, Thiemann became
something of a reluctant cause celebre among Internet privacy rights activists.
In the Thursday edition of the Boston Phoenix, media critic Dan Kennedy
singled out Rudenstine in his annual ''Muzzle Awards,'' a list of people who
Kennedy said undermine free speech.
Harvard, for the most part, declined to respond to the attacks. But it was the
recent remarks of Harvard Law School professor Alan Dershowitz that
prompted the university to defend its beleaguered information technology staff
after he referred to them as ''snoops'' and ''peeping toms.''
In other Harvard news, the university said that on Wednesday its technicians
removed an independently produced Web site from school computers after
receiving a complaint that it contained offensive material.
University spokesman Joe Wrinn said the site was operated by a group known
as PacketStorm Security, led by a site administrator in North Carolina.
Harvard had made an unusual agreement recently to host the popular site in
order to help distribute software security tools.
But in addition, the PacketStorm's site included graphic sexual images and
other material apparently intended to satirize a rival Web site, AntiOnline.com,
devoted to software security matters.
According to a letter to Harvard from AntiOnline founder John Vranesvich,
the PacketStorm site included ''a large archive of libelous and, to put it bluntly,
sick material,'' including '' images ranging from people engaged in homosexual
activities, to a nun that appears to be covered in seminal fluid.''
The descriptions were accurate, said Harvard spokesman Wrinn, prompting
the university to remove the site from its computers because it violated school
policies. Harvard is in the process of returning the data to PacketStorm
administrator Ken Williams, Wrinn said.
Williams could not be reached for comment, but in a letter posted on a
different site on the Web he denied that his site had posed a threat to
Vranesevich and complained that in shutting down the site, Harvard acted
inapropriately, because ''no laws or rules were broken on my part.''
This story ran on page B3 of the Boston Globe on 07/03/99.
� Copyright 1999 Globe Newspaper Company.
@HWA
04.0 New zine from .nz AnarchyNZ
~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://surf.tO/AnarchyNZ
A new zine has just started up which intends to cover the underground scene in Auckland
New Zealand, (a small island just off the coast of Australia)
check em out they're brand new and looking for members...
@HWA
05.0 DEFCON
~~~~~~
Friday June 9th, DefCon starts, www.defcon.org gets hacked by ADMcrew, claiming to be
representing ADM-con, checked this hack out it looks almost too neat to be for real but
who knows? as a courtesy the original page is linked to at the bottom of the hacked page
Intro; (Wired)
Coming Soon: Back Orifice 2000
by Niall McKay
3:00 a.m. 30.Jun.99.PDT
An underground computer security group is poised to release a new version of a
notorious software program that could allow crackers to watch and listen in on
Windows-based PC users.
The Cult of the Dead Cow said it will release Back Orifice 2000 on 9 July -- at
the annual Def Con convention in Las Vegas.
"This will demonstrate that Microsoft's operating systems are completely
insecure and a bad choice for consumers and businesses who demand privacy,"
said Oxblood Ruffin, a former United Nations consultant and current Cult of
the Dead Cow spokesman.
Def Con is perhaps the most unusual gathering in the computer security field.
Hackers, crackers, and self-proclaimed security experts will mingle with media,
security professionals, federal law enforcement officers, and "script kiddies"
who deface Web pages with prefab cracking code.
Security groups of all stripes use the occasion to release software and show
off gadgets. But Back Orifice 2000 is perhaps the most anticipated item.
Unlike previous versions of the software, Back Orifice 2000 will run on Windows NT
and feature strong encryption and a modular architecture that the group said
will allow hackers and other security groups to write plug-ins.
The program will be released as open source to encourage further development
by the security community.
Back Orifice, released at last year's DefCon, may allow malicious users to monitor
and tamper with computers without the permission or knowledge of their owners.
The program is classified as a Trojan Horse because crackers need to dupe the
user into installing an application on their hard disk. Despite this, Oxblood Ruffin
said that the program is currently installed on up to a half-million PCs
worldwide.
Though that number could not be independently verified, an Australian
computer security group last November said that 1,400 Australian Internet
accounts have been compromised by Back Orifice.
Back Orifice 2000 also promises to be a great deal more difficult to detect than
its predecessor because it enables users to configure its port setting. Previously,
intrusion detection and antivirus programs could detect Back Orifice because it used
a default port setting of 31337.
A Microsoft Windows NT Server security manager said the company is closely
monitoring Back Orifice development and is working with antivirus and intrusion
detection software vendors to provide customers with utilities to combat the
software.
"Trojan Horses are not technological issues but a social engineering problem
because they rely on the ability of the cracker to trick the user into running an
application," said Scott Culp.
"It's just a fact of computer science that if you run a piece of code on your
machine you run the risk making your system vulnerable."
The solution, according to Culp, is to ensure that users do not install any
software from untrusted sources and regularly update antivirus and intrusion
detection programs.
Also at the show, independent security consulting firm L0pht Heavy Industries will
release AntiSniff, a network monitoring tool, and will announce BootyCall, a
PalmPilot War Dialer. Such programs will automatically dial telephone numbers in
sequence, looking for modems.
Zero-Knowledge Systems is also expected to provide further details about Freedom,
a network of servers promising total online anonymity.
Def Con will also feature some of its legendary sideshow attractions, such as
the Spot the Fed contest. In this game, conference attendees are invited to point
out suspicious attendees who may be working for federal law enforcement
agencies. Winners will be awarded an "I spotted the Fed" T-shirt.
Other diversions include a fancy dress ball, Hacker Jeopardy, and the Hacker
Death Match, a game that enables hackers to take their flame mails out of
cyberspace and into reality by dressing up in giant inflatable Sumo suits to do
battle.
Well-heeled attendees are invited to a US$100 outing to Cirque du Soleil.
Meanwhile, the conference will include sessions on how to detect wiretaps; the
art and science of enemy profiling; hacking ethics, morality, and patriotism;
cyber-forensic analysis; and a talk on the practice of hiring hackers as security
consultants.
-=-
And DefCon; heres an update from Wired on defcon;
DefCon: Bring in Da Noise
by Polly Sprenger
8:15 a.m. 8.Jul.99.PDT
Every year it's the same.
DefCon rolls around, and every media outlet churns out an article citing an "old
school" hacker complaining that the "script kiddies" don't have any skills, don't
have any respect, and never had to rebuild an Altair with their bare hands.
Here you go: "I've been a hacker since before there were microcomputers," said
Chris Tucker, a one-time hacker who is now semi-retired due to arthritis. "I see
[DefCon] as an opportunity to act like a mentor, to say 'this is how it should be
done, don't give in to the dark side kids.'"
But while the older generation of DefCon attendees is hand-wringing over the fact
that "kids these days don't even write their own exploits anymore," the younger
generation is busy donning fright wigs and fingernail polish in preparation for another
DefCon staple: the raves.
Hackers and raves have gone hand in hand since the industrial music of the '80s
gave way to the electronica of the '90s, said The Clone, one of this year's
attendees.
"DefCon is a weekend event held from early in the morning until about 10pm," he
said. "What's there to do between then and morning? Sleep? Of course not. Going
raving is where it's at."
This year's conference coincides with the anniversary party of Candy FactorE, a
locale that The Clone said has propelled the Vegas raving scene.
"Two underground scenes combine in one city. What could be better?," he asked.
Brian Fite of HSK, a security-interest site, said that even the music divides the
old-timer hackers from the younger generation.
"I came out of hard core punk, the old school," he said. "Now, house music and
raves is the 'underground.'"
But if raves is what they come for, raves is what they'll get, Fite said. More than
24 bands and DJs have been invited to perform onstage at DefCon. Their musical
genres, listed on the DefCon site, range from industrial to house to jungle to
trance.
Brandon Cox, another HSK staffer attending DefCon for the first time, said
he expects the difference between the two groups of hackers to be obvious: "All
the young guys will be walking around in baggy pants and Adidas', and all the old
guys will be wearing Doc Martens and black T-shirts."
The musical performances will be Webcast by Pirate Radio UK, for anyone
who wants to experience the music remotely.
Cox, 25, said hackers of his generation are attracted to the techno music both
because of its roots in technology and the way it draws together the
underground. "I think it was young, outcast kids, looking for a way to fit in,"
Cox said.
"Maybe it's more that everybody is accepted," said Fite. "A lot of these
hip-hop kids dress weird, and accept other, different cultures. Diversity is good
for the species."
But ravers, like non-malicious hackers, resent the image that gets presented to
the public about their subculture.
"There have been rumors of undercover reporters looking for 'hot' sweeps week
stories in raves," said "Driz," a Vegas-area raver. "One misinformed story gives off a
surprising amount of bad impressions. If there's a trace of something juicy,
reporters seem to turn on their hidden cameras and focus on the negativity."
But ravers like Driz can see past the negativity. "There is nothing better when
there's a smile on every face, the music is thumpin', everyone's dancing, and the
vibes are good!"
More from Wired;
Fear and Hacking in Las Vegas
by Polly Sprenger
3:00 a.m. 10.Jul.99.PDT
LAS VEGAS -- The sun rose Friday morning on the first day of Def Con, the
annual hacker conference, with labor crews hosing down the parking lots and
the highways.
Workers were dealing with the aftermath of an unexpected thunderstorm that shut
down the airport Thursday and left the city sunk in a thick layer of mud.
More than 600 of Def Con's 6,000 expected attendees were already in town
for the Black Hat security conference. The timing was unfortunate, however.
Next door to the predominately male-attended Black Hat conference was
a teenage dance competition, where, after spending the day listening to talks
on security issues, attendees could watch adolescent dancers shaking their
groove thang.
"Someone's gonna get arrested," sighed Chris, from Toronto, in the bar of the
nearby Hard Rock Cafe later.
But by mid-morning, hackers shook off their Thursday night hangovers to
descend on the convention hall. Hacker groups and enthusiasts did a brisk trade
in T-shirts, hacker equipment, and zines.
As a TV crew cruised the hall, an organizer asked everyone to be mature
and not deface the camera.
"Be good, and next time Mom will let you wear the big pants," he said to the
youthful, baggy-panted crowd.
Convention-goers were testing their competitive side in the sixth annual Spot
the Fed contest (several agents were outed by early afternoon), and by
donning inflatable sumo wrestling suits for a little all-in-fun mock violence.
"Always wanted to beat up some punk on the mailing list? You really hate the
person who always argues with you?" DefCon organizers asked. "How about media
vs. the underground? Or feds vs. hackers? We've rented giant inflatable
sumo suits for you to do battle."
T-shirts like "I miss crime" and "I hate stupid people" caught approving glances
from the crowd, while a photographer wandered around the room snapping
shots of any available woman for the "Babes of Def Con" photo album.
Outside the smoky, crowded hall, a group of younger attendees was gleefully
stringing cable from hotel room to hotel room, beefing up the paltry connection
offered by the Alexa Park convention center and resort.
The "day in the sun" feeling was soured a bit as a group of security enthusiasts
posted "wanted" signs accusing John P.Vranesevich, founder of AntiOnline, of
criminal activities. They accuse the computer security pundit of paying
crackers to hit sites in exchange the scoop.
Vranesevich and his supporter, Happy Hacker Carolyn Meinel, vocally deny that
he has done anything wrong, and point the finger back at the accusers, who
have posted material about Vranesevich on their Web site.
The controversy escalated last week, when a popular site for security
information, PacketStorm, was removed from its host server at Harvard after
university officials were told that the site had negative and allegedly libelous
information about Vranesevich on it.
But according to Brian Fite of HSK, the tension only adds another dimension of
excitement to the goings-on.
Also on the underground agenda is a party to announce the "launch" of Back
Orifice 2000, a hacking tool for Microsoft office 2000; a formal black-and-white ball
where T-shirts will be traded in for tuxes; and assorted, sordid all-night raves.
-=-
The aftermath according to HNN;
Defcon Recovery
contributed by Space Rogue
We are still hung over and recovering from Defcon this past weekend. Our plane landed just hours ago and we
are currently reading the 1200+ emails that have piled up over the last six days. We should hoepfully have
regular news for your tomorrow.
Defcon Notes
The estimated attendance for Defcon this year was 3000 people. 1200 more people than last year.
The BO2K presentation was standing room only. A few early copies of BO2K were thrown out to the crowd on
CD. Someone took one of those copies and duplicated it. Unfortunately the dups are infected with CIH. If you
did not receive an original copy be sure to double check it.
Carolyn Meinel was escorted out of the Alexis Park Hotel. The official reason given for the ejection was due
to two seperate violations of press privilages.
The Defcon.org Web Page was cracked just as the con was starting on Friday. We should hopefully have an
archived copy soon.
We hope to return to full coverage of all the news tomorrow. Hopefully we will be sober by then.
-=-
The NYTimes;, Contributed by someone on IRC (#feed-the-goats?) sorry forget your nick...
Hackers Say Government Falls Short on
Computer Security
By MATT RICHTEL
AS VEGAS -- A White House official took a verbal pounding
Friday night at a conference of computer hackers and security
professionals, some of whom accused the Government of inadequately
protecting its computers.
The criticisms came during a panel debate called "Meet the
Feds" at Defcon, the annual gathering of computer hackers.
After the discussion, Jeffrey A. Hunker, senior director for
infrastructure protection for the National Security Council,
conceded that the hackers have a point when they say that the
Government has far to go. "We have something to learn from
them," he said.
Malicious hackers, known as "crackers," have taught the Government
several lessons in recent months, taking down several major Web sites
including those of the White House, Senate and FBI.
Many of the more than 2,000 attendees at Defcon VII are not interested
in wreaking havoc. They are computer security professionals and hackers
with a general interest in deconstructing computer code, although their
standard black attire and occasional arrogance gave the conference some
menacing overtones.
Around 400 attendees gathered in a main auditorium to hear Hunker
speak, and some took him to task and accused the Government of
ignoring security issues for too long.
Chief among the criticisms was that the
Government should not rely so heavily on
software from the Microsoft Corp. The
company is a perennial whipping boy at Defcon
because many of its programs have been shown
to contain security flaws.
Hunker and several other Government
employees on the panel, including a
representative from the Defense Department,
said they have been hampered by limited funds and a lack of qualified
technical personnel. Hunker said the Government is pouring resources
into the security problem and that President Clinton's proposed budget
for fiscal year 2000 includes $500 million in financing for research and
development, of which a portion would go to bolstering the computer
infrastructure.
"Almost all of the systems we are dependent on have significant
vulnerabilities," Hunker said. "This conference is about identifying the
vulnerabilities."
Some in attendance responded well to Hunker's conciliatory
tone, complimenting him afterwards on his effort to start a
dialogue with hackers. Hunker said that while he has followed
cutting-edge hacking technology, the conference was
the first time he has immersed himself in hacker culture.
At least one hacker in the crowd was unforgiving. "I hope they hack all
the '.gov' sites in the next 12 months, just like they said they would," said
a hacker in his mid-20s who identified himself only as "Codepoet,"
referring to threats from cracker groups to take down all Government
Web pages. "There's a lot of arrogance on the part of the Government
about technology," he said.
Contributing to the tension between hackers and Government officials at
the conference were the recent raids by the FBI on computer crime
suspects. In June, a new cybercrime unit overseen by the United States
Attorney's office in Dallas said it had issued 16 warrants in 12
jurisdictions after a year-long investigation into hacking-related crimes,
but had not yet charged anyone.
Before Defcon began, its organizers insisted the raids would have minimal
impact on the conference. But a handful of crackers who confessed to
participating in illicit activities privately whispered that they have
newfound concerns about whether they might be next.
"They reacted, so we reacted, so they reacted, so we reacted," said
Codepoet, referring to the arms race between crackers and government.
(He identified himself as a hacker, not a cracker.) The tension "is
somewhat heightened," he said.
Marc Maiffret, also known as
Chameleon, had his home
raided by the FBI last summer
but was never charged with a
crime. He said the raids have
frightened some of the young
hackers. Maiffret said he now
works as a computer security
professional. "People are
afraid," he said. "There is a lot of
pressure to go legit."
Some said they were on edge because they did not know who might be
raided next or what activities might put them on the radar of Government
agents. That uncertainty is perpetuated in part by the Government itself,
which has not yet issued any charges or made arrests in relation to the
June raids.
Nor has the Government said what areas of computer activity it is
targeting, besides stating generally that the activities under investigation
include stealing and misusing credit card numbers and computer
passwords. A spokeswoman for the United States Attorney's office in
Dallas, where the year-long investigation originated, declined to comment
on what she described as an "ongoing investigation."
However, a representative of the Nevada Attorney General's office who
spoke at Defcon conceded that the Government is having trouble finding
evidence of crimes on computers that it has confiscated.
"We're behind on this stuff," said Kevin Higgins, Nevada's Chief Deputy
Attorney General. "We may have gotten warrants and computers, but we
may not know how to find" the evidence, he said.
In some respects, it is notable
that these high-ranking
Government officials came to
mingle with a gaggle of hackers
and crackers at all. The image is
in stark contrast to the origins of
Defcon seven years ago, when it
truly was a small gathering of
insiders from the hacker
underground.
It used to be that hackers who
spoke to the press were derided by their peers as "media whores." But
this year, for the first time, the organizers of Defcon hired a publicity firm
to work with reporters and set up interviews. Among the firm's other
clients are Alicia Silverstone and Michael Richards (Kramer from
"Seinfeld") -- not exactly icons of underground culture.
