[ISN] Forbes Interviews HFG

From: mea culpa (jerichoat_private)
Date: Mon Nov 02 1998 - 05:50:27 PST

  • Next message: mea culpa: "Re: [ISN] Forbes Interviews"

    [Moderator: The editing on this article is quite lacking. Use of 'FEB'
     instead of 'FBI' and other typos/errors make this a bit difficult 
     to read.]
    Forwarded From: Modify <modifyat_private>
    A Forbes reporter meets with the ringleader of the gang that hacked the
    New York Times. Here's an inside look into the picaresque underworld of
    Slut Puppy and Master Pimp. 
    "We were long gone when he pulled the plug" 
    By Adam L. Penenberg
    Slut Puppy and his partner in crime, Master Pimp, hacked the New York
    Times on Sept. 13 because they were bored and couldn't agree on a video to
    watch. They are members of the cyberspace gang, "Hacking for Girlies"
    (HF), and for six months this year operated out of Slut Puppy's three-room
    condo, a place so tidy, so clean, it seemed positively unhackerlike. Of
    course, that didn't mean there were no telltale signs that hackers typed
    here. The blinds were drawn, the only light source beamed from computer
    screens. It could just as easily have been 3 a.m. as 3 p.m.
    On the condition we protect his anonymity, Slut Puppy agreed to give this
    Forbes reporter an inside account of the group's hacksploits. 
    If you operate on the Internet, you could get hacked. The highwaymen of
    the Internet are a loosely affiliated brotherhood (and sisterhood) of
    techno-savvy people who make a hobby of puncturing what they regard as the
    pomposities of society. As far as breaking the law is concerned, they
    think of themselves as kind of a cross between the Scarlet Pimpernel and
    Robin Hood—harassing people they don't like, thumbing their noses at the
    Members of the brotherhood took over the New York Times' Web site for
    three hours on that day, replacing the welcome screen with one tinged with
    nudity and obscenity. In a diatribe, Slut Puppy roasted Times technology
    reporter John Markoff for his coverage of imprisoned hacker- martyr Kevin
    To the people at the New York Times, the prank was sacrilege. When they
    discovered the hacked page and were unable to restore their own news
    content, the Timesters were forced to shut down the site for nine hours. 
    While Times technicians located and plugged security holes, the company
    reported the hack to the FEB. Joseph Valiquette, spokesman for the FEB's
    New York office, confirmed that the agency's computer crime squad is
    Today the perpetrators are two of the most wanted fugitives in cyberspace. 
    Although the Times prank may have been Hacking for Girlies' most
    spectacular hack, the newspaper was not its first target. In April of this
    year it penetrated Rt66 Internet, an Albuquerque Internet service
    provider. Over the next four months the gang claimed assaults on, among
    others, NASA's Jet Propulsion Laboratory, Motorola and Penthouse magazine
    before returning to Rt66 in August. 
    To penetrate the Times, Slut Puppy and Master Pimp employed what is called
    a remote root buffer overflow. By transmitting too many data into a
    targeted zone, then tracking and manipulating the characters that could
    not fit into that space, they were able to trick the system into running
    their commands as if they were being issued by New York Times system
    After wheedling their way inside the server, they pulled down the Times'
    front page and replaced it with one shown in part here, a fake layout that
    Slut Puppy had composed with two other members of HFG: Sidekick Slappy and
    Daddy Sweetcakes, both of whom work off-site and communicate with the gang
    exclusively over the Internet. 
    Slut Puppy and Master Pimp were able to control so many functions on the
    site that when Times technicians tried to pull their hacked page and
    replace it with standard news content, the hackers, who had logged off by
    then, used a program that automatically slipped their page back. For
    almost three hours this went back and forth, until the Times took its site
    off-line. Chortles Slut Puppy, "They seemed to have no idea how we got
    in—or how to stop us." 
    On his hacked page Slut Puppy included several pointed references to John
    Markoff, the Times reporter who co-wrote the 1996 book Takedown, which
    detailed the search and capture of Kevin Mitnick, a hacker who faces a
    25-count indictment on a variety of computer and wire-fraud charges. 
    Mitnick, whose trial starts in January, has become a martyr to hackers. 
