Forwarded From: Nicholas Charles Brawn <ncb05at_private> 05Nov98 UK: WEB SITES LEFT IN A SPIN. Think your Web site is safe? Think again. It only takes a lucky hacker to bring it to its knees and start replacing your official publicity material with obscene or libellous jibes, warns Danny Bradbury There will always be a downside to any enabling technology and the Web is no exception. The success of companies with their Web-based ventures is a regular feature of the IT press. It seems anything can be done with the medium these days. Enterprising Net-heads can purchase anything from socks to sex without leaving their PCs. Nevertheless, companies with Internet-savvy should temper this ubiquitous marketing power with a healthy level of paranoia, because things can go wrong. There have been some unfortunate incidents when organisations' Web sites haven't quite provided the results they originally hoped for. In a world that is meant to be rapidly evolving into an information society, it is disappointing to find that information brokers can't deliver the goods. US-based online stockbroker Etrade found itself in just such a situation last November, shortly after the hectic re-adjustment of the US stock market. For months, the share index had been rising rapidly and it was only a matter of time before the market took a dive. Sure enough, on 27 October last year, billions of dollars were wiped off the Dow Jones index as investors got cold feet. When the going gets tough, it appears some Web sites don't get going as well as people would expect. At least that was the view of some Etrade customers who bought a class action lawsuit against the company a month later. The clients asked Santa Clara County Superior Court to prevent Etrade from taking on additional accounts until it was able to guarantee timely access to the site. The plaintiffs also wanted damages to cover the money they said they had lost through an inability to execute trades in time. Embarrassment Sometimes, however, Web site disasters stem not so much from an inability to process the volume of users as from a lack of security. There are a large number of well-documented Web site hacks that have caused considerable embarrassment to Web site owners. Often, security breaches are initiated by individuals or groups with a political or religious motive. One recent example of a politically-motivated Web hack targeted the Indian Army's Kashmir Web site. With India and Pakistan trying to smooth over their difficulties, the hack couldn't have come at a worse time. The army launched its Kashmir Web site in September to dispel rumours that the army had been engaged in human rights abuses in the region. The hackers are said to have rededicated the site to individuals from Kashmir that they say have been oppressed by the army. The hack included statistics of alleged murders, rapes and tortures by Indian troops. In the UK during the last election, the Labour Party was the victim of a security breach that enabled mischievous hackers to change the pages on its Web site. For an organisation with such a reputation for spin doctoring and keeping its publicity engine running so smoothly, the results were truly worthy of the term Web site disaster. Stalwart Labour supporters would have been shocked if they had seen the site after the hack. Hackers had replaced the pages with their own unique interpretation of New Labour. Among the new hyperlinks on the main page were captions including "The Budget Response: More of those lies all parties feed you close to an election", and "New Information (Same Old Lies, New Packaging)". The Labour Web site was reported to have been hacked three times before being closed down for a period. Hackers form a diverse community, however, and while one hacker group may see fit to subvert the cause of socialism, others are happy to attack conservatism. A few weeks after the celebrated Labour hack, another group managed to get inside the Tory Web site. After superimposing a picture of the then Conservative leader John Major onto a swastika background, the hackers presented the party faithful with their own view of economic and monetary union among other things. The less-than-articulate diatribe ran thus: "Now no offence to Germany but we won the war and now they are taking over control of our country again, but this time we aren't winning the fight and we are being taken over, not necessarily just by Germany, but by a whole group of politicians including ours from many different countries who just want to expand their power." Although not responsible for the Conservative hack, one particularly belligerent group of hackers is the H4CKING FOR GIRL13Z co-operative, which recently hacked the New York Times Web site. The hack was an attempt to bring recognition to the plight of Kevin Mitnick, an alleged hacker who has been taken into custody by the US government. The newspaper staff were not amused to see their carefully crafted prose replaced by pornographic images in the shape of letters spelling out the H4CKING FOR GIRL13Z name, above an initial sentence which read: "F1rst off, we have to say ... we own yer dumb ass". Infiltration Football fans will be concerned to hear while hackers take great pleasure in attacking lofty political targets such as parliamentary parties and newspapers, they are also apparently happy to engage in a little cyber-football hooliganism. A group presenting itself as the Cumbrian Hackers Alliance allegedly infiltrated Arsenal Football Club's site, displaying a number of reasons why it felt Michael Knighton should be sacked from Carlisle FC. It seems no one is safe from the wrath of the Internet hacking community. The previous examples are just a fraction of hacks purported to have taken place in the past couple of years. Other victims include the official home page of Leonardo DiCaprio, where the star's picture was replaced with a pornographic image, the US Navy and Army, Unicef, and Web sites owned by the Rolling Stones and Janet Jackson. Security on many Web sites is evidently not as tight as organisations would have us believe. Exploits such as this not only serve to create individual Web site disasters, but also threaten to bring the whole E-commerce movement to its knees. It's amazing what a few spotty, socially underdeveloped people can achieve. COMPUTER WEEKLY 05/11/1998 P42 -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:10:13 PDT