Some hackers said privately that Defcon, which was conceived as an
underground gathering and flourished that way, may be dying as it
attracts a more diverse crowd. But the newfound openness may well suit
Hunker, the White House official, and others who want to co-exist with
hackers and even learn from them.
"I want to get to know the hacker community better," he said. "These
people are America's future."
Related Sites
These sites are not part of The New York Times on the Web, and The Times has
no control over their content or availability.
Defcon
Matt Richtel at mrichtel@nytimes.com welcomes your comments
and suggestions.
-=-
From ZDNet contributed by D----Y
Privacy hits big at DEF CON
By Robert Lemos, ZDNN
July 12, 1999 11:58 AM PT
URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2292148,00.html
LAS VEGAS -- As he sits across the table at DEF CON 7, Austin Hill, president and founder of
the pro-privacy Zero Knowledge Systems Inc., makes the statement simply, boldly: "We are out
to change the world."
His vision: A world without boundaries, law enforcement without wiretaps, corporations without
databases, and e-mail without spam.
Hill announced the start of that vision on Sunday at DEF CON: A
network that acts as a one-way mirror to the Internet -- the user can
see the Net, but no site will be able to identify who the user actually
is.
Called Freedom Net, the virtual-network-within-the-Internet will
allow Web surfers and e-mail users to hide behind one or several
false identities. "This is the way the Internet should have been built,"
said Hill. "It's not anonymous; it's pseudnonymous."
And it's not just for hackers, either, adds Hill.
Inequality of information
The Montreal, Canada, resident sees a big problem with the inequity of information today: The
government and companies have it while the public does not, he said. "We can do society more
good by protecting the ninety-nine-point-nine percent of the people out there that are not criminals
than by treating them as such just to catch the point-one percent that are."
In just the last year, Internet service providers, such as America Online Inc. (NYSE:AOL) and
Yahoo! Inc. (Nasdaq:YHOO), have been subpoenaed to turn over the actual identity behind an
online alias in not only criminal cases, but civil ones as well.
John Q. Newman, another speaker at the conference and author of many how-to privacy books,
uses his pseudonym not only online, but in the real world as well. "There is a general feeling that
the government and industry know too much about you," said the author, who doesn't use his real
name. "Combine that and the Internet and you get a witch's brew that destroys privacy."
Beta testing on July 15
Entering beta testing on July 15, the Freedom Network is guaranteed to prevent such use of
personal information, said Zero Knowledge's Hill.
After downloading a free software client, users will pay for a pseudonym to use on the Internet.
Since the audit trails associated with credit card payments are one way that a user's identity could
be tracked, Zero Knowledge will disassociate a user's payment from the actual purchase or
renewal of a pseudonym.
After that, the user just uses the Internet as they always would. All data transferred to and from
the user's computer will pass through the silvered glass of the Freedom Net. The network fully
encrypts data from end-to-end to hide the content of the data and uses random routes through the
Internet so that no user always receives data from a single server, obfuscating the user's online
tracks.
Using digital certificate technology, Zero Knowledge certifies that the data the user is receiving off
the Internet is actually part of the Freedom Network, and thus "trustworthy." Yet, even the
company cannot match usernames up with actual Web surfers -- none of that information is on any
of its servers.
"There is basically zero point in coming to our office with a subpoena," said Ian Goldberg, Internet
guru and chief scientist for Zero Knowledge. "All the information that we have is publicly available
from our servers."
A lawsuit in waiting?
And that makes Zero Knowledge and its Freedom Network a lawsuit waiting to happen, said Hill.
Already, U.S. federal officials have noticed the start-up's efforts. Hill expects the situation to reach
a boiling point before the end of the year.
"We are fully prepared to defend ourselves," he said. The company has been coached on strategy
by the Electronic Frontier Foundation and other privacy groups.
Hill recognizes that the advent of the Freedom Network will make the job of law enforcement
officers much harder.
However, he points to successful cases against child pornographers that are developed by officers
going undercover. "That's the way it will have to be done," he said, advocating a return to the days
before wiretaps. "Policing is only easy in a police state."
Wired; Aftermath , contributed by D----Y
Wound-Up DefCon Winds Down
by Polly Sprenger
3:00 a.m. 12.Jul.99.PDT
LAS VEGAS -- The seventh annual DefCon hacker convention drew to a close Sunday, after a weekend of uninterrupted sensory overload.
The event was marked by massive enthusiasm over the release of a new remote administration tool from the much-heralded Cult of the Dead Cow,
and the quizzical expressions on the faces of the media as they attempted to grasp "the meaning" of DefCon.
The CDC presentation featured a maelstrom of digital effects and technomusic that captured the energy of the three-day event.
Also:
Fear and Hacking in Las Vegas
Def Con: Bring in Da Noise
Inside the Virus Writer's Mind
ABCNews.com's Michael Martinez presented a talk on the persistent rift between hackers and the press on Saturday. He provided a forum for
hackers to confront a member of the tech media with questions like, "Since all these reporters want to learn to be hackers, why don't they just hire
hackers to be reporters?"
Martinez said that hackers had difficulty getting mainstream media to understand their message and perspective because so often communication
breaks down between the two groups.
"We know the how, the where, and the when," Martinez said. "But why? You complain that we don't get it, and we complain that you won't let us."
Sunday morning and afternoon sessions were punctuated with rousing rounds of "Spot the Fed," the annual DefCon game of outing federal agents.
Anyone identified as a Fed was brought up on stage for questioning. The suspected Feds, all of whom were more than willing to whip out badges
after a few minutes of interrogation, were dressed almost universally in polo shirts and khakis, their crew-cut stiffness a striking contrast to their
black-clad accusers.
The audience hurled questions at them like, "Does your office have a ban on Furby's?" and "What does Dana Scully [the fictional X-files agent]
really look like?" One Fed lost all hope of going undetected by responding, "Never heard of him."
The day hit high gear with the release show for BO2K, or Back Orifice 2000, one of the few software announcements that required a sign posted on
the door warning that the presentation might be dangerous to people with heart conditions.
Nineteen of the 20 revered CDC members were present on stage, the most ever assembled in one place. The group took an older-but-wiser tone in
its reverberating remonstrations to the audience.
"Pick the cause before you pick the site you're gonna hack," the group advised, "and use a fuckin' spell checker!"
Despite their bullying tone onstage, members of the CDC said later they're encouraged by the new, younger members of the hacking community.
CDC members said they hoped the new rev of Back Orifice, released under the Gnu open source license, would encourage younger hackers to go
back to the basics -- scripting code and exploring the technology themselves -- instead of using cookie-cutter programs.
"They look at us up on stage and look at what we're doing, and they know they can't stand up there for doing something stupid," said CDC's Grand
Master Ratte, MC of the group's gospel-like presentation.
But it was another old-school hacker who caused the big scene Saturday. Carolyn Meinel, a favorite target of many in the DefCon crowd, obtained
a press pass despite the efforts of several conference organizers.
When Meinel wandered into the press area (with a sticker on her back that said "owned"), a Canadian reporter began interviewing her about her
relationship with the organizers, asking why she wasn't granted a more civilized reception.
Meinel was interrupted, then ejected, by conference staff. But not without a fight. It was good sport for the assembled journalists, although the
Canadian reporter was appalled.
"They invite criminals to speak at their conference, but they deny a freelancer a press pass?" said David Akin, technology reporter for the National
Post in Toronto.
Emmanuel Goldstein of 2600, the hacker quarterly journal and Web site, presented a nine-minute preview of his documentary about the arrest and
imprisonment of Kevin Mitnick.
Goldstein said the documentary was intended to be a counterpoint to the upcoming film, Takedown, which Mitnick supporters say unfairly casts the
hacker as more devious and damaging than he really was.
Goldstein's presentation was followed by a mysterious "social engineering contest," details of which must remain confidential, since Wired News was
forcibly ejected from the room.
Although the weekend was tempered with the expected disagreements between old hackers and young hackers, the media, and even a
much-publicized argument within the community itself, DefCon 7 was undoubtedly an event to remember.
@HWA
06.0 BO2k to be unveiled at Def-Con on Saturday at 5pm, wait for it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(I got mine but don't ask for a copy wait for it to come out on the official site
www.bo2k.com ... - Ed )
Date: Fri, 2 Jul 1999 02:24:38 -0700 (PDT)
From: Reid Fleming <rfleming@cultdeadcow.com>
To: Christopher J. Rouland <crouland@iss.net>
Subject: Back Orifice 2000
Dear Mr. Rouland:
Thank you for your letter requesting us to furnish Internet Security
Systems with a prerelease copy of Back Orifice 2000.
We had come to expect that the letter would contain an offer of money or
other merchandise. At least, your subordinate intimated as much on
Internet Relay Chat.
Nevertheless, we are gladly willing to provide you with the software you
desire if and only if you will, in exchange, grant us one million dollars
and a monster truck. This fee is not negotiable.
Thank you for your time. We eagerly await your reply.
best wishes,
Reid Fleming, cDc
http://www.cultdeadcow.com/~rfleming/
Screen shot:
(from #defcon)
<w1ck3d> http://ra.msstate.edu/~rwm8/bo2kscr.jpg
Unknown how they got a copy in advance,(*g*) apparently some ppl from #bo were included in
testing of the new BO and privy to inside stuff regarding its development...
. . .
A new year of hacker activity is being rung in with the release of Back Orifice 2k
for the NT platform. source (gnu) will be released with this version so watch out for
all the spinoffs... - Ed
Hype on Back Orifice 2000 Reaches Fever Pitch
contribued by Reid Fleming
With the BO2K launch just days away the articles on
BO2K are flourishing. HNN was able to get a sneak
preview of the product and we think it will live up to all
expectations and then some. This is a highly polished
professional looking product. It will give the remote
control vendors some competition.
The antivirus industry is gearing up for a busy weekend
as they try to figure out a way to detect BO2K. But
since cDc is releasing source code under the GNU public
license there will be hundreds of spinoffs as people
create their own versions of BO2k. Each version will
need to be detected seperately by the antivirus
software. When will Microsoft and the industry learn
that antivirus detection is not the solution?
Time
http://cgi.pathfinder.com/time/digital/daily/0,2822,27824,00.html
MSNBC
http://www.msnbc.com/news/287542.asp
CNN
http://cnn.com/TECH/computing/9907/07/nthack.idg/index.html
Time;
Hackers Take Microsoft to School
The makers of BackOrifice 2000, one of the
most powerful hacker tools ever released,
claim it's for our own good
FROM WEDNESDAY, JULY 7, 1999
It's the kind of thing bellboys have nightmares about �
an entire hotel full of hackers, messing with the
computers, screwing up the phones and generally
raising hell. That's the scene at DEF CON, an annual
hacker convention held at the Alexis Park Hotel in Las
Vegas. At last year's DEF CON a hacker group called
the Cult of the Dead Cow released a program called
BackOrifice that can completely take control of a
computer over the Internet. This Friday DEF CON 1999
kicks off, and the Cult of the Dead Cow is back with a
new version of BackOrifice that's more dangerous than
ever. Should we be grateful?
A little disingenuously, the Cult of the
Dead Cow released the original
BackOrifice as "a remote
administration tool," a simple way of
operating a computer running Windows 95 or 98 from a
distance over an ordinary Internet connection. While
it's possible to imagine scenarios in which having that
kind of power would be useful � and there are
legitimate applications that perform similar functions �
such a tool is obviously very much open to abuse.
Say, for example, allowing a hacker (or, as malicious
hackers are sometimes called, a cracker) to take over
a machine, read your personal information, send e-mail
under your name and then erase your hard drive.
Fortunately, BackOrifice has certain weaknesses. It
can only take over machines on which BackOrifice has
actually been installed, and once installed, it's not that
hard to detect and remove.
According to its creators, the new version of
BackOrifice slated for release on Saturday is more
powerful than ever. It's tougher to detect, gives the user
a greater degree of control over the infected computer,
and works on Windows NT, the heavy-duty version of
Windows used by most large businesses. While the
original version of BackOrifice was a threat to small
businesses and private users, BackOrifice 2000, as it's
called, will affect a much broader and more vital sector
of the world's computers.
So why does the Cult of the Dead Cow claim they're
doing it all for our own good � and why do some
computer programmers agree? To quote from the
Cult's press release, "BackOrifice 2000 could bring
pressure on [Microsoft] to finally implement a security
model in their Windows operating system. Failure to
do so would leave customers vulnerable to malicious
attacks from crackers using tools that exploit
Windows' breezy defenses." In other words, don't
blame us, blame Microsoft for making a shoddy
product � now maybe they'll improve it. As one poster
on a hacking bulletin board wrote, "I feel better
knowing that at least these holes will be known
publicly and raise some sense of awareness rather
than in a closed private environment where exploitation
could continue unfettered."
Not everybody agrees, but you can bet that Microsoft
� currently at work on a new version of Windows
largely based on NT � will be downloading a copy of
BackOrifice 2000 and studying it closely. As the Cult
of the Dead Cow � which claims to be one of the few
hacker groups out there to include a female member
� puts it, "Information is a virus. And we intend to
infect all of you."
-- LEV GROSSMAN
MSNBC;
�Cult� gives hackers weapon vs. NT
Group to release more powerful version of Back Orifice � and its
own product to combat the hacking tool
By Bob Sullivan
MSNBC
July 7 � Computer security firms are bracing for a
serious flare-up of hacker activity come Saturday
afternoon. With great fanfare at a Las Vegas trade
show, the hacker group Cult of the Dead Cow will
release a new version of its Back Orifice tool. The
software, which makes it easy for computer
intruders to hijack Windows-based PCs connected
to the Internet, will be freely available on the Net.
Much mischief is expected to follow � as is a
�fix� from the Cult itself.
THE FIRST VERSION OF BACK ORIFICE, so
named to poke fun at Microsoft�s Back Office product, was
released in August last year at the annual hacking trade show
called DEF CON. This year�s show starts Friday, with the
release of Back Orifice 2.0 as the marquee event.
Back Orifice usually arrives at a victim�s computer as
an e-mail attachment. Once the victim is tricked into opening
the attachment, the software secretly installs itself and turns
the victim�s computer into a �client.� Then, anyone with the
other half of the Back Orifice software (the administrator
tool) can control the victim�s PC from anywhere on the
Internet. The hacker can then stealthily do anything to the
victim�s machine that the victim could do � even delete all
the hard drive�s contents.
Back Orifice is at the center of one of the key debates
in the security industry � while the Cult maintains it
produced the software to reveal security flaws in Microsoft
products, and ultimately make them safer, Microsoft says
that�s just a cover to legitimize hacking. (Microsoft is a
partner in MSNBC.)
The tool has been ragingly popular among hackers �
the Cult says it has been downloaded 300,000 times. And
even though all anti-virus packages now detect the program,
security firm ICSA Inc. says there are �tens of thousands� of
machines that are currently infected, unbeknownst to their
users. Peter Tippett, chief technologist at ICSA, said he
knows of individual networks where hundreds of machines
are currently compromised.
According to the Cult, Back Orifice 2.0 has several
enhancements. Chief among them, it now works on the
Windows NT operating system. It also employs stronger
encryption, which will reportedly make it harder to detect.
And it is open source � meaning it will be �radically
polymorphic,� as hackers extend it and create their own new
variations of the program.
Anti-virus software companies plan to spend the
weekend analyzing the new software and creating a defense
that they can spread to clients. That�s expected to take 24 to
48 hours.
�It�s good that it�s being released on a weekend,� said
Dan Takata of Data Fellows. �We�ll have time to play with
it. Monday�s when I assume a lot of people will test it.�
For that reason, software vendor Internet Security
Systems Inc. asked Cult members for a pre-release version
of the software. That way, clients could be protected before
the product is released and a flurry of hacking followed.
The Cult�s sarcastic reply: �We will gladly provide you
with the software you desire if and only if you will, in
exchange, grant us one million dollars and a monster truck.�
�That shows they have no other intent than
maliciousness,� said Jason Garns, Microsoft�s lead product
manager for Windows NT security. �Unfortunately, they
view this as being a game.�
But Cult members say there are several good reasons
not to give anti-virus vendors a leg up on Back Orifice. Chief
among them � Sir Dystic, who authored the first version of
Back Orifice, is working on what might be called a
competitive product: a security software package that will
protect users from Back Orifice and many other security
threats. The group declined to offer more details.
�We did think about giving it to all the AV vendors,� said
a group member identifying himself as Tweety Fish. �But it�s
a method of defense we don�t support.� Anti-virus software
only reacts to known security threats; since Back Orifice is
open source, many variants are expected, so the group
believes most AV software will be ineffective anyway.
�We will be releasing tools at DEF CON or in the near
future which we believe will provide a much more robust
method of protecting your system than what the AV vendors
can do today,� Tweety Fish said.
Also, if virus protection defeated Back Orifice
immediately upon release, the tool would get no media
attention.
�It would dilute our press message,� said Reid Fleming,
who wrote the sarcastic e-mail to ISS.
That message, according to media-savvy Cult members,
is that Windows NT is fundamentally flawed.
Cult members describe Back Orifice as a remote
administration tool, useful for network administrators to
update software on user desktops. But software companies
say that�s a smokescreen, and point out that the tool runs
secretly, in the background.
The Cult counters by saying Microsoft, trying too hard to
simplify operating system administration, has created security
holes. Windows shouldn�t allow a program to run secretly in
the first place, the Cult says.