    Although Slut Puppy knows Mitnick broke the law, he and many other hackers
    blame Markoff for hyping Mitnick's crimes in Takedown, for which he
    reportedly shared a $750,000 advance. The book is also being turned into a
    movie, which will undoubtedly increase pro-Mitnick protest activities in
    Markoff says he loses no sleep over Mitnick, who has already pleaded
    guilty and served time for possession of unauthorized access codes to
    cellular phones and for violating parole. "You have to wonder how deep
    these hackers' thinking goes," Markoff says. "If they have a political
    cause, they are accomplishing the exact opposite of their goal. No one is
    doing more to promote the upcoming movie than the hackers themselves." 
    Markoff wasn't the only one to make it onto Hag's hit list. Carolyn P. 
    Meinel of Cedar Crest, N.M. is its public enemy number one. 
    Meinel is the author of The Happy Hacker, a kind of Hacking for Dummies
    volume chock-full of folksy golly-gee-isms interspersed with geek talk.
    The goal of the book is to teach "newbies" how to hack legally. The book's
    tone irks many of the more sophisticated hackers, who claim to be on a
    mission to show how porous most computer security is—the law be damned. 
    And here was Meinel asserting in public forums that hacker groups were
    like street gangs, forcing teenage initiates to commit crimes to gain
    membership.  "Meinel has this idea that as the Happy Hacker she is this
    noble leader among leaders," Slut Puppy says. "But she pretends to know
    more than she does, so we thought, 'Let's make her life hell.'" 
    After a cozy Easter Day dinner in April, John Mocho, co-owner of Rt66
    Internet, was showing his son and grandson how to upload family photos to
    his wife's Web site. The hackers had nothing against Rt66. Their target
    was one of the isp's customers. 
    A wholesome family scene turned downright unwholesome when Mocho tried to
    access his isp's front page. Instead of the usual welcome screen, he was
    met with a picture of one of his customers, 52-year-old mother of six
    Carolyn Meinel, posing on the cover of a fictional publication, "Crack
    Whore Magazine," as well as her credit card number. A gang Mocho had never
    heard of, calling itself Hacking for Girlies, claimed responsibility. 
    While his son rushed his grandson into the next room, Mocho went after the
    hackers. "I had never been hacked before," he said. "This was my ISP, my
    customers. I wanted them off as soon as possible." 
    Mocho launched a preemptive strike. He typed in the Unix command "kill-9," 
    which he assumed would cripple the hackers' ability to issue commands. 
    Seconds later Mocho was booted off his own network. 
    Figuring there was only one sure way to get rid of them, he jumped into
    his car and, driving 55mph in a 30mph zone, made it to his office in three
    minutes flat. Mocho cursed the day he had let his partner, Mark Schmitz,
    and the isp's system administrator, Damian Bates, convince him to accept
    Meinel as a customer. A lightning rod for hackers, she had already been
    kicked off five other ISP's. 
    Schmitz and Bates had preached the First Amendment. No one, they argued,
    should be forced off an ISP because a bunch of hackers didn't like her. 
    Schmitz and Bates also figured their computer security was solid. 
    They figured wrong, Mocho thought grimly. After gaining entry to his
    office, Mocho grabbed a network cable and yanked hard. Rt66 was cut off
    from the Internet. The phone would start taunting Mocho any minute now,
    with irate customers threatening to switch ISPs. 
    Mocho estimated that the hackers had been inside the network 20 minutes—30
    tops. Enough time to have compromised it. In their haste to leave,
    however, he surmised that they had left behind a standard "root
    kit"—software designed to take and maintain control over another's system.
    This, in his mind, indicated they were amateurs, which cheered him. "From
    a technical point, this meant they had no magic ship to get in," Mocho
    said. "They probably compromised a user's account, stole someone's
    Says Hacking for Girlies ringleader Slut Puppy: “Security was so lax we
    didn’t know they had a firewall installed until we read about it in the
    New York Times the next day.”
    What he did not realize was that HFG had not used a root kit; evidently it
    had been left behind by some other hackers. In fact, HFG had sailed in
    undetected on that magic ship Mocho was so sure wasn't there, burrowed
    deep inside millions of lines of ISP code. 
    It took Mocho and company 20 hours to get Rt66 up and running again.
    During this process someone either missed a machine or inadvertently
    installed a snapshot of the hacked system by accident. For whatever
    reason, the back door HFG had slipped in through remained open. Using that
    same flight path, Hacking for Girlies would return to Rt66 in August. 
