Forwarded From: Simon Taplin <stickert_private> HACKERS have broken into computer systems at some of South Africa's biggest companies, taking with them top-secret passwords.The bulk of the attacks came in the past three weeks and coincided with the school holidays and the release of a hacking tool on the Internet. At least one 13-year-old has been caught breaking into a massive computer network. In the most recent incidents: a.. The computers at one of South Africa's biggest companies were used as a gateway for hacking into other companies; b.. A hacker claimed that a list of credit card numbers was downloaded from the database of an on-line ticket booking agency, but this has been denied by the company; c.. The database linked to a cinema chain's web site was accessed and altered; d.. The home page of a computer company's web site was completely altered; and e.. Passwords belonging to users of two Internet service providers were stolen and E-mailed to people in the computer industry. At the cinema chain's web site, the mischievous hackers completely altered the Top 10 movie listing. Many system administrators have observed an increase in hacking attempts on their networks over the past three weeks. Security logs show that many of these attacks have involved the running of scanning programmes, in particular the "mscan" hacking tool, posted on a popular hacker web site some two and a half weeks ago. Local web servers on the list of casualties include The Internet Solution, Acenet and MWeb, countless other Internet service providers and a number of corporate servers. Acenet's technical director, Wilhelm Lehmann, confirmed a malicious hacker had managed to intercept the user names and log-ins of several people, but added that the company had a complete list of the individuals concerned and had contacted them. MWeb's public relations officer, Karen Visser, confirmed servers on its system had occasionally been "compromised" in the past, but she said any security loopholes had been closed effectively. The Internet Solution's marketing manager, Alison Wright, confirmed that one of its unprotected servers had been compromised, but stressed the server did not contain any critical data and that the incident had not affected any of the company's clients. "People attempt to break into our network on an ongoing basis," said Trent Rossini, director of The Internet Solutions' electronic commerce division. "It's not whether hackers are trying, but whether they are successful," Rossini said. Deloitte & Touche security consultant Ryan Reuben said: "There is a big difference between changing the titles on a Top 10 movie listing and industrial espionage. But the reality is that it is easy to get into public web sites. Depending on the other security measures, individuals who want to could cause serious damage." Fortunately, the hackers involved in five of the incidents were not malicious, and after exploring the vulnerabilities of the computer systems -- which included the public websites of two major banks, two entertainment companies and one corporation -- then notified the administrators about the security risks they had discovered. At least one young hacker - a 13-year-old Cape teenager - has been traced by one of the biggest Internet service providers in the country. The electronic footprints of another hacker were tracked from a network he had broken into - through various servers and a dial-up connection - to a leafy Gauteng suburb. A 30-year-old man was identified as the hacker and a pending criminal case against him may be the first of its kind to be heard in a South African court. -o- Subscribe: mail majordomot_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:59:03 PDT