�If Microsoft wasn�t so committed to hiding the real
workings of desktop machines from users, it wouldn�t be a
problem,� Tweety Fish said. �Microsoft is taking a complex
problem of network and server security and trying to simplify
it without acknowledging the consequences of that.�
Still Microsoft�s Garns points out that ill-intentioned
�remote administration tools� can be designed to attack any
operating system and have existed for the Unix operating
system for 20 years.
�There�s nothing fundamentally unique about what�s
happening here. It does not take advantage of any security
vulnerability in Windows NT. It attacks people, not
technology,� he said. �It was not created for the benefit and
benevolence of users.�
Chris Rouland of ISS agrees the program was clearly
designed with ill intentions.
�It offers live video capture of the screen.... We
understand you can even remotely fake a blue screen so the
computer looks like it�s crashed, but you can keep operating
in the background,� Rouland said. �It sounds like it�s going to
be a pretty malicious piece of code.�
It is not yet known how Back Orifice will spread, though
it most likely will be hidden inside one of several programs
that will be e-mailed as an attachment. There are likely to be
several variations, so virus companies urge Net users to
exercise the standard caution when opening e-mail
attachments. Users should also update their anti-virus
software after detection for Back Orifice 2.0 is included,
probably Monday or Tuesday.
Have a comment or suggestion about this story?
Write to tipoff@msnbc.com
CNN;
http://cnn.com/TECH/computing/9907/07/nthack.idg/index.html
New and improved Back Orifice
targets Windows NT
July 7, 1999
Web posted at: 10:36 a.m. EDT (1436 GMT)
by Tom Spring
(IDG) -- In the consumer world,folks like Ralph Nader fight for
consumer rights by helping pass tough consumer protection laws.
Then there's the PC world.
For us, there's a self-proclaimed equivalent: Groups of (mostly
teenaged) hackers basking in the glow of computer monitors, who
release nasty computer bugs under the guise of strong-arming
software makers to get tough on privacy and security.
"We want to raise awareness to the vulnerabilities that exist
within the Windows operating system. We believe the best way
to do this is by pointing out its weaknesses," says a member of
the hacker group the Cult of the Dead Cow who goes by the pseudonym Sir
Dystic.
The Cult of the Dead Cow created and released the program Back Orifice
last year to the general public at the Las Vegas hacker and security
conference DEF CON. The program allows its users to remotely control
victims' desktops, potentially undetected.
At this year's conference, on July 9, Sir Dystic says the cult will outdo itself
and release Back Orifice 2000. The program, he says, is smaller, nimbler, and
twice as nefarious.
Computer security experts question the Cult of the Dead Cow's intent. Releasing
a hacking tool like Back Orifice 2000 in the name of safeguarding computer privacy
is a bit like the American Medical Association infecting cattle with the deadly e.
coli bacteria to inspire food companies to sell healthier meats.
New and Improved
Unlike earlier versions that affected consumers and small businesses, Back Orifice
2000 hits large organizations because it runs on Windows NT systems, which are more used
by businesses. Also, the updated program is modular, so users can add additional functions.
For example, they could hide files or activate a computer's microphone for real-time audio
monitoring, according to Cult of the Dead Cow.
Back Orifice 2000 will also be more difficult to detect via network monitoring programs,
according to Sir Dystic. This is because the program can communicate back to the sender
by using a variety of different protocols, making it hard to identify. The group also says
it will make the source code available for Back Orifice 2000, which will likely
spawn multiple strains of the program in the hacker community, experts say.
Another purported function is real-time keystroke-logging, which can record
and transmit a record of every keystroke of an infected computer. Also, the
recipient can view the desktop of a targeted computer in real time.
It should be noted that PC World Online has no independent confirmation that
new Back Orifice 2000 program actually lives up to the claims of Cult of the
Dead Cow.
ZDNet; contributed by D----Y
Back Orifice 2000 not to be feared
By Drew Ulricksen, ZDNet News
July 12, 1999 2:41 PM PT
LAS VEGAS -- Back Orifice 2000 is not
something to be feared. It is not a virus. It is not
a Trojan horse. It is a remote administration tool.
Really.
BO2K -- the Cult of the
Dead Cow's (cDc)
much anticipated
follow-up to Back
Orifice -- is quite
possibly one of the
most full-featured
remote admin tools on
the market today.
Combined with the aid of the new plug-in
BOPeep, the tool -- which works on Windows 9x
and NT machines -- enables system
administrators to disable both the keyboard and
mouse of the remote machine, and begin
controlling it from their own PC.
Sys admins can even fire up a video window of
the remote PC so they can see what's on the
monitor -- similar to PC Anywhere or VNC
functionality.
BOTool, a plug-in shortly to be released by
L0pht Heavy Industries, another hacker group,
will allow the client to view and edit the file
system and registry of the remote machine in a
interface similar to the Windows file manager
and regedit programs.
Among many other
features, BO2K comes
with a built-in proxy server
and a Web server. The
U.S. version comes with
3DES strong encryption, but the international
version uses a weaker encryption scheme.
According to cDc's DilDog (cDc members are
only identified by their handles), BO2K was
written from the ground up with security in mind.
Strong encryption ensures all data and text will
be transferred securely to prevent someone
sniffing your password while you're remotely
administering a PC.
BO2K weighs in at only about 115KB in size
and utilizes only about 2MB of RAM. It is no
CPU hog, either. Not only that, according to
DilDog, the file transfer speed in BO2K is faster
than any remote admin tool against which it was
benchmarked.
The price is right
What do you expect to pay for something like
this? $40? $60?
Nope. Try $0.
Besides being free, B02K is
also open source, so if you'd
like to strip out or add
functionality, go right ahead,
just make your code available.
But if you'd rather not dive into
source code, there's also the
option of just writing a plug-in
to pop in.
Adding to the package is
BO2K's customized setup.
The original Back Orifice
installed itself automatically as
soon as it was run. BO2K
launches, of all things, a
Wizard to configure the setup.
No longer is there a default port and password --
in BO2K you must assign it a port and
password, or it won't run.
That means there won't be a widespread
epidemic of script kiddies scanning the entire
net for port 31337, looking for people infected
with BO2K.
Software doesn't kill data ...
"But it can run hidden, that's evil!" you say? It can
run hidden, this is true, but this time around it
can also run visible if you so choose.
Many other software packages out there have
the same option, and they even call it a feature.
Believe it or not, some people even like it.
There are dozens of software packages out
there that, if installed with malicious intent, allow
an attacker to do just as much damage as
BO2K could, if used improperly.
You won't see many of those programs being
killed by anti-virus software, and it's a shame
that there's almost a sure bet Back Orifice 2000
will.
If common sense is used, you won't need to
worry about BO2K or any other software being
run maliciously on your machine. Just
remember, software doesn't kill data -- people
do.
Drew Ulricksen is ZDNN's operations
specialist. He attended DEF CON 7.
-=-
ZDNET
*WHERE DO I GET IT? *****************************************************************
* *
* On Jul 11th in #bo2k an url was posted with alleged bo2k code, since the file *
* names do not match the announced file name sizes nor the source code but for *
* the curious here's the url: http://206.98.65.238/cdcbo2k.zip - Ed *
* *
* Another url with the cd release supposedly virus checked (check it for CIH) *
* *
* (from #hwa.hax0r.news) *
* <ScrewUp> http://www.hlz.nl/bo2k/leech/ <- i'd trust this one but urge people to *
* be paranoid and wait for the 'official' release on www.bo2k.com *
*************************************************************************************
@HWA
07.0 CIA Not Breaking Into Banks
~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by solvant
On July 5th, 1999 the Associated Press and Sidney
Morning Herald Internet edition ran a month old already
debunked article describing how the CIA will be
electronically breaking into various banks around the
world to retrieve Solobadon Milsovics hidden money.
This claim was originally made by Newsweek magazine
on May 24th and was later picked up and ran by the
Reuters News Service. HNN immediately questioned
these claims. MSNBC also raised questions about the
original article. By June 7th, William Arkin of the
Washington Post had gathered enough evidence to
completely debunk this story. Now, over a month after
the original false report the Associated Press and
Sydney Morning Herald blindly rerun the story without
bothering to verify its accuracy. Did they just want to
create sensationalism? Did they think people would not
notice? Lets say this one last time: The CIA does not
employ 'hackers' to break into foreign banks!
NewsWeek- May 24
http://www.newsweek.com/nw-srv/printed/us/in/in0922_1.htm
HNN Archive for May 25, 1999
http://www.hackernews.com/arch.html?052599#2
MSNBC- May 28
http://www.msnbc.com:80/news/274526.asp
Washington Post - June 7
http://www.washingtonpost.com/wp-srv/national/dotmil/arkin060799.htm
Sidney Morning Herald - July 5
http://www.smh.com.au/news/9907/05/world/world9.html
Associated Press via ABC - July 5
http://abcnews.go.com/sections/world/DailyNews/clintontime990705.html
Sidney Morning Herald;
Monday, July 5, 1999
BALKANS
Hackers on stand-by as CIA finds Milosevic
cash
The CIA believes it has traced banks in Greece, Cyprus and Russia - all
traditional allies of Serbia - where President Slobodan Milosevic has salted away
millions of dollars during his 10 years in power.
United States Government computer hackers have been ordered to break into
Mr Milosevic's foreign bank accounts and drain his hidden fortune as part of a
clandestine CIA plan to overthrow the Yugoslav president.
The controversial operation - opposed by some senior political and intelligence
figures in Washington - is part of a covert six-point package authorised by Mr
Clinton last week and reported in the Herald in May.
Although details of the White House plan are secret, it is understood that CIA
agents in the three countries would first visit the banks, set up new accounts and
see how they operate. Using that information, National Security Agency hackers
would then find a way round elaborate computer security systems to access
accounts in the name of Milosevic and his family and siphon off the contents.
But some intelligence officials fear the move against the Serbian leader's millions
could backfire on the US by making its computer system a target for freelance
hackers selling their skills to Washington's enemies.
The other parts of the plan include funnelling cash to anti-Milosevic politicians in
Serbia, giving money to newspapers and radio stations opposed to the Belgrade
regime and making contact with Yugoslav military commanders thought to back
a change in leadership. - The Telegraph, London
@HWA
08.0 SETI@home gets cracked
~~~~~~~~~~~~~~~~~~~~~~
SETI@Home Project Web Page Defaced
contributed by Santeri Saarimaa
The main web page for the SETI@Home project was
defaced over the weekend. The main page was replaced
with a picture of Alf and the word 'Wanted'.
HNN Cracked Pages Archive
http://www.hackernews.com/archive/crackarch.html
ZD Net
http://www.zdnet.com/zdnn/filters/bursts/0,3422,2288248,00.html
In case you missed it the SETI@Home project is still
going strong and has released version 1.05 of their
software.
SETI@Home
http://setiathome.ssl.berkeley.edu/
The HNN SETI Team is going strong but we could use
your help. (I don't care what people say about this
project the screen saver still rocks.)
HNN SETI Team
http://setiathome.ssl.berkeley.edu/stats/team/team_2251.html
09.0 Network Solutions DNS Spoofed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
contributed by evenprime
Network Solutions, Inc, which administers domain name
registrations had its DNS entries spoofed last Friday.
Visitors to the web sites for Network Solutions where
redirected to competitors. This is the second time NSI
has succumbed to such an attack.
Wired
http://www.wired.com/news/news/technology/story/20567.html
C | Net
http://www.news.com/News/Item/0,4,38721,00.html?st.ne.fd.gif.f
Internet News
http://www.internetnews.com/bus-news/article/0,1087,3_155511,00.html
Wired;
Network Solutions Cracked
by Oscar S. Cisneros
1:45 p.m. 2.Jul.99.PDT
Network Solutions was reeling Friday from an attack on its Web servers that
redirected users visiting its Web site to other locations.
"The FBI and Network Solutions are cooperating in determining the location"
of the attack, said Network Solutions spokesman Brian O'Shaughnessy.
"It was a DNS modify that was sent through the system that was
accomplished by spoofing."
He means that the IP addresses for Network Solutions servers were altered in
the domain name system servers with a falsified template, so that Web browsers
requesting the sites were instead sent to the IP address of another site.
Network Solutions fixed the IP address Friday morning, but the changes will take
some time to reach the domain name servers spread across the Net.
Until that "emergency zone release" propagates, users visiting three Network
Solutions sites -- Networksolutions.com, netsol.com, and dotpeople.com -- may be
redirected to the Web sites of the Internet Corporation for Assigned Names
and Numbers and the Internet Council of Registrars (CORE), he said.
It is unclear exactly how long the crack has been in effect.
"We are aware of the problem and have been looking into it for a while," Scott
Hollenbech, a Network Solutions staffer, in an email to CORE early Friday morning.
O'Shaughnessy said the source of the attack originated at a computer owned
by SoftAware, an ISP located in the same building as ICANN in Marina del Rey,
California. The attack was either done through physical or virtual access to one
of their machines.
"We've corrected it," O'Shaughnessy said. "It should take about 24 hours before
everything's resolved."
Jim Rutt, CEO of Network Solutions, said that investigators were working with
preliminary evidence only and that the perpetrator has covered his tracks well.
"It is easy to leave a breadcrumb trail," he said. It is a famous hacker trick" to
launch an attack behind multiple servers.
But Patrick Greenwell, Internet architect for DSL provider Telocity, said the blame
might lie elsewhere.
"NSI could be culpable in that they have not pushed for the implementation of DNS
Sec, which is a security measure for these types of things," he said. "It
requires authentication."
Greenwell said that his analysis was based only on what little preliminary
information was available, but that he believed the fault could largely be pinned
on the Berkeley Internet Name Daemon,or BIND.
BIND is an implementation of DNS protocols, which Greenwell said are
inherently insecure. Because the software operates on the vast majority of DNS
servers across the Internet, upgrading it would be difficult to do while maintaining
backward compatibility.
While it's unfortunate that this happened, I don't think it would be fair to point the
finger at NSI," he said. "DNS is an inherently insecure protocol."
"This has nothing to do with BIND," O'Shaughnessy said.
Domain name addresses can be authenticated through varying levels of
security, from a simple email method, to a password-protection scheme, to powerful
PGP encryption.
O'Shaughnessy said he could not immediately determine what method of
security Network Solutions uses to secure its own domain name data.
O'Shaughnessy added that the attack was reminiscent of one carried out by
Eugene Kashpureff, who pleaded guilty in March of 1998 to one count of computer
fraud for exploiting an NSI security hole.
The Internet Council of Registrars, one of five registrars participating in the initial
test period for domain competition, posted a statement on its Web site
saying that it "strongly condemns these acts and may take legal action against
the perpetrators."
ICANN also condemned the crack as "an attempt to undermine the stability of the
domain name system." The group has said it will cooperate with any investigation
into the matter.
The FBI could not be reached for
comment.
-=-
C|Net;
http://www.news.com/News/Item/0,4,38721,00.html?st.ne.fd.gif.f
NSI's Web site hacked
By Courtney Macavinta
Staff Writer, CNET News.com
July 2, 1999, 12:15 a.m. PT
update Hackers struck major linchpins in the Internet's address system today, redirecting Network Solutions visitors to
one of its future ".com" competitors and the new body in charge of managing the Net's technical functions, crippling
that site too, according to NSI executives.
The world's dominant domain name registrar, NSI discovered that its various sites were down about 2 a.m. PT today and that they
were automatically sending surfers to a hopeful registrar, the Internet Council of Registrars (CORE), and the Net's new
administrator, the nonprofit Internet Corporation for Assigned Names and Numbers.
NSI's main site still appears to be malfunctioning, although the company said its system has been restored. ICANN's site also
was inaccessible this morning, possibly due to increased traffic from NSI's visitors.
ICANN also runs the Net's "L root" server, one of the 13 servers that comprise the worldwide network, but its technical
administrator said there was no indication so far that ICANN's systems had been hacked too.
"It was a hack. We're investigating it, and the FBI is involved," NSI spokesman Brian O'Shaughnessy said. "The FBI told us that
they are on their way to the ICANN's building in Southern California now to secure the servers
because there could have been a hack on their end."
Specifically, the FBI is looking into an Internet service provider located in the same Marina Del Ray
building as ICANN, SoftAware, which NSI says--based on its initial investigation--appears to be the
launching pad for the hack.
The Commerce Department and other international governments have anointed ICANN to administer
the Net and to trigger competition in domain name registration, which Network Solutions has
dominated since 1993 under a U.S. government contract. Both entities are responsible for the Net's
most critical function: the domain name system that allows online users to call up Net and
e-commerce sites by typing in names ending in ".com," ".org," and ".net."
The hack is a sober reminder of the Web's vulnerability, even among companies and government
agencies equipped with state-of-the-art security technology. Government entities from the White
House to the National Weather Service have come under a rash of computer system attacks in
recent months.
In July 1997, a hack redirected NSI visitors to a site called AlterNIC, which aimed to compete with Network Solutions by offering
alternate domains, such as ".ltd," ".sex," and ".med." AlterNIC's founder, Eugene Kashpureff, who exploited a security hole to
"hijack" NSI's site, pleaded guilty in March 1998 to one count of computer fraud in the incident.
Most of the 5 million domain names registered by NSI have been facilitated through its partners, such as Internet access
providers. But of the approximately 10,000 names registered per day, about 3,000 are registered through NSI's own site. And at
$119 for a two-year registration, the company could potentially lose thousands of dollars for the time that it was not in operation.
CORE, one of five initial organizations chosen to compete with NSI directly by tapping into its registration system, alerted site
visitors about the hack and said it would pursue its perpetrators.