    But long before reattacking Rt66, the hackers maintained continual access
    to the system: sifting through customers' E-mail, noting any security
    improvements. Since they despised Meinel, they read all of her mail. 
    Although Mocho believed the Easter hack was the first time HFG had
    violated his ISP, Slut Puppy says he took many a joyride through Rt66's
    servers well before then. It was during one of these jaunts that Slut
    Puppy noticed that Rt66 was employing a product called Tripwire. 
    If any files are altered by a hacker, this software is designed to alert
    the system administrator. But Slut Puppy knew a technique for getting
    around it.  Because Tripwire works by comparing numbers it assigns to each
    file, all he had to do was adjust the numbers that were already on the
    system. It's like altering the answers on an exam to match yours, no
    matter how outlandish they are. 
    While Slut Puppy hummed "Get your clicks on root 66" and designed the Web
    page, Master Pimp bounced through some Sips to camouflage their itinerary. 
    Using the existing back door, Master Pimp typed in a keyword and within
    ten seconds had control of one of Rt66's servers. From there he traversed
    over to the system's powerhouse, "Mack," where Slut Puppy replaced Rt66's
    home page with HFG's. 
    "Rather than continuing the gunfight, we cleaned up our tracks by erasing
    logs and left," Slut Puppy said. "We were long gone when he pulled the
    As it happens, Meinel says that on a personal level the hackers "have
    hardly done any harm to me. They hurt bystanders. They harm the ISPs,
    their customers and the credit card companies." 
    “We’ve planned not just for the day the FEB comes—we’ve even planned for a
    hostile raid where the Feds actually plant evidence.”
    Meinel also says the hackers can come after her all they want. "Sure helps
    me sell more books," she contends. 
    After the Easter hack, when the ISP was considering tossing her off the
    network, Meinel swore to Rt66 that the credit card the hackers stole had
    not come from the isp's credit card file. Later, Meinel admitted that she
    had been mistaken. This is key because Rt66 took her word the credit card
    file had not been breached. 
    Slut Puppy, on the other hand, was amazed that Rt66 didn't do anything to
    remove the credit card file from the network after the Easter hack. 
    So, on Aug. 7 Slut Puppy and Master Pimp, entering Rt66's servers the same
    way they did in April, made off with the whole customer credit card
    file—1,749 card numbers in all. 
    "It was so easy getting back into their system with the same back door, we
    wondered if they had set a trap," Slut Puppy said. 
    This hack not only resulted in the ISP shutting down for some 60 hours but
    also forced Rt66 to rebuild its security from scratch. 
    What is unfortunate is that Rt66, by doing the right thing in alerting the
    FEB and credit card companies to the security breach, has suffered for its
    good deeds. Even with its rebuilt security—Rt66 is now one of the most
    secure ISPs in New Mexico—the ISP has lost 15% of its 5,000 or so members
    since the August hack. 
    "I respect the hackers' skills," Rt66 system administrator Bates grumbles,
    "although I didn't appreciate the obnoxious way they demonstrated them." 
    Internet Security Systems (ISS) of Atlanta, Ga., one of the big names in
    computer security, has donated a remote monitoring station for the Rt66
    network. ISS hopes to trap Hacking for Girlies the next time it tries to
    invade the system. 
    But Slut Puppy already knew about ISS' presence in Rt66 from one of his
    many well-placed sources. "Needless to say, we don't plan on returning
    anytime soon," he says. 
    Of course, Slut Puppy knew that hacking the New York Times was a lot
    riskier than attacking Rt66—the newspaper has immense clout in Washington,
    D.C. The day after the Times hack, Slut Puppy and Master Pimp packed up
    the computers used in their hack spree and passed them on to others for
    safekeeping. Any data gleaned from their other crimes were either deleted
    or protected by powerful 1,024-bit encryption. 
    "Even we don't know where all of the equipment is," Slut Puppy says. "And
    my password to the encryption is probably unbreakable, too, since it is
    more than 40 characters long, case-sensitive, and combines letters,
    numbers and symbols. We've planned not just for the day the FEB
    comes—we've even planned for a hostile raid where the Feds actually plant
    The group plans to lie low until law enforcement moves on to bigger and
    better cases. By the way, whence the name Hacking for Girlies? "Chicks dig
    hacking," explains Slut Puppy. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:09:51 PDT