"These problems seem to be the result of illegal acts by hackers," CORE stated. "CORE strongly condemns these acts and may
take legal action against the perpetrators."
Today's hack will no doubt fuel the fire for legislation to improve computer security, such as the House Science Committee's
Computer Security Enhancement Act, which was introduced yesterday.
Internet News;
http://www.internetnews.com/bus-news/article/0,1087,3_155511,00.html
NSI Falls Prey to Hackers
July 2, 1999
By the InternetNews.com Staff
Business News Archives
Web sites operated by Network Solutions Inc. were hit by hackers Friday who redirected visitors to one of the company's competitors.
Starting before noon Eastern time, NSI officials discovered hackers were automatically sending its site visitors to the the Internet
Council of Registrars -- or CORE -- as well as the Internet Corp. for Assigned Names and Numbers. ICANN is the new non-profit
organization that oversees the Internet's address system.
After it discovered the hack, CORE placed a message on its Web site notifying visitors of the hack which also listed the correct IP
address for Network Solutions' site. CORE also posted a brief statement saying it strongly condemned the moves and is looking into
legal action.
ICANN officials said there had been no indications that the hackers had affected the root server that it administers. One of 13,
ICANN's root server contains the database that allows domain names to be translated into IP numbers so that traffic can be properly
routed.
NSI released a statement Friday afternoon confirming a hack had occurred and said the FBI had been called into investigate. NSI is
speculating that SoftAware, an Internet service provider based in the same California building as ICANN, was where the hack
originated.
In April, ICANN named five testbed registers which included CORE, America Online Inc., France Telecom/Oleane, Melbourne IT and
register.com. They were the first to begin registering domain names and testing the new shared registration system developed to allow
multiple competitors to handle the process. In addition, 29 companies have been accredited to register domain names once the system's
test is complete.
ICANN takes over the system from NSI which was granted an exclusive government contract to manage the domain system in 1993.
@HWA
10.0 Bad permissions set on passwords stored by WebTrends software
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Space Rogue
Internet Security Systems (ISS) X-Force has discovered
a security hole in numerous WebTrends products. This
hole allows access to service account and MAPI user
names and passwords. WebTrends stores service
account user name and password in a file called
WebTrends.INI that allows "Everyone" full access.
WebTrends recommends that you modify the ACL
settings to an appropriate level and upgrade to the
latest version.
ISS X-Force
http://xforce.iss.net/
11.0 Three Blind Men Accused of Computer Tampering in Israel
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by dis-crete
Three blind Arab brothers are being held for allegedly
electronically breaking into the Mossad Intelligence
Agency and the Shin Bet security service along with
dozens of other Israeli institutions. They supposedly did
this without special computer equipment for the blind.
Apparently, the three blind brothers used a secret
language, known only to them. They are accused of
listening to sensitive telephone conversations,
intercepting classified information and then passing it on
to the Palestinian Authority, Egypt and Jordan. The
brothers have refused to co-operate with the police and
deny all allegations against them. The Defense lawyer
has said he is having problems with the case because
most of the information is considered classified. The
prosecution has announced that it will call over 150
witness to give evidence against the brothers.
Globe Technology
http://www.globetechnology.com/gam/News/19990702/UHACKN.html
Globe;
Israeli police hold blind brothers in sensitive computer break-ins
Geniuses allegedly hacked into spy agency
without special equipment
MATTHEW KALMAN
Special to The Globe and Mail
Friday, July 2, 1999
Tel Aviv -- Three blind Arab brothers are facing charges for allegedly hacking into some of Israel's most
sensitive computer systems.
The three young men allegedly broke into the computer systems and telephone switchboards of scores of
Israeli institutions, including the Mossad intelligence agency and the Shin Bet security service.
Muzher, Munzer and Shadi Budair, from the village of Kafr Qasem, appeared in Tel Aviv district court
yesterday and are being held in custody on charges related to computer theft. Police allege that the brothers
listened in on sensitive telephone conversations, intercepted classified information and passed it on to the
Palestinian Authority and military intelligence officers from Egypt and Jordan.
The brothers, each born blind, are reputed to be computer geniuses. Police said they were amazed to discover
during a search of the Budair home last month that none of their equipment included special tools for the blind.
The brothers have refused to co-operate with the police and deny all allegations against them. They are
represented by lawyer Avigdor Feldman, who has defended many security prisoners, including Mordechai
Vanunu, jailed 12 years ago for giving away Israeli nuclear secrets.
Mr. Feldman said most of the evidence against the Budairs has been classified as "secret material" and he still
doesn't know all the details of the charges.
The prosecutor told the court yesterday that he intends to summon more than 165 witnesses to give evidence
against the brothers.
Police suspect them of stealing thousands of dollars worth of telephone calls abroad on behalf of friends calling
the Persian Gulf states. They are also suspected of making thousands of dollars worth of illegal purchases by
way of the Internet and by hacking into the computer systems of Israel's television shopping channel.
According to sources close to the interrogation, Muzher, 23, and Munzer, 22, have in the past few years visited
a number of Arab countries, where they contacted security and military officials and offered to share
information gleaned from hacking into the computers of some of Israel's most sensitive security bodies,
including the Mossad.
The youngest brother, Shadi, is described as a minor under the age of 18, although his exact age is unclear. He
faces charges of obstructing justice.
Police Detective David Osmo, the officer in charge of the investigation, alleged that the brothers had been
involved in illegal activity since at least 1996.
"They have unique technological ability and knowledge and a complete mastery of communications and
computers," he said. "Their skill has made it all the more difficult to collect the evidence against them."
Their mother, Halima, said her sons had done nothing wrong. "I'm sure of their innocence," she said. "They are
at home 24 hours a day and have never broken the law. I know my sons very well. This is not the first time that
the police have raided our home. This time, they confiscated all the cellular phones and the computers. I believe
they are doing this only because we are Arabs."
Relatives of the Budairs say the three young men have been the target of repeated police arrests over the past
four years.
Kamel Issa, a teacher from the village school where Munzer and Muzher studied, described the brothers as
"very ambitious young men with a remarkable influence on others."
He said they invented a secret language, intelligible only to them.
@HWA
12.0 FBI Opens Seattle Computer Crime Squad
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/ "HNN.. the voice of reason" - MSNBC
contributed by dis-crete
The FBI's Seattle office has created the eighth special
Computer Crime Squad, following New York, San
Francisco, Dallas and Boston. The Seattle office will be
staffed by 10 agents to focus on computer crime. FBI
agents have been receiving training locally and in
Washington, D.C., to operate newly purchased hardware
and software intended to identify and track malicious
computer activity. The article does acknowledge that
most computer crimes are the result of disgruntled
employees, and not what it calls 'recreational hackers'.
Seattle Times
http://www.seattletimes.com/news/local/html98/hack_19990704.html
Posted at 11:25 p.m. PDT; Sunday, July 4, 1999
FBI, feds declare a war against
computer crimes
by Charles E. Brown
Seattle Times staff reporter
The Federal Bureau of Investigation's Seattle office and the U.S.
Attorney's Office here are teaming up to fight computer-related
crimes - everything from Internet fraud to hacking to spreading
computer viruses.
The Seattle FBI office has put together a team of 10 agents, some
reassigned from other FBI work and others newly added, to focus
on computer crime.
"We've had an increase in (federal) resources to start this new
squad," said Dana MacDonald, who has been charged with
overseeing the team's daily operations.
"We believe the wave of the future in criminal cases involves
computer crimes, and we're trying to address that," said
MacDonald, who has been supervising investigations of bank fraud
and economic crimes, including computer crimes, in the Seattle
office.
For more than a year, agents have been receiving special training
locally and at FBI headquarters in Washington, D.C., to operate the
newly purchased hardware and software needed to identify and
track criminal activity.
"Emerging technologies in the computer field have mandated more
specific training," MacDonald said.
In the U.S. Attorney's Office, two assistant attorneys - Stephen
Schroeder and Floyd Short - have been assigned to be computer
and telecommunications coordinators.
Short says they will remain in the fraud and white-collar-crimes
division of the office, but the bulk of their duties will involve
prosecuting computer-related crimes brought to them by federal
law-enforcement agencies.
"It's an anticipation by our office that we're going to get a lot more
cases presented to us involving computer crimes," Short said.
New York and San Francisco have had specialized teams in their
FBI offices for two or three years, but more have been added
recently, including in Dallas and Boston. Seattle's will be the eighth
such team in the country.
MacDonald said the FBI team is prepared to assist in cases where
computers facilitate crime, such as in child pornography,
drug-dealing or financial crimes.
At a more sophisticated level, the unit will investigate intrusions into
computer networks, sometimes pulled off by recreational hackers,
but more commonly by disgruntled employees with access to
corporate computers.
The Seattle team could also be called upon as part of a larger
response to cyberterrorists intent on pulling off the electronic
equivalent of the World Trade Center bombing.
Instead of targeting buildings, dams or planes, such terrorists could
attack power grids, military defense, financial institutions or
telecommunications systems.
Copyright � 1999 Seattle Times Company
@HWA
13.0 Alaska Prosecutes First Case of Illegal Computer Intrusion
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/ "HNN.. the voice of reason" - MSNBC
contributed by Weld Pond
27-year-old Michael Scott Moody has been sentenced
to 10 months in prison and three years probation for
using Net-Bus to gain access to two government
computers at Elmendorf Air Force base. The systems in
question contained personnel records and maintenance
records for an F-15 squadron. The case is believed to
be the first of its kind in Alaska.
Anchorage Daily News
http://www.adn.com/stories/T99070285.html
Hacker gets time in prison
Former airman downloaded porn
By NATALIE PHILLIPS
Daily News Reporter
A former Elmendorf airman was sentenced to 10 months in prison
Thursday for using his home computer to hack into the U.S. Air Force
base's computer system and for downloading child pornography from the
Internet.
"I don't consider myself a criminal," 27-year-old Michael Scott Moody told
District Court Judge James Singleton during his sentencing Thursday.
"Honestly, at the time, I didn't consider it hacking. I thought of it more as a
prank," he said. "I was curious to know if I could access the computer at
work. Being a government computer, I considered it a challenge. It worked.
I didn't meant to hurt no one."
Assistant Attorney General Dan Cooper cautioned the judge that all
computer hackers use that line.
"This is the classic 'I did it for the challenge,' " Cooper said. "They all say
they didn't mean to hurt anyone, it's always for the challenge. This breach
of security cannot be underestimated."
Moody plucked notorious software called NetBus off the Internet and
installed it on two Elmendorf computers he had access to at work, Cooper
said. Hackers usually send NetBus to unsuspecting computer owners by
e-mail and disguise it in the attachment of a computer game called
Wack-A-Mole. In the computer world, this type of software is known as a
Trojan Horse because it is not what it is seems and can be dangerous.
Once Moody installed the software, it allowed anyone with the knowledge
of NetBus to access the Elmendorf computers, which contained personnel
records and maintenance records for an F-15 squadron.
Moody is the first person in Alaska to be prosecuted for computer hacking,
according to Cooper. Others cases are under investigation.
In a plea agreement, Moody pleaded guilty to one misdemeanor count of
unauthorized access to a computer and one felony count of possession of
child pornography. In exchange for his plea, the U.S. attorney's office
dropped a charge of wire tapping, which stemmed from his using software
to access computer keystrokes. "It's like eavesdropping on a computer,"
Cooper said.
Moody was also placed on three years of probation and will be allowed to
use a computer only at work. He is prohibited from accessing the Internet
during his probation, and he had to forfeit his home computer. He had been
in the Air Force about three years when he was discharged in the spring.
The Air Force's "intrusion detection system" detected a hacker in
November. The system immediately alerted the Air Force Computer
Emergency Response Team based in Sacramento, Calif. A team analyst
then monitored the hacking as it occurred, according to the indictment,
which was handed down the following month.
Thursday, Moody explained to the judge how he fell into misusing his
computer. He said he got his home computer a year ago and once he
became connected to the Internet, he began to explore.
"As most people do, when I got on-line, I started to search for pornography
and started a file," he said. "I was only interested in adult pornography."
Eventually, Moody ended up in computer chat rooms. "People started
sending child pornography, which I really didn't even think about until it
happened," he said. "I did receive pictures that were obviously of very, very
young, from age 1 up. It pretty much shocked me. I deleted it right away
because there was no doubt in my mind it was illegal."
He saved some pictures of older children, but he said they were on ones
that "at the time, I didn't know if they were strictly wrong."
He also was introduced to hacking.
"One day someone I was chatting with hacked my computer," Moody said.
The correspondent used NetBus and instructed Moody on how it worked.
The correspondent let Moody hack him in return. "It allowed me to open
CD trays and move his mouse," Moody said.
Moody wanted to see how far he could go with the hacking software, so he
loaded it onto two computers at work, then accessed them from his home
computer. That's when he got caught.
When investigators seized his computer, Moody told them they would
probably find child pornography on his hard drive. They did. Moody asked
the judge for leniency. His attorney, Rich Curtner, pointed out that Moody
suffered from depression and found "refuge in the strange world of the
Internet."
Cooper told the judge that Moody has had his chance.
At age 19, Moody got into trouble for a credit card scam in which he got
ahold of credit card numbers and used them to purchase electronic goods.
He agreed to enter a program for youthful offenders that allowed the
charges to eventually be erased from his record. Moody also has two
letters in his Air Force file for infractions.
"He's not been a law-abiding citizen," Cooper said.
Moody said, "I know what I did was wrong, and I accept responsibility. If I
have to serve two years, that is very small compared to what I have to live
with the rest of my life: the shame I have caused my family."
* Reporter Natalie Phillips can be reached at 257-4461 or
nphillips@adn.com
@HWA
14.0 NOAA Website Hacked
~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/ "HNN.. the voice of reason" - MSNBC
contributed by nos nam
NOAA's Center for Operational Oceanographic Products
and Services web site was defaced around midnight last
night.
Cracked Pages Archive
http://www.hackernews.com/archive/crackarch.html
@HWA
15.0 U.S not the only ones to have high profile sites hacked ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
US Not Alone, Governments Around World Suffer Computer Break Ins
From HNN http://www.hackernews.com/ "HNN.. the voice of reason" - MSNBC
contributed by Weld Pond
The United States is not the only government to suffer
embarrassing break ins of its computer systems. Brazil
has suffered from embarrassing attacks against The
Ministry of Science and Technology as well as its
Supreme Court web page.
CNN
http://cnn.com/WORLD/americas/9907/03/BC-Brazil-Hackers.ap/index.html
Hackers invade government
computers for second time in
two weeks
July 3, 1999
Web posted at: 5:22 PM EDT (2122 GMT)
RIO DE JANEIRO, Brazil (AP) -- Computer hackers broke into a
government Internet site for the second time in two weeks, a news agency
reported Saturday.
The hackers, calling themselves "Resistence 500," gained access to the
homepage of the Ministry of Science and Technology. They then redirected
users to a site filled with criticisms of the government of President Fernando
Henrique Cardoso.
On June 17, the same group hacked its way into the Internet site of Brazil's
Supreme Court and the presidential palace, urging users to protest against
Cardoso's economic policies. On both occasions, they did not damage systems
or databases and their message was quickly removed.
Experts here say Brazilian hackers are typically young males who revel in the
challenge of breaking into a government or corporate Web site protected by
an expensive security system. Government officials say they are trying to
identify the hackers.
To date, there have been no serious breeches like the one in neighboring
Argentina when a 23-year-old computer science student broke into a Harvard
University computer to gain access to U.S. military and NASA documents.
Last year, U.S. federal agents for the first time used a court order wiretap of
a computer network to track down Julio Cesar Ardita, the son of a former
Argentine military officer.
Ardita, who voluntarily flew to the United States to stand trial, was sentenced
to three years of probation in Argentina and fined dlrs 5,000.
@HWA
16.0 Social Engineering Alive and Well
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/ "HNN.. the voice of reason" - MSNBC
contributed by Carole
While corporations and governments spend millions on
the technological side of computer security many are
forgetting the human equation. SunWorld takes an
interesting look at how your employees may be the
weakest link in your network security policy.
SunWorld
http://www.sunworld.com/sunworldonline/swol-07-1999/swol-07-security.html
The human side of computer security
What are the effects of social engineering on Internet security?
July 1999
Abstract
Usually, this column focuses on the technical side of computer security. In fact, people generally seek technical solutions for security problems. This month,
Carole considers the human side to the computer security equation. After all -- what's the point of setting up secure firewalls and e-commerce sites if your
help desk opens up a hole? (3,000 words)
hat is the weakest link of your computer system security? Your network connections? Dial-up lines? Firewalls? What about your people? Social
engineering is still the most effective method for circumventing obstacles. My kids are geniuses at it. So, apparently, is Kevin Mitnick.
Why would someone considered by many to be the world's greatest computer hacker, resort to social engineering techniques rather than technical skills?
Because they work. Technical security vulnerabilities may be patched, but humans are always vulnerable.
What is social engineering?
Social engineering is the art of manipulating people into actions they would not normally take. Sometimes, this is quite necessary and serves a good
purpose. Ambassadors use their knowledge of a particular culture to facilitate good relations. An effective manager learns the personality traits of her
group to keep them motivated and productive. Children usually try to manipulate their parents -- and good parents are even better at it. Top salespeople use social
engineering skills to discover a client's needs and the best way to present a product to that client. A skilled social engineer can manipulate people without them being
aware of the manipulation.
People don't like to be manipulated. Just observe the reactions many people have when approached by a member of a door-to-door religious group or salesperson. Often,
people from these groups use such obvious and aggressive techniques that the people they are targeting tune out everything they have to say. It isn't that the message or
product is bad. It's just that no one wants to be sold to.
Basic human characteristics
Theologians have attempted to define human characteristics as the Seven Deadly Sins (pride, envy, gluttony, lust, anger, covetousness and sloth) and the Seven Virtues
(faith, hope, charity, fortitude, justice, temperance, and prudence). A good understanding of these human characteristics is fundamental to human manipulation.
Immunity factor
While stereotyping isn't really fair, it is true that city people are often exposed to sales pitches and scams. How many of us have given money to someone who
approached us on the street with a sob story only to see the same "desperate" person telling a similar story to someone else a couple of months later? Like anything else
received in high doses over time, social engineering is vulnerable to progressive immunity.
Social engineering and the Internet
Spam
Spam is the door-to-door salesman of the Internet. With a rather crude sales pitch, it succeeds mostly in annoying people. However, because of the sheer volume of
targets, it's successful enough to be used. I recently got spam with an interesting social engineering approach: according to its pitch, I have a secret admirer who
purchased a gift certificate just for me (see "E-gift certificate").
Virus 'hoaxes'
You can always tell when a friend or relative has bought his or her first computer. Suddenly, your mailbox is full of "virus warnings" and chain letters that have gone
around the Net a few thousand times. Why do newbies fall for this? Usually, it's because they haven't seen enough of this garbage to develop an immunity to it. I tend to
feel obligated to educate the sender and everyone else in the mail header. I find it useful to reply with a standard "rant" (see "Stop the insanity").
I don't know who wrote it, but it's humorous as well as informative. I have another response for chain letters, but it's pretty rude. If profanity doesn't offend you, send
me mail, and I'll pass it on.
Real viruses
For some strange reason, it seems that the same people who send out all the faux virus warnings are the most likely to download a real virus. Clearly, the authors of
viruses are also social engineers.
Privacy
Anyone who plays poker knows that the most important technique in the game is to observe the other players to determine their weaknesses while not betraying your
own. On the Internet, information about a person or company can betray potential weaknesses to be exploited. Most security audits caution companies to protect internal
network topology. While "security through obscurity" isn't a solution, the best practice is to not release any more information about your company (or yourself) than is
necessary.
Unfortunately, the individual doesn't always have a choice. My parents, who live in Florida, found themselves inundated with ads specifically targeting Mercedes owners.
Since they did not purchase their car from a dealer, they wondered how these companies discovered that they own a Mercedes. It turns out that the state of Florida was
providing registration data to a third party (see http://www.hackernews.com/archive.html?012699.html). As e-commerce grows, privacy protection will become a major
issue.
While individuals may demand that their personal information be protected and private, they often voluntarily give the same information away. Just offer something for
"free" in return for a survey and see what people will tell you. What's alarming is that children, who are more susceptible to manipulation, may blindly provide personal
information to anyone who asks. Not too long ago, I caught my son's friends completing a survey to send to everyone on its header list (see "Re: read and do it").
A master at work...
Kevin Mitnick is certainly not the only person to have used social engineering techniques to get into computer systems, but he is probably the most famous and was
apparently very good at it. The following true story was relayed to me by Brian Martin, a security consultant assisting Kevin Mitnick in his defense.
Kevin worked in an office in Denver doing basic computer admin stuff. During his time there he was poking around the Net, but more so he was
calling various companies -- testing the limits of what he could do.
One night he left work while it was beginning to snow and had to walk five or so blocks to get home. Using a cellphone, he called a
directory-listed 800 number to a large cellular company. By the first block, he had obtained an unlisted 800 number to the engineering
department of this company.
Just after the second block he was talking to one of their engineers about source code to a cellphone. By the third block he was giving this
engineer the login and password to an account at an ISP near him (in order to FTP files to him).
He passed the fourth block and hung up with the engineer, confident he was receiving proprietary source. When he arrived at home, cold and
damp from the light snow, he found the full proprietary source to a cellphone made by one of the largest electronics companies in the world.
Five blocks, a cellphone, and a directory-listed 800 number.
Countering social engineering attacks
Education and policy
Social engineering attacks are very hard to counter. In fact, I've had audit agreements that specifically stated that social engineering attacks weren't to be used. The
problem with countering social engineering attacks is that it requires establishing appropriate policies and educating people -- two difficult tasks. Most people learn best
from first-hand experience. Once it has been demonstrated that they are susceptible, people tend to be more wary.
It is possible to make people more immune to social attacks by providing a forum for discussion of other people's experiences. Not every New Yorker has to be mugged
to know to be street smart. Stories about other people's misfortunes are enough to generate wariness. A good way to provide a forum is to establish an internal Web site
with safety tips and information. Amusing stories tend to get the point across better and, of course, people love to hear about someone else's misfortune. This forum
could also be used to report on virus hoaxes and real viruses. In fact, if you have this forum, you can make a policy statement that information about viruses is only to be
distributed through this forum.
Technical solutions
There actually are some technical solutions to the social engineering problem. The key is to limit the amount of information that is available -- just as a poker player
would. Here are some things you can do to maintain the corporate "poker face":
Use an encryption package such as PGP for important documents or e-mail.
Do not advertise your internal network addresses. Often, sites configure their firewalls to hide internal addresses, but a simple bounced mail displays the internal
addresses in the header.
Make sure your DNS configuration does not display internal systems to an external query. If possible, upgrade to BIND version 8, available from
http://www.isc.org/view.cgi?/products/BIND/index.phtml
Disclaimer: The information and software in this article are provided as-is and should be used with caution. Each environment is unique and the reader is cautioned to investigate
with his or her company as to the feasibility of using the information and software in the article. No warranties, implied or actual, are granted for any use of the information and
software in this article and neither author nor publisher is responsible for any damages, either consequential or incidental, with respect to use of the information and software
contained herein.
Resources
Seven Deadly Sins:
http://www.deadlysins.com/
Bell Atlantic page on social engineering scams:
http://www.bell-atl.com/security/fraud/social.htm
"Cult hero: Social Engineering Your Way In." The possible scenario for a social engineering attack described here has only one problem: the engineer could
potentially be identified later. Provided, of course, it ever occurred to anyone to ask the receptionist:
http://www.landfield.com/isn/mail-archive/1999/Apr/0053.html
The Fugitive Game: Online with Kevin Mitnick, Jonathan Littman (out of print):
http://www.amazon.com/exec/obidos/ASIN/0316528587/sunworldonlineA
The Kevin Mitnick home page:
http://www.kevinmitnick.com
Pretty Good Privacy (PGP):
http://www.nai.com/products/security/commercial.asp
The Electronic Frontier Foundation:
http://www.eff.org
PageVault home page:
http://www.pagevault.com/products.htm
The Hacker News Network:
http://www.hackernews.com
Other SunWorld resources
Network security-related articles listed in the SunWorld Topical Index:
http://www.sunworld.com/common/swol-siteindex.html#netsec
Web server security-related articles listed in the SunWorld Topical Index:
http://www.sunworld.com/common/swol-siteindex.html#websec
Full listing of previous Security columns in SunWorld:
http://www.sunworld.com/common/swol-backissues-columns.html#security
Peter Galvin's Solaris Security FAQ (recently updated!):
http://www.sunworld.com/sunworldonline/common/security-faq.html
Peter Galvin's Unix Secure Programming FAQ:
http://www.sunworld.com/swol-08-1998/swol-08-security.html
The SunWorld Topical Index -- a comprehensive listing of all SunWorld articles by subject:
http://www.sunworld.com/common/swol-siteindex.html
Take a look at sunWHERE, launchpad to hundreds of online resources for Sun users:
http://www.sunworld.com/sunworldonline/sunwhere.html
Check out SunWorld's back issues:
http://www.sunworld.com/common/swol-backissues.html
IDG.net, your one-stop IT resource:
http://www.idg.net
About the author
Carole Fennelly is a partner in Wizard's Keys Corporation, a company specializing in computer security consulting. She has been a Unix system administrator for more
than 15 years on various platforms and has particularly focused on sendmail configurations of late. Carole provides security consultation to several financial institutions in
the New York City area.
@HWA
17.0 Snooping OK on Pager Numbers?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/ "HNN.. the voice of reason" - MSNBC
contributed by Silicosis
A new bill passing through congress will make it legal for
the police to snoop on your pager without needing a
judge to issue a court order. They will only be able to
get at the numeric pager info which law enforcement
argues is analogous to the billing info or "pen register"
info they can now access without a court order.
They say it is not a "wiretap" so the rules for unlawful
search do not apply. It seems just a few months ago
congress was passing laws saying that pager and other
data passing over the radio spectrum was protected.
Congress wants it both ways. They want you to have
privacy from everyone but the government.
Wired News
http://www.wired.com/news/news/politics/story/20597.html
Snooping OK on Pager Numbers?
by Declan McCullagh
3:00 a.m. 7.Jul.99.PDT
WASHINGTON -- Police can easily "eavesdrop" on pagers if a bill approved
by the US Senate becomes law.
The bill says law enforcement officials can monitor all messages sent to
targeted pagers without having to convince a judge that the information can
be found only in that way.
"Congress is trying to do an end run around the Constitution and gut the
privacy of millions of pager owners," said David Banisar, author of The Electronic
Privacy Papers.
The measure is part of a sprawling juvenile crime bill, which passed the
Senate overwhelmingly after the Littleton, Colorado shootings. It isn't in
the House version of the bill, and leaders from both chambers are scheduled to
appoint conference committee members after the Fourth of July recess.
According to the legislation, judges will be required to approve police surveillance of
numeric pager data without subjecting law enforcement requests to the more
exacting current requirements of search warrants or wiretap orders. The rules
governing alphanumeric pager monitoring are left unchanged.
"It makes the court into nothing more than a clerk," said Dave Kopel, a lawyer
at the Independence Institute and a former assistant attorney general of
Colorado. "The judge must issue the order based on a law enforcement officials'
representation."
Devices to monitor whom Americans call and receive calls from already fit into this
warrantless category and are frequently used by police. Government statistics say
7,323 units -- called pen registers and trap-and-trace devices -- were used in
1998.
The US Supreme Court ruled in 1979 that police didn't need a warrant to record
what numbers a person dialed. "The installation and use of a pen register,
consequently, was not a 'search,' and no warrant was required," the five-justice
majority concluded.
The proposal's backers intend it to grant additional authority to law enforcement
officials but, oddly enough, the US Justice Department has called it
unnecessary.
"We are unaware of any law enforcement need for such authorization and believe
that the proposal is unwise as a policy matter. The bill also raises significant
constitutional concerns under the Fourth Amendment," says a May 1998 letter from
the DOJ Office of Legislative Affairs.
Another reason the DOJ gave was that criminals might simply switch to
alphanumeric pagers, which the bill doesn't cover.Then how did this plan end up in a
juvenile crime proposal? Senator Mike DeWine (R-Ohio) had previously
introduced the pager interception proposal in 1997 and submitted it again
this year as a stand-alone measure called the Clone Pager Authorization Act of
1999.
DeWine couldn't be reached for comment during the recess.
During floor debate, the Senate started hanging irrelevant amendments on the
juvenile justice bill as if it were a Christmas tree badly in need of some
serious decoration.
One amendment creates a "national animal terrorism and ecoterrorism incident
clearinghouse." Another requires Internet service providers to offer filtering
software. DeWine's plan soon joined
them.
"This legislation is yet another occasion where Congress responds to tragedy by
uncritically passing anything and everything that has an anticrime label
stuck on it," said Solveig Singleton, director of information studies at the
Cato Institute.
Some links referenced in the article;
http://www.cato.org/
http://www.wiley.com/compbooks/catalog/12297-1.htm
http://thomas.loc.gov/cgi-bin/bdquery/z?d106:s.00254:
http://i2i.org
@HWA
18.0 Fed Servers Face Severe Security Shortfall
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/ "HNN.. the voice of reason" - MSNBC
contributed by Space Rogue
The government and military has taken a fancy to the
Lotus product Notes and is putting servers up on the
internet for their employees to do their work. Many of
the servers have not been properly locked down and a
lot of information is available to anonymous web surfers
if they can find the servers and know the right URLs to
use.
The L0pht has written several advisories on the problem
and Weld Pond from the L0pht is interviewed in an
iDefense news report.
iDefense
http://www.ipartnership.com/topstory.asp
iPARTNERSHIP Top Story
Illegal Communications Interception Equipment Was Destined for Vietnam
7/9/99
iDEFENSE
By Bill Pietrucha
Vietnam was the intended final shipping point for restricted U.S. communications intercept equipment, iPARTNERSHIP has
learned. Shalom Shaphyr, arrested earlier this week for allegedly possessing and selling Tempest computer intercept
equipment, planned to first falsify the nature of the equipment in export papers, ship it to a U.S. NATO ally, then to Israel, and
finally to Vietnam.
The Tempest computer intercept equipment, also known as a video intercept receiver, is considered a defense article under the
International Traffic in Arms Regulations (ITAR), and cannot be shipped to Vietnam without an export license.
In the U.S. District Court in the Eastern District Virginia late yesterday, Shaphyr, an Israeli citizen living in the U.S. under a
business visa, requested his detention hearing be postponed until July 20, to give his lawyers "time to review the charges against
me."
Shaphyr will continue to be held in the City of Alexandria, Va. detention center until the July 20 detention hearing date.
In papers filed with the court, FBI Special Agent Christian Zajac testified Shaphyr was "looking for a Tempest monitoring
system" capable of remotely capturing computer emanations. The reason for the equipment, Shaphyr had said, was to view
what was on a computer monitor from a distance of "a few tens of feet maybe to a few hundred feet" away.
Zajac, an FBI Special Agent for the past two years, told the court Shaphyr indicated the equipment would be used by the
Vietnamese government "in a joint venture." Along with the equipment, Zajac told the court, Shaphyr also asked for a syllabus
outlining the training that would be provided on the Tempest equipment, indicating the trainees would be Vietnamese.
Shaphyr, iPARTNERSHIP learned, operates a business with offices in Vietnam and England, and is an FAA certified pilot,
flight engineer and navigator listing his address in Ho Chi Minh City, Viet Nam.
Zajac said the joint FBI-U.S. Customs Service investigation, which began in November 1998, led to Shaphyr's arrest this past
Wednesday after Shaphyr paid an FBI undercover agent $2,000 in U.S. currency to export the Tempest equipment to Israel
without a license. The total price Shaphyr allegedly agreed to pay for the Tempest equipment was $30,000, Zajac testified.
Zajac said the investigation did not end with Shaphyr's arrest, and is continuing.
@HWA
19.0 Mitnick in the News
~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/ "HNN.. the voice of reason" - MSNBC
contributed by Weld Pond
Mitnick's accomplice seeks distance as the "super
hacker's" sentencing moves closer. Lewis DePayne
wants his court date to be as far away from Mitnick
sentencing as possible.
ZDNet
http://www.zdnet.com/zdnn/stories/news/0,4586,2289194,00.html?chkpt=hpqs014
Mitnick will have flamboyant San Francisco criminal
lawyer Tony Serra as his attorney for the California
charges he faces.
SF Gate
http://www.sfgate.com/cgi-bin/article.cgi?file=/examiner/hotnews/stories/07/mitnick.dtl
Free Kevin Website
http://www.freekevin.com/home.html
Hacker has S.F. attorney
By Matt Beer
OF THE EXAMINER STAFF
Wednesday, July 7, 1999
Serra to represent Mitnick on state
computer charges
The Internet's super hacker, Kevin Mitnick, will be defended by flamboyant San Francisco criminal
lawyer Tony Serra.
A master computer hacker, Mitnick has been been imprisoned since his 1995 arrest on federal and
state computer-crime charges following an international manhunt.
Mitnick pleaded guilty to federal charges in April. He had been accused of breaking into computers,
stealing software and computer passwords. With time served, he could be freed after his sentencing
on the federal charges by the end of this year, said Serra associate Omar Figueroa.
Figueroa said Serra will be defending Mitnick against 1992 state charges that Mitnick violated
California's computer crime law. Mitnick is accused of duping Department of Motor Vehicles workers
into faxing confidential driving records to a copy shop in Los Angeles.
Figueroa said Serra would appear in Los Angeles Superior Court on Wednesday to ask a judge to
reduce Mitnick's $1 million bond.
At the time of his 1995 arrest in North Carolina, Mitnick was on the FBI's Most Wanted List.
Mitnick has been the subject of several books. A movie about his exploits is due in theaters later
this year.
Serra was the inspiration for the 1988 film "True Believer," starring James Wood. He has defended a
number of high-profile clients, including Black Panther leader Huey Newton. Figueroa said
Mitnick chose Serra after the attorney won an acquittal for Eugene "Bear" Lincoln, a Native
American charged with killing a Mendocino County sssheriff's deputy in 1995.
�1999 San Francisco Examiner
@HWA
20.0 Home PC Next Target for Hackers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/ "HNN.. the voice of reason" - MSNBC
contributed by Elvis Duke
This article questions whether or not vendors writing
shoddy code or users not being diligent enough is to
blame for systems being vulnerable. But there is no
answer only users lamenting how complex the solution
is. Of course vendors should be made accountable and
are to blame. Why should users have to keep up on
patches. As software moves into the home there is less
security expertise and diligence, hence vendors need to
improve if they want to sell into the home market.
AP
http://www.azcentral.com/business/0708HACKER08.shtml
Home PCs next target for hackers
'Always on' high-speed lines ripe for mischief
By Ted Bridis
Associated Press
July 8, 1999
WASHINGTON - Kevin Kelleher arrived for work at 8 a.m. one day to
find a disturbingly familiar high-tech headache for the federal government:
Hackers had vandalized the national weather Internet site he manages in
Oklahoma.
The hackers replaced important information about storms and tornadoes
threatening the Midwest with a smirky taunt for Kelleher addressed to
"mister admin person nice guy."
So far, victims of these types of high-profile electronic assaults have included
government agencies, the military and large companies on the Web. In a
flurry of activity, hackers in recent weeks struck the White House, FBI, U.S.
Senate (twice) and the Army's main Web site.
And experts warn of an emerging threat to consumers from the next
generation of technology: new high-speed connections to the Internet over
cable TV or new digital phone lines that are permanently logged on.
Higher speeds carry higher risks: Hackers even thousands of miles away
could anonymously probe household computers over the Internet and
rummage through private e-mail, documents and bank records.
"It vastly and immediately multiplies the amount of poorly protected
computers on the Internet ripe for the picking," said Lucas Graves, an
analyst with Jupiter Communications, a research company in New York.
Using these continuous Internet connections and "server" software included
free on most new computers, families can publish up-to-the-minute photo
albums online or retrieve computer files while traveling. Server software
allows computers to "serve up" Web pages requested by other users.
But they may not realize the risks of leaving their digital doors unlocked. A
Web site that tracks hackers, Attrition.Org, has recorded more than 1,465
cases of vandalism this year.
"As you get these machines in people's homes that are always on with a
server, with pictures of their cat for grandma to see, that could be an issue,"
said Cormac Foster, another Jupiter analyst.
Scott Culp, Microsoft Corp.'s security manager for its Windows NT Server
software, agreed that the industry needs to "educate consumers . . . and
make sure they understand the risks associated with having a direct
connection to the Internet."
Hackers victimized Danny Sun of Walnut Creek, Calif., when they raided
one of his continuously connected computers in May. They vandalized a
Web site he runs as a hobby, but they also stumbled across - then published
on the Internet - personal financial information that included his account
number and balances.
Sun later determined that hackers exploited a flaw in Internet software from
the Allaire Corp. of Cambridge, Mass. The company warned customers
about the problem months earlier on its Web site and in e-mail that Sun
admits he ignored.
"I get lots of mails from these manufacturers," Sun said. "Sometimes, I don't
bother to read it."
The Army apparently left the same vulnerability unrepaired - also despite
warnings from the same software vendor - on its Web site, which a hacker
vandalized last week.
"It is very, very easy and takes very little time," a person who acknowledged
being the hacker said in an online interview with the Associated Press.
"Under five minutes if you don't poke around."
"I couldn't believe it. I was just going through to check vulnerabilities and
was like, wow!"
Army spokesman Jim Stueve said only that a criminal investigation was
under way.
Experts argue whether to blame software companies for designing vulnerable
products or victims who aren't diligent about installing patches and upgrades.
Kelleher blamed his weather site's vulnerability on a faulty patch from a
software maker.
"The situation is getting so complex," he said.
The dilemma for software makers, who usually send customers e-mail when
they discover flaws, is made worse by hackers monitoring the warnings.
Experts predict that software of the future will periodically check with its
manufacturer, using the Internet for important upgrades.
That type of technology could be a remedy for victims like Kelleher. It took
52 hours, with only brief periods for sleep and food, to restore the
government's weather site.
"This ranks on the high-annoyance scale," Kelleher said after last week's
repairs. "There's a lot of people spending a lot of energy trying to hack these
systems. It's difficult to spend an equal amount of energy to protect them."
21.0 LSA can be crashed
~~~~~~~~~~~~~~~~~~
From http://www,403-security,org, contributed by D----Y
[ LSA Can be Crashed ]
By Stea|_th : 4/06/99 4:56GMT
We have discovered that Windows NT LSA can be crashed by a remote attacker. The attack
described below crashes Windows NT by hitting the LSA(Local Security Authority) system,
and makes the target machine unusable after some period of time. The problem is caused
due a vulnerability in verifying LsaLookupNames tag. It is made worse by the fact that
it can be anonymously exploited. Btw, the RestrictAnonymous (1) registry key does not
prevent this problem from being exploited. :)
LSA Overview : [ The LSA is the system component responsible for authenticating users to
the system, and deciding what access and privilege the users are entitled to. The same
process that contains the LSA also contains the SAM (Security Accounts Manager), as well
as elements of the RPC subsystem, particularly those responsible for launching DCOM servers.
Those components will also be unavailable as a result of the crash. Once the LSA has died,
new authentication tokens can no longer be created. Anything that requires creating new
authentication tokens will no longer function. ]
There are some cases where the exploit results wont appear immediately, i ll try to describe
some of the cases . If the host's exception system is not configured to work automatically,
then a dialog box will be displayed on the host, and the funny thing about it is that the system
will work perfectly until the msg dialog is dismissed !. This configuration is normally only
found on developer's machines. The registry key that controls this behavior is
HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\AeDebug, its value is "Auto". Changing this value from the default of "1" to
"0" will enable this behavior. As documented in MS Knowledgebase article Q143474, setting the
following key value can help restrict many of the anonymous (null) SMB connections.It might sound
crazy , but that value on the registry can also restrict many IIS-based FTP attacks to your machine.
Hive: HKEY_LOCAL_MACHINE\SYSTEM
Key: System\CurrentControlSet\Control\LSA
Name: RestrictAnonymous
Type: REG_DWORD
Value: 1
[ SOLUTION ]
You can follow the 2 links below for more details and for correcting the problem also.
[ a fix for NT to correct the problem. ]
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/Hotfixes-PostSP5/LSA3-fix
[ Q231457 Get more ditto. ]
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/Hotfixes-PostSP5/LSA3-fix/Q231457.txt
Period. :)
@HWA
22.0 [HNC] Hack-Net announces the BURN ANTIONLINE campaign
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From http://www.hack-net.com/antionline/
HNC UPDATE: 06/01/99: 23:40PST HNC was in contact with Jeff Moss, also
known as the Dark Tangent, owner of DEF CON and Blackhat International, HNC will be
holding an 'ANTI - AntiOnline' and 'BURN JP' rally, Shanners will be speaking out about
Antionline at DEF CON, if you have any comments you would like to be read out or if
you would like to contact Shanners about this rally then email him at:
admin@hack-net.com. If you can't be at DEF CON to see the Fuck and BURN JP protest,
then you can see it on HNC's DEF CON Video that is Available Here
HNC PROTESTS: This morning we got a mail from Ken Williams of Packet Storm
Security who is also betterly known as TatooMan, and is part of EHAP (Ethical Hackers
Against Paedophillia), Ken is a Highly respected member of the underground and is one
of the nicest people around. Packetstorm is the biggest and most popular Computer
Security site on the net and gets well over 400,000 hits daily. Anyway back to the point,
we got an email from ken informing us that JP (John Vranesevich) of AntiOnline had
filed a LAWSUIT Against Harvard University, (Ken had moved Packetstorm Security from
the Genocide2600 Servers to harvard university a few weeks ago) Because content in
the jp/ directory of the Packet Storm Security site. John Vranesevich claims that ken was
using the server as a platform to harass and threaten him, his family, and his
business. Ken is Ruined... Packetstorm is in Ken's own words: "the site known as
"Packet Storm Security" is history now"..... HNC Is FURIOUS, we have have emails
from alot of PacketStorm supporters orgainising a complete PROTEST aginst AntiOnline
and JP. As of the time of writing the Antionline Servers have been taken offline and
hopefully they will stay that way. JP (John Vranesevich) and his ass licking girlfreind
Carolyn Meinel (also known as the Granny Hacker from Heck) have constantly
threatened people who dislike AntiOnline and themselfs with lawsuits and other legal
threats, most of which have come to nothing but this time have left Ken with nothing.
All of the Packetstorm resources have Been DESTROYED by harvard leaving ken with
nothing. PLEASE PLEASE PLEASE support this protest by placing the banner below on
your website linking back to here:
http://www.hack-net.com/antionline/banner.gif
@HWA
23.0 All-Star Online Voting Cheater Nabbed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
contributed by Weld Pond
A Boston Red Sox fan tries to fix the All-Star voting.
Writing a perl script to automate web voting is hardly
hacking though.
AP
http://detnews.com/1999/sports/9907/07/07070210.htm
Boston Globe
http://www.boston.com/dailyglobe2/188/sports/This_hack_tried_but_couldn_t_connect+.shtml
AP;
Hacker takes on All-Star voting
Associated Press
BOSTON -- The last All-Star game of the 20th century nearly fell prey to late-millenium technology.
Chris Nandor heard in late June that Boston shortstop Nomar Garciaparra was 20,000 votes behind the New York Yankees'
Derek Jeter in All-Star voting. So Nandor took advantage of Major League Baseball's newest way of voting -- via the Internet.
Nandor, 25, of Carver, Mass., went to work on a program that cast some 25,000 votes for Garciaparra, according to
Wednesday editions of The Boston Globe.
On Monday, the American League announced its All-Star lineup, as voted on by fans. And sure enough, there was
Garciaparra at shortstop, 20,446 ahead of Jeter.
As it turned out, Garciaparra won it fair and square.
Fans were allowed to vote 22 times on the Internet, the average number of home games for each team during the balloting.
Nandor's attempt to vote 25,000 times was detected before it could be added to the tally, according to Alex Tam, director of
Major League Baseball's web site.
"Between the 25th and 27th of June, 25,259 votes for Garciaparra were rejected," Tam said Tuesday night. "The same
person also voted for (Scott) Hatteberg, (John) Valentin, and (Jose) Offerman."
It might have worked, but Nandor had attempted the ploy earlier in the voting period.
"We know all about him," Tam said, reeling off Nandor's name, address, age, place of employment, and computer number.
"On May 19, he voted 14,702 times for Garciaparra. We caught all of them and filtered them out.
"Nothing is foolproof. But if you're talking about the average high-end hacker, we think we can catch them."
Nandor thought for a time he'd made the difference.
"Well, when I first heard he won, I wasn't sure, but I thought it could've been me," Nandor said Tuesday night. "But I also
thought it could've been other people in addition to mine."
Nandor said he didn't do it just for kicks.
"I think in large part I did it just because the All-Star game was going to be in Fenway, so I felt Nomar deserved a start on his
home turf, with the incredible season he's had. I still might have done it if the game had been in New York, but it makes me feel
good to have this justification for my actions."
-=-
Boston Globe;
This hack tried but couldn't connect
By Gordon Edes, Globe Staff, 07/07/99
T. PETERSBURG, Fla. - The worst suspicions harbored by Yankee
fans were true. In an attempt to swing the close vote for the American
League's All-Star shortstop in Nomar Garciaparra's favor, a 25-year-old
computer hacker from Carver, Mass., cast around 25,000 votes on the
Internet for the Red Sox star on the last day of balloting.
But relax, Red Sox fans, your man apparently beat Derek Jeter of the
Yankees fair and square. The computer police entrusted with sniffing out
corruption did their job, according to Alex Tam, director of Major League
Baseball's web site (mlb.com). Chris Nandor, who used a computer
programming language to circumvent limits on how many times a person
could vote on the Internet, was caught in the act, Tam said.
''Between the 25th and 27th of June, 25,259 votes for Garciaparra were
rejected,'' Tam said last night. ''The same person also voted for [Scott]
Hatteberg, [John] Valentin, and [Jose] Offerman.''
Nandor, Tam said, had tried this once before. ''We know all about him,''
Tam said, reeling off Nandor's name, address, age, place of employment,
and computer number. ''On May 19, he voted 14,702 times for
Garciaparra. We caught all of them and filtered them out.
''Nothing is foolproof. But if you're talking about the average high-end
hacker, we think we can catch them.''
Nandor, who didn't know his votes were thrown away until last night,
thought he'd done a big favor for Garciaparra, according to Jon Orwant, a
doctoral candidate at the MIT Media Lab and editor-in-chief of the Perl
Journal, Perl being the computer programming language Nandor used in his
attempt at chicanery in cyberspace. Orwant and Nandor are friends.
''I've examined his program and can confirm that it would have stuffed the
ballot box,'' Orwant said in an e-mail message to the Globe, to whom he had
indirectly provided a tip about Nandor's activities.
''These programs are easy to write with Perl. In broad strokes, the way his
program worked is that it pretended to be a human being visiting the All-Star
web site, where it would click on the appropriate buttons and fill in nonsense
for the different fields (e-mail address, city, state, zip, etc.).''
Major League Baseball rules limited Internet users to 22 votes, which
equaled the number of times All-Star ballots were distributed in
major-league parks. What prompted Nandor to weigh in with far greater
numbers?
''A couple of weeks ago I was at Fenway with some people, watching the
Red Sox go through an 11-run first inning against the White Sox, and we
were having a great time and talking about all the different players, and the
upcoming All-Star game,'' Nandor wrote in an e-mail message. ''Someone
mentioned Nomar was falling behind. So I decided I would go home and try
to help Nomar win.
''I think in large part I did it just because the All-Star game was going to be
in Fenway, so I felt Nomar deserved a start on his home turf, with the
incredible season he's had. I still might have done it if the game had been in
New York, but it makes me feel good to have this justification for my
actions.''
But what apparently did in Nandor was a certain amount of laziness
uncharacteristic of his hero, Garciaparra. In his first attempt, in May, Orwant
said, Nandor used the same e-mail address. His last attempt, in June, he
used the same phone number (111-222-3333) and Zip Code (11111).
Nandor wrote that he set his computer to run repeatedly, then went to a
barbecue.
Because he didn't vary those basic bits of information, the systems
administrators at CBS Sportsline, the Internet site that conducted the voting
on the Web for Major League Baseball, caught on quickly, Tam said.
''Sportsline developed the ballots with numerous safeguards in place,'' Tam
said. ''They look at all the results on any given day and scan for patterns.
They also have a way to scan for Perl scripts. They were very well aware of
him from Day 1, and blocked him out.''
So instead of what could have been the worst All-Star voting scandal since
1957, when Cincinnati fans voted eight Reds as starters on the National
League team, leading commissioner Ford Frick to take the voting away from
the fans altogether, MLB claims a clean election.
Jeff Gehl is president of The Marketing Center, the counting house that
tabulated the All-Star votes for Major League Baseball. TMC is based in
Brookfield, Conn., with offices in Weymouth, Mass., and Newport Beach,
Calif.
Gehl said yesterday the Internet accounted for less than 20 percent of the
vote. Most of the ballots counted in the last week were cast at WalMart and
Pepsi-Cola outlets.
''There were several million ballots, and they were sent in one lump sum at
the end of the program,'' Gehl said. ''We had three shifts working last
weekend, processing the ballots.''
Attention, WalMart shoppers: The brand of choice, evidently, is
Garciaparra, who was in third place in the voting until the last batch of votes
were counted.
Orwant, for one, remains unconvinced that the system can withstand a clever
hacker.
''If they claim their system is foolproof, they're wrong,'' he said. ''I'll prove it
to them next year.''
This story ran on page F1 of the Boston Globe on 07/07/99.
� Copyright 1999 Globe Newspaper Company.
@HWA
24.0 Hackernews Now Available on Palm VII
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN
contributed by Silicosis
For those with Palm VII's HNN is pleased to announce
the hackernews PQA. With it, you'll be able to keep up
with all the headlines through the PalmVII's built-in
wireless networking support. Here's some screenshots of
the splash screen and headlines.
http://www.hackernews.com/warez/pilot/mainscreen.gif
http://www.hackernews.com/warez/pilot/headlines.gif
The hackernews PQA can be downloaded here.
http://www.hackernews.com/warez/pilot/hackernews.pqa
@HWA
25.0 U.S. Vulnerable to Cyber Attack
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
contributed by Weld Pond
Jeffrey Hunker spoke at the Black Hat security
conference and warned participants that there a a huge
vulnerability in US information infrastructure. The visible
web site attacks are the least of the governments
worry. External threats to the infrastructure done in
secret are the big problem. Hunker plans on starting an
ROTC-like program to train college students in
information security.
ZDNet
http://www.zdnet.com/zdnn/stories/news/0,4586,2289764,00.html
--------------------------------------------------------------
This story was printed from ZDNN,
located at http://www.zdnet.com/zdnn.
--------------------------------------------------------------
U.S. vulnerable to cyber attack
By Robert Lemos, ZDNN
July 7, 1999 5:35 PM PT
URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2289764,00.html
LAS VEGAS -- Officials from the Clinton Administration, the U.S. Army and the U.S.
Department of Justice laid out how the United States intends to protect its data from foreign and
domestic attacks on Wednesday.
While so-called "hackers" have garnered most of the fame for
attacking systems in highly visible ways, the officials stressed that
external threats were more serious.
"We have a world now where several nations that are hostile to the
U.S., terrorists that are well financed, and even some organized crime
are developing techniques to attack our information infrastructure,"
said Jeffrey Hunker, senior director for infrastructure protection on
the National Security Council.
Hunker spoke at the Black Hat Security Conference in Las Vegas to a
collection of network administrators, security professionals, law enforcement
and military personnel, and a few hackers.
Hunker said the administration believes that countries hostile to the United
States -- yet, weaker militarily -- will instead attack the nation's information
and Internet connections.
At present, the systems are to a great degree unprotected. "We depend on
systems that were never designed with the protection of data from an
organized threat," he said.
Phillip Loranger of the Army's Information Assurance Office agreed. "I would
like to take all of .mil and make it an intranet," he admitted during a luncheon
talk. "Currently, we have trouble keeping people out because we have too
many gateways (to the Internet) and undefined backdoors into our systems."
Industry must take notice
Industry needs to sit up and take notice, said NSC's Hunker. "The truth of
the matter is that (the industry is the one that) owns the systems that are going to be the hardest hit
-- not the federal government."
Hunker outlined a 10-step plan for those companies with an "addiction" to insecure information
systems.
His recommendations included: Identifying vulnerabilities and fixing them; detecting threats and
unauthorized intrusions; better communications between intelligence and law enforcement
agencies; sharing warnings and information about intrusions; designing a system of response to
information emergencies; enhancing research and development; reaching out to Americans to
educate them on the need for cyber security.
Also, as part of the program, Hunker intends to start up a ROTC-like program to train college
students in information security in return for service after graduation. Finally, the Administration
official pushed for better legislation to support security efforts while protecting citizens' civil rights.
DOJ's cybercrime boom
Michael Sussman, senior attorney with the computer crime/intellectual property section of the
Department of Justice, added that the government is also improving its ability to prosecute cyber
criminals, both domestically and abroad. "The computer crime office at the DOJ started out with
two lawyers in 1991," he said. "Now we are approaching 40 quite fast."
Despite the problems, Hunker said the government will not try to regulate the industry into being
more security-conscious. "Late at night, I ask myself [whether we should regulate]," he said. "I am
impatient. But in the U.S., it has been the insurance industry that has been a driver, and that may
be the way [information security will go as well.]"
@HWA
26.0 Logging on to cyber-crime
~~~~~~~~~~~~~~~~~~~~~~~~~
contributed by Weld Pond
Interesting report on an online banking scam. An
attacker set up a mirror site to simulate the banks login
screen. In doing so they were able to get the
customer's username and password.
This is just one of many attacks on online banking. Even
though the security of such systems has not been
worked out the industry proceeds to move forward
signing up customers and putting more of them at risk.
Christian Science Monitor
http://www.csmonitor.com/durable/1999/07/08/p16s1.htm
IDEAS, SCIENCE & TECHNOLOGY
Logging on to cyber-crime
The old-fashioned bank heist is now just a few key strokes away - and almost invisible
Tom Regan
Special to The Christian Science Monitor
Nothing seemed out of the ordinary when clients of the second largest bank in Holland logged on to the bank's Web site to access their accounts.
The first time they entered their username and password, however, they received an error message. When they tried again, they were able to
access their account, conduct their business, and leave.
What they didn't know was that the first time they were not actually at their bank site but at a mirror site set up by a hacker.
The mirror site took their information, e-mailed it to the hacker, then sent the clients to the bank's real site. A few hours later, the hacker went to
the bank site and, using the stolen information, took five gilders (about $2.35) from each account - a sum most people would never miss. Doing this, the hacker was
able to steal thousands of dollars, without the bank or its customers ever knowing.
Luckily, the hacker wasn't a real thief - just someone who wanted to prove that the bank's claims of impenetrable security were nonsense. All the money was
returned. But his actions show the new kinds of crimes that are taking place online, especially as many businesses rush to embrace electronic commerce, without
making sure their online security is strong enough.
"I don't think that we need to be so concerned about cyber-doomsday predictions," says Yael Sachs, president of Aladdin Knowledge Systems's Internet security
unit. "But it's petty crimes like this one on a large scale that will impact our economies to a huge extent."
ILLUSTRATION BY BOB STAAKE
According to the Association of Certified Fraud Examiners, the average bank robbery stole about $14,000, while the average computer theft was more than $2
million. While the exact figure of financial losses due to cyber-crime is not known, most security experts interviewed for this article put it in the billions of dollars.
For instance, AT&T and MCI were forced to give 38,000 consumers credits and refunds worth $2.74 million in 1997 for phone charges they unknowingly incurred
when Internet scam artists hijacked their computer modems. The scam occurred when the victims visited a porn site and downloaded a plug-in to watch a video.
While they were doing this, a vandal program (a rogue application that executes automatically when a user views certain kinds of Web pages or opens an e-mail
attachment) logged them off without their knowledge and redialed their modems to connect to a 900 number overseas, for which they were later billed.
In fact, cyber-criminals based in nations once a part of the Soviet Union are a growing problem for US businesses. In one recent case, two men from St. Petersburg
hacked into a US bank's computer network and transferred $10.5 million from the bank's corporate accounts into accounts they controlled.
"There's a lot going on out there right now," Ms. Sachs says. "Many businesses are driving on the information superhighway at 200 miles an hour without a seat belt
or an airbag."
"When I used to teach, I often told my students that if you want to steal $1 million, use a computer," says Harvey Kushner, chairman of the criminal justice
department at Long Island University. "You get more, you're less likely to get caught, and if you are caught, you'll do less time."
Professor Kushner says that computers have changed the face of crime. Much crime means some form of physical danger for the thief, and normally doesn't result in
much ill-gotten gain.
"But computers enable crimes of concealment and deceit. It doesn't require violence. Anyone with a computer and a little skill can become a cyber-criminal. Smart
college kids sitting in their university dorms can steal enough money to pay for their education, for instance. Five dollars here, five dollars there. Unfortunately, they
don't even think it's really stealing.
"And it's a real challenge for the police. For 20 years, we've been training people to fight crime in a certain way. It used to be that bookies would keep all their
records on rice paper that burned easily in case of a raid. So police had to barge in before the paper could be burned, and they were taught tactics to do that. But
these days, to find that same information, you have to learn how to take apart a computer disk, or follow a vague cyber-trail, often across continents, just for a local
crime."
Kushner also says that Y2K is a real opportunity for cyber-criminals. The emphasis on solving Y2K problems means that important security concerns are being put
on the back burner because of lack of funds, he says.
ILLUSTRATION BY BOB STAAKE
Another problem for those computer security experts is that many companies that are victims of cyber-criminals either have no idea that they have been robbed or
are reluctant to make cyber-crimes public because it might hurt their growing electronic commerce operations.
But steps are being taken to combat cyber-crime. In December 1997, US Attorney General Janet Reno and law officers from several countries agreed to develop
high-tech solutions to combat computer crime and to prosecute criminals who cross borders to rob banks or sell child pornography in cyberspace.
Then last November, the International Chamber of Commerce based in Geneva announced it was establishing a special unit to help companies around the world
combat cyber-crime. The group works closely with Interpol to fight Internet crime. And the US Federal Bureau of Investigation has also established an elite unit to
combat cyber-criminals and cyber-terrorists.
But Sachs says the best thing that businesses of all sizes can do is act to protect themselves (see article at right).
"People feel they have time. They say, 'We don't know anybody who has been hurt.' Well, I know lots of people who have been hurt," Sachs says. "Coming from a
for-profit company, there is always the sense that you're just using scare tactics to promote your product. But people need to be aware of the scope and scale of the
kind of activities taking place, or else they'll become victims as well."
27.0 Parts 1 and 2 of the infowar series ran by the Christian Monitor <!>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
IDEAS
CYBER WARS
Wars of the future... today
The stealth battlefields of information warfare
Tom Regan
Special to The Christian Science Monitor
For the past three generations of Americans, going to war meant images of Robert E. Lee on horseback, front page stories of a sharpshooting
Sergeant York, newsreel footage of Marines storming Guadalcanal, Walter Cronkite interviewing American GIs in Vietnam, or CNN's live
coverage of military operations during the Gulf War.
But the wars of the future may not be so hands-on. Or so visible. Instead, they may be fought by "cyber-knights," young men and women who sit
at rows of computers at secret locations in the United States and can launch a barrage of cruise missiles from an unmanned naval vessel in the
Mediterranean, or release an Internet virus that will overload the power grid in Pyongyang, North Korea.
There will be no news coverage of battlefields, because there may not be battlefields as we now know them. These wars may be more damaging,
but they will mean fewer casualties and quicker victories.
There is another side to this cyber-scenario, however.
As the US moves toward using information warfare, so do its opponents. In fact, many say that the more the US uses cyber-technology as a weapon, the more it
exposes itself to cyber-attack by foreign governments, freelance hacker/terrorists and clever cyber-criminals.
In terms of conventional weaponry, the US dominates the global battlefield. With Russia reeling from economic and political catastrophes and China years behind in
firepower (although recent events have shown that time window is much shorter than originally thought), there are no legitimate contenders for the US title of world
superpower.
BOB STAAKE
It's no wonder then that many foreign government and terrorist organizations view the Internet and other computer network systems as a way to balance the odds
quickly and cheaply.
Yet there may be no choice but to move forward, as information technology becomes more and more important to the way the US, and the world, does business,
relaxes, and defends itself.
Forewarned?
Normally, forewarned is forearmed. In cyberspace, that isn't always the case.
Take the NATO bombing of the Chinese embassy in Belgrade several weeks ago. Rage spread across China and hackers from the mainland attacked the Web sites
of the US Departments of Energy and the Interior, and the National Park Service. A subsequent attack brought down the White House Web site for three days. The
attacks generated headlines across the country.
What the news media didn't report was that the US government had known for a long time that someone had been in its computer systems - they just didn't know
who. Then, in a fit of anger, the Chinese hackers caused some real damage - and gave away the hidden "location" of several "backdoors" they had built in US
government networks. (See story on page 14 for explanation of "backdoors.") Now that this threat is known, most people might think it can be prevented from
happening again. Not quite.
It's the foreign hackers who didn't lose their cool, say computer security experts, that everyone needs to worry about. These are the people who, at a time of
conflict, will use still-undetected backdoors to gain entrance to government and military computers and corrupt or falsify strategic information.
Warfare at the speed of thought
"There is a hidden war going on at this very moment to penetrate corporation and government sites," says Ed Roche of The Concours Group, an international firm
that studies Internet security issues.
Many computer security professionals and academics, such as Dr. Roche, say we are entering a new age of conflict, one that will be fought over networked
computer systems like the Internet. And the ways we engage in these conflicts will affect more than soldiers on the battlefield. This new form of conflict could
dramatically disrupt daily life in the US - power grids, phone systems, commuter trains, airplane guidance systems, to name a few.
The US Government Accounting Office estimates 120 groups or countries have or are developing information-warfare systems. According to a report issued by the
Center for Strategic and International Studies, 23 nations have cyber-targeted the US.
The National Computer Security Center reported last year that of "520 large US corporations, government agencies, and universities that responded [to their
survey], 64 percent reported intrusions, up 16 percent in a year. The Internet was the main point of attack."
And while more attention is being paid to developing adequate security for government networks, private commercial networks may prove to be the roads through
which an information-warfare attack is launched on the US.
Anybody can get you anywhere
One reason for the problem is the speed at which the Internet has grown, Roche says. This rapid growth (which includes the rush to create e-commerce options for
commercial Web sites and the movement toward just-in-time production that allows outside vendors access to a company's main computer network) has created
holes faster than government and industry can close them. These holes can then be exploited by terrorists or foreign governments.
If, instead of attacking military systems and databases, an enemy attacked unprotected civilian infrastructure, the economic and military results would be disastrous,
warned the 1994 Joint Security Commission's Report on Redefining Security. More than 95 percent of defense and intelligence community voice and data traffic
uses the public telephone systems.
Attacks are already under way against both government and private computer networks in the US:
The US defense department acknowledges that its computer systems are attacked 60 to 80 times a day. Most security experts say that the real number of
attacks is higher.
A private computer security firm hired by the US government found that a foreign nation had attempted to use computers to change the composition of tensile
steel in an American steel-manufacturing plant. The aim was to cause the steel to crack when side stresses were placed on it during freezing conditions.
A baby-food manufacturer discovered by accident that one of the standard components in its infant food had been increased 400 fold - to toxic levels. The
manufacturer was unable to find out who broke into its system because the attack came through a vendor integrated into the company's network.
Also 1997's Operation Eligible Receiver demonstrated the potential vulnerability of the US government's information systems. The National Security Agency hired
35 hackers to launch simulated attacks on the national information structure. The hackers obtained "root access" - the highest level of control - in 36 of the
government's 40,000 networks.
If the exercise had been real, the attackers would have been able to create power outages across Los Angeles, Chicago, Washington, and New York. They could
have disrupted the Department of Defense's communication systems (taking out most of the Pacific Command) and gained access to computer systems aboard US
Navy vessels.
It was a disturbing exercise. So much so, that several top White House officials have spoken of the possibility of an "electronic Pearl Harbor" attack on the US
mainland. Added to these vulnerabilities is the fact that most Americans have no sense of how information warfare will affect them.
"When you think of cyber-warfare in terms of conflict, you have to broaden the context," says James Adams, head of Infrastructure Defense and author of 12 books
on espionage and terrorism.
"In the past, we saw conflict as a range of things that happened terrestrially - terrorism on one end and global nuclear war on the other. That meant soldiers at the
high end of conflict and civilians at the lower end.
"But in cyberspace," Mr. Adams says, "the front line has changed. All of us are now a part of the front line. The arena of conflict has widened, and it's not just those
who are wired who are vulnerable. If a foreign government or a terrorist group takes out the New York power grid, it will affect those without computers as much as
it will affect those with them."
If we want to see how much cyber-warfare has become a part of a country's arsenal, we need only look at the conflict in Kosovo, according to Adams. Serbia is a
technology "have-not," while China is a technology "have." Yet both countries used the Internet to launch attacks on the US and NATO information structures.
"There are at least six nations right now who have active groups, paid by their governments, trying to formulate tools and procedures to cause computer terrorism in
US corporations," says Jay Valentine, head of Infoglide, a database analysis company that works extensively with the US government.
"Those countries are Syria, Iran, China, India, Pakistan and Israel. [Other experts add France and Russia to this group.] Not all of them are bad guys, "Mr.
Valentine says. "Some are doing it for defensive reasons, but they all have backdoors into American government computers. We have detected several 'software
tools' which are used to erase 'computer fingerprints.' "
Not everyone, however, thinks the current situation is so bleak. "Everyone likes to talk about the 'electronic Pearl Harbor' or the 'electronic Waterloo' scenarios,"
says Wallace Theiss, a specialist in conflict and security issues. "For the time being I would be much more worried about governments and terrorists with bombs than
with computers."
Meanwhile, the US government is taking information warfare seriously. President Clinton recently announced a $1.46 billion program to improve US government
computer security, including the creation of special "Cyber Cop" units to work with both government and industry.
Senate Republicans want to give Dartmouth College enough money to create two laboratories to research ways to counter terrorists armed for biological or
cyber-warfare. The FBI has created a special unit to deal with acts of computer sabotage and crime committed within the US. And the US has been actively using
information-warfare weapons since the early 1990s, primarily as backup for battlefield operations but also to prepare for future wars that may be fought online. (See
story on page 16 for more on military's plans for future.)
"It is a very serious problem," says Adams. "And it's getting more serious day by day. The structures that we have held constant for many years are disappearing and
we need to look at things with new eyes. After all, your defenses are only as good as the single event that takes you down."
(part2)
IDEAS, SCIENCE & TECHNOLOGY
When terrorists turn to the Internet
Seemingly unconnected events may have a more sinister source: coordinated cyber-hacker attacks.
Tom Regan
Special to The Christian Science Monitor
It's 8 a.m., morning rush hour in New York. People and cars move slowly and somewhat irritably toward the city. Suddenly, the power goes down
and traffic lights cease working. Everything comes to a complete stop. Meanwhile, half a country away, the water system malfunctions in Detroit.
Then, in Dallas, air traffic becomes dangerously chaotic as guidance systems go offline.
On the surface, it seems like a series of unconnected events. But information security experts say it could also be the sign of a terrorist cyber-attack -
well-coordinated, extremely effective, and so anonymous it leaves its targets not quite sure what happened.
While the above situation has never taken place, many industry experts say it could. In fact, they're somewhat surprised it hasn't already.
The United States government and US businesses know that developing an effective response to cyber-terrorism is essential. This, at least, is the first step, even
though they have a long way to go in addressing the problem.
This is the new world of cyber-terrorism.
No other country or group can approach the US conventional-weapon superiority. This is why many terrorists find information terrorism an attractive alternative to
traditional forms of terrorism. Cyber-terrorism allows terrorists - both foreign and domestic - to inflict damage with no harm to themselves and little chance of being
caught. It is a way for the "weak" to attack the "strong," particularly to disrupt a stronger force at a key time during an operation.
If you want to understand terrorism in the Information Age, you need to understand how it has changed since the 1970s, says Harvey Kushner, chairman of the
criminal-justice department at Long Island University and an expert on terrorism.
"We have moved away from state-sponsored terrorism," Dr. Kushner says. "The old model of the hierarchical or 'organized crime' group, no
longer exists. These days, terrorists move in loose groups, constellations with free-flowing structures. So these days terrorism - both the
traditional kind and cyber-terrorism - is more the act of the freelancer or the individual. This is true both internationally and nationally."
This doesn't mean states don't play a role in cyber-terrorism, Kushner says. It's just different from the one they played in the past.
"States find ways to encourage this behavior. They will use incendiary rhetoric to inflame passions. This will enrage some freelancer, who will
then commit an act of cyber-terrorism. The Chinese hacker attacks on US targets after the bombing of the Chinese Embassy in Belgrade are a
perfect example. And it comes at no cost to the state, which can say it had nothing to do with the attack," he says.
So who is the modern cyber-terrorist?
"The popular image is very out of kilter with reality," says James Adams, head of Infrastructure Defense, an organization founded to help
governments and businesses deal with cyber-warfare and terrorism. "You know, the image of the 18-year-old with a ponytail who spends 20
out of 24 hours over a computer, hacking into a site because it gives him a rush."
In fact, says Mr. Adams, cyber-terrorism is likely to be committed by Russian organized crime, or white supremist groups, or religious cults
and extremists, to name a few examples.
These groups tend to work in the loose manner Kushner describes, and detailed in a 1999 report on cyber-terrorism, "Countering the New
Terrorism," by the Rand Corp. It describes the structure of these new networked organizations as "SPIN": segmented, polycentric,
ideologically integrated networks.
These SPIN groups are not just using the computers to launch attacks, but also to coordinate their activities.
For instance, the Rand report notes that Saudi religious extremist Osama bin Laden's organization "appears to have widely adapted information technology."
Egyptian members of Mr. bin Laden's network are said to have helped devise a communications network that relies on the Web, e-mail, and electronic bulletin
boards so that members can exchange information without running a major risk of being caught by US counterterrorism organizations.
A third way that terrorists use the Internet is to tell their "story" directly to the public. Several terrorists groups have used the Web not only to bypass traditional news
media, but also to influence how the media report on a terrorist act.
But it may not be long before groups like bin Laden's use their technological expertise to launch a cyber-attack.
"With respect to the availability of desirable targets via cyberspace, terrorists are likely to choose to employ electronic attacks only if the reachable assets are
attractive targets, and as infrastructure industries continue to modernize their information systems to take advantage of the benefits of [information technology], this
situation will become more likely," notes a report in the fall 1997 issue of Survival, "Information Technology and the Terrorist Threat."
"Cyber-terrorism really is a result of the Internet," says Ed Roche of The Concours Group, an international firm that studies Internet security issues. "Terrorism
certainly existed before the Internet, but in order to do it, you had to be there. With the Internet, a group in, say, Madras, India, can bring down Con-Ed."
Dr. Roche, who believes there will be a major cyber-terrorist attack on the US in the next two years, says it is corporate, rather than government, information
structures that are most at risk.
"There is a very poor sense of security in many of these enterprises. Intranets are also a real security problem. And I don't see these factors changing anytime soon."
Also, one of the great difficulties in deterring and defending against terrorist attacks is determining the actual source of the attack, says Prof. Richard Harknett of the
University of Cincinnati. The potential for anonymity in cyberspace will only make this problem more vexing.
"Two things tend to constrain traditional terrorism: to achieve political ends through terrorism one has to be attributed with the attack, which opens the door to
retaliation; second, most terrorist attacks involve destruction," he says. "If the line is crossed, retaliation can be invited.
"In cyber-terrorism the main goal will be disruption, rather than destruction," Prof. Harknett says. "In societies highly reliant on information systems, disruption to
those systems can cause short-term inconvenience, but more importantly, long-term loss of confidence in the viability of those systems. Will the US retaliate with
military means if ATM banking in New York City is disrupted monthly through repeated attacks? At what point will people begin to question the reliability of
digitized banking? How many disruptions will it take?"
Back to the hackers.
But what about the simple hacker? One problem with cyber-terrorism, note computer security experts, is that it's hard to tell if a cyber-attack has been launched by
a rogue state, a terrorist, or a couple of kids in their garage. For instance, one of the most damaging cyber-attacks on the US military infrastructure was launched by
an Israeli youth with help from some teenagers in California.
As a result, computer-security experts and justice organizations like the FBI now treat all cyber-attacks the same, regardless of the source - a situation that has
enraged many hackers. Yet part of the reason security experts may be responding this way could be the fear that these "innocent" hackers could turn their talents to
more ominous purposes.
While the article in Survival notes that terrorism is more extreme and "far more aberrant than prankish hacking," there is no doubt that acts of hacking can have the
same consequences as acts of terrorism.
"Regarding the question of whether hackers today will be terrorists of tomorrow, one can only point to the fact that some hackers have been willing to act in concert
to attack the telecommunications infrastructure, and insofar as an infrastructure attack constitutes terrorism, hacker terrorism has already occurred." A recent
example of hacker terrorism (or is it?) is the Internet worm - Worm.ExploreZip - that created havoc in computer e-mail systems around the world, but particularly at
corporations such as Microsoft, Intel, and NBC (see worm article page 14).
Protecting against hackers also raises other issues, says Ron Moritz, director of the technology office for Finjan Software Inc., which specializes in mobile code
security. For instance, how far can the government go to protect itself before it infringes on personal liberties?
"It is possible to send a large current down a phone line and wipe out an individual's computer. But can we do that? Is it right to do that? For instance, where is the
line 'online' between civil disobedience and terrorism?" Mr. Moritz points to an attempt by the New York-based Electronic Disturbance Theater to "block the
entrance" of a number of sites in an effort to support the Zapatista movement in Mexico. When the EDT invited people to "sign" a petition that would attempt to
overload the Pentagon's Web site and computers, the Pentagon fired back a Java software program that crashed the machine of the person who had signed the
petition on the EDT site.
Another problem may be that while news media coverage is needed to raise awareness of cyber-terrorism, it could lead to bad decisionmaking, according to Glenn
Buchan in his 1996 report for the Rand Corp., "Information War and the Air Force: Wave of the Future? Current Fad?"
Meanwhile, others are attempting to find solutions to cyberterrorism. Sy Goodman, director of the Stanford University Consortium for Research on Information
Security and Policy and one of the authors of the Survival article on cyber-terrorism, will host a conference in Palo Alto in early December to try to find international
answers to cyber-terrorism and cyber-crime. Goodman hopes the conference will lead to agreements that will fight cyber-attacks in the same way nations now agree
on how to fight air hijacking.
"There needs to be constant discussion of what the situation is," Kushner says. "In the past, we knew who our enemies were. For instance, on the battlefield, they
wore different uniforms than us. But if no one wore uniforms, we wouldn't know who was on our side or who to fight. What our technology has done is make us
naked."
@HWA
28.0 Novell Cracker Pandora 4.0 Released
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN
contributed by Simple Nomad
Pandora can test the strength of Netware 4.x and 5.x
passwords. It is a must have auditing tool for Netware
security people.
Bugtraq - Press Release
http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-07-1&msg=Pine.LNX.3.96.990706070337.76B-100000@vortex.nmrc.org
Nomad Mobile Research Center
http://www.nmrc.org
Press Release;
To:BugTraq
Subject:Pandora v4 Announcement
Date:Tue Jul 06 1999 07:06:45
Author:Simple Nomad
Message-ID: <Pine.LNX.3.96.990706070337.76B-100000@vortex.nmrc.org>
_______________________________________________________________________________
Nomad Mobile Research Centre
A N N O U N C E M E N T
www.nmrc.org
Simple Nomad [thegnome@nmrc.org]
05Jul1999
_______________________________________________________________________________
Product : Pandora v4.0
Platform : Windows 95/98/NT,
X Windows on Linux 2.x
The long-awaited Pandora v4.0 with "point, click, and attack" GUI interface is
now available. Running under Windows 95/98/NT or Linux with X, this security
audit tool with full metal jacket ninja kungfu action was compiled with 100%
freeware compilers using freeware libraries with no big corporation SDK
assistance. In other words, the GUI looks and behaves the same on either
Windows or Linux.
Old Pandora v3 exploits are back, with Netware 4.x AND Netware 5.x support. We
have even updated several attacks to make them easier to use and to take
advantage of our GUI.
The GUI interface has some important new features:
* Offline and Online components. Offline for cracking passwords offline,
and Online for direct server attacks.
Offline (for Windows and Linux) includes:
* Password cracking of Netware 4.x and 5.x passwords.
* Reads native NDS files -- as well as maintenance files such as
BACKUP.DS and DSREPAIR.DIB -- and extracts password hashes for
cracking.
* Reads Netware 4.x and 5.x versions of NDS, BACKUP.DS, and
DSREPAIR.DIB.
* Multiple accounts can be brute forced and dictionary cracked
simultaneously.
* Preset and user-definable keyspace for brute forcing.
* On screen sorting of account listings for easy viewing.
* Built-in NDS browser to look at all NDS objects.
* Remote Console Decryption using The Ruiner's decryption algorithm.
Online (Linux coming soon, hey we're in beta!) includes:
* Attach to servers using only the password hash (if you do not wish to
crack them).
* Dictionary attacks against NDS objects that detect if Intruder
Detection was triggered.
* Browse for target servers and gather connection info for spoofing
attacks.
* GameOver spoofing attack against servers not using Level 3 packet
signature.
* Improved Level3-1 attack which no longer requires using a sniffer to
find elusive data for Admin session hijacking, just add in the Admin's
MAC address and we do the rest.
* Several nasty Denial of Service attacks.
Full source code included in case you don't trust our binaries, and for adding
your own code.
Check out binaries, code, doco, rants, and more at http://www.nmrc.org/pandora/
_______________________________________________________________________________
Simple Nomad //
thegnome@nmrc.org // ....no rest for the Wicca'd....
www.nmrc.org //
@HWA
29.0 Cypherpunks will hold meeting at DefCon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN
contributed by deepquest
SF Bay Area Cypherpunks July 1999 In Two Places At
One Time!
This July, the Bay Area Cypherpunks begin to challenge
the laws of physics by meeting in two places at one
time. Our first experiment will be on the campus of
Stanford University, extracting quantum slack from the
Stanford Linear Accelerator (er, actually Tresidder Union
coffee shop) and rematerializing in Las Vegas at Defcon
at the Alexis Park hotel. Both events will be open public
meetings on US soil.
Events:
Sat 10 July 1:00 - 5:00 PM
Stanford University Campus - Tresidder Union courtyard
Spot the Cypherpunk Contest:
This will be somewhat easier at Stanford than at Defcon
:-)
Ian Goldberg - Zer0knowledge Network (zks.net)
Using the Internet Pseudonymously: One Year Later
ZKS will be releasing Freedom 1.0 Beta 2
Cypherpunks Meetings
http://www.freedomfighter.net/cypherpunks/physical.html
@HWA
30.0
-=--=--=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-
T E R M U M L
H U O R I L
-=--=--=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-
Rumours:
~~~~~~~
Send rumours to hwa@press.usmc.net, or join our irc channel and gossip!! tnx ..
+ www.403-security.org has had a facelift, check out the new look and leave your comments to
astral on how you like it...
+ Help! net-security is changing servers and may be down for a few days while they overcome
some new server teething problems (probably dns related).see elsewhere this issue for more
details ...
+ HNN: contributed by Space Rogue, HNN hopes everyone has a fun filled Fourth of July weekend.
Note, that there will be no news update on Monday. Be sure to check in next week as we
attempt to update the site remotely from Defcon7 in LasVegas.
We should be ready to announce the HNN T-shirts that everyone has been asking for on Tuesday.
Oh, and SETI@Home released version 1.5 of the SETI software last Wednesday which fixes quite a
few bugs. (with all the news lately we forgot to mention it). Be sure to join up with the HNN
team as you search for that Aranakin guy.
HNN Team for SETI@Home
http://setiathome.ssl.berkeley.edu/cgi-bin/cgi?cmd=team_lookup&name=The+Hacker+News+Network
AD.S ADVERTI$ING. The HWA black market ADVERTISEMENT$.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*****************************************************************************
* *
* ATTRITION.ORG http://www.attrition.org *
* ATTRITION.ORG Advisory Archive, Hacked Page Mirror *
* ATTRITION.ORG DoS Database, Crypto Archive *
* ATTRITION.ORG Sarcasm, Rudeness, and More. *
* *
*****************************************************************************
www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.freekevi
n.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnick.co
m www.2600.com ########################################ww.2600.com www.freeke
vin.com www.kev# Support 2600.com and the Free Kevin #.com www.kevinmitnick.
com www.2600.co# defense fund site, visit it now! . # www.2600.com www.free
kevin.com www.k# FREE KEVIN! #in.com www.kevinmitnic
k.com www.2600.########################################om www.2600.com www.fre
ekevin.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnic
k.com www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.fre
<a href="http://www.2600.com/">www.2600.com</a>
<a href="http://www.kevinmitnick.com></a>
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* www.csoft.net webhosting, shell, unlimited hits bandwidth ... www.csoft.net *
* www.csoft.net www.csoft.net www.csoft.net www.csoft.net www.csoft.net *
<a href="http://www.csoft.net">One of our sponsers, visit them now</a> www.csoft.net
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* WWW.BIZTECHTV.COM/PARSE WEDNESDAYS AT 4:30PM EST, HACK/PHREAK CALL-IN WEBTV *
* JOIN #PARSE FOR LIVE PARTICIPATION IN SHOW CHAT OR THE WEBCHAT, AND WEBBOARD*
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* WWW.2600.COM OFF THE HOOK LIVE NETCAST'S TUES SIMULCAST ON WBAI IN NYC @8PM *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
//////////////////////////////////////////////////////////////////////////////
// To place an ad in this section simply type it up and email it to //
// hwa@press,usmc.net, put AD! in the subject header please. - Ed //
//////////////////////////////////////////////////////////////////////////////
@HWA
HA.HA Humour and puzzles ...etc
~~~~~~~~~~~~~~~~~~~~~~~~~
Don't worry. worry a *lot*
Send in submissions for this section please! .............
@HWA
SITE.1
@HWA
H.W Hacked websites
~~~~~~~~~~~~~~~~
Note: The hacked site reports stay, especially with some cool hits by
groups like *H.A.R.P, go get em boyz racism is a mugs game! - Ed
* Hackers Against Racist Propaganda (See issue #7)
Haven't heard from Catharsys in a while for those following their saga visit
http://frey.rapidnet.com/~ptah/ for 'the story so far'...
From HNN rumours section http://www.hackernews.com/
see the archives section on HNN or attrition.org for copies of many of these
sites in their defaced form.
http://www.attrition.org/
July 5th
Sites list unavailable from HNN due to Def-Con, so these were done manually or from
other sources like attrition.org (got attrition?)
Cracked July 9th - http://setiathome.ssl.berkeley.edu/ ... Confirmed.
Cracked July 10th - http://gldpsp.cr.usgs.gov/ ... Confirmed.
Cracked July 7th - ... Confirmed.
-------------------------------------------------------------------------
A.0 APPENDICES
_________________________________________________________________________
A.1 PHACVW, sekurity, security, cyberwar links
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The links are no longer maintained in this file, there is now a
links section on the http://welcome.to/HWA.hax0r.news/ url so check
there for current links etc.
The hack FAQ (The #hack/alt.2600 faq)
http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html
<a href="http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html">hack-faq</a>
Hacker's Jargon File (The quote file)
http://www.lysator.liu.se/hackdict/split2/main_index.html
<a href="http://www.lysator.liu.se/hackdict/split2/main_index.html">Original jargon file</a>
New Hacker's Jargon File.
http://www.tuxedo.org/~esr/jargon/
<a href="http://www.tuxedo.org/~esr/jargon/">New jargon file</a>
HWA.hax0r.news Mirror Sites:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.csoft.net/~hwa/
http://www.digitalgeeks.com/hwa.
http://members.tripod.com/~hwa_2k
http://welcome.to/HWA.hax0r.news/
http://www.attrition.org/~modify/texts/zines/HWA/
http://packetstorm.genocide2600.com/hwahaxornews/
http://archives.projectgamma.com/zines/hwa/.
http://www.403-security.org/Htmls/hwa.hax0r.news.htm
International links:(TBC)
~~~~~~~~~~~~~~~~~~~~~~~~~
Foreign correspondants and others please send in news site links that
have security news from foreign countries for inclusion in this list
thanks... - Ed
Belgium.......: http://bewoner.dma.be/cum/
<a href="http://bewoner.dma.be/cum/">Go there</a>
Brasil........: http://www.psynet.net/ka0z
<a href="http://www.psynet.net/ka0z/">Go there</a>
http://www.elementais.cjb.net
<a href="http://www.elementais.cjb.net/">Go there</a>
Canada .......: http://www.hackcanada.com
<a href="http://www.hackcanada.com/">Go there</a>
Columbia......: http://www.cascabel.8m.com
<a href="http://www.cascabel.8m.com/">Go there</a>
http://www.intrusos.cjb.net
<a href="http://www.intrusos.cjb.net">Go there</a>
Indonesia.....: http://www.k-elektronik.org/index2.html
<a href="http://www.k-elektronik.org/index2.html">Go there</a>
http://members.xoom.com/neblonica/
<a href="http://members.xoom.com/neblonica/">Go there</a>
http://hackerlink.or.id/
<a href="http://hackerlink.or.id/">Go there</a>
Netherlands...: http://security.pine.nl/
<a href="http://security.pine.nl/">Go there</a>
Russia........: http://www.tsu.ru/~eugene/
<a href="http://www.tsu.ru/~eugene/">Go there</a>
Singapore.....: http://www.icepoint.com
<a href="http://www.icepoint.com">Go there</a>
Turkey........: http://www.trscene.org - Turkish Scene is Turkey's first and best security related e-zine.
<a href="http://www.trscene.org/">Go there</a>
Got a link for this section? email it to hwa@press.usmc.net and i'll
review it and post it here if it merits it.
@HWA
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--
� 1998, 1999 (c) Cruciphux/HWA.hax0r.news <tm> (R) { w00t }
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
[45:6E:64]-[28:63:29:31:39:39:38:20:68:77:61:20:73:74:65:76:65]