[ISN] Web Sites Left in a Spin

From: mea culpa (jerichoat_private)
Date: Thu Nov 05 1998 - 19:36:02 PST

  • Next message: mea culpa: "[ISN] REVIEW: "E-Commerce Security""

    Forwarded From: Nicholas Charles Brawn <ncb05at_private>
    Think your Web site is safe? Think again. It only takes a lucky hacker to
    bring it to its knees and start replacing your official publicity material
    with obscene or libellous jibes, warns Danny Bradbury
    There will always be a downside to any enabling technology and the Web is
    no exception. The success of companies with their Web-based ventures is a
    regular feature of the IT press. It seems anything can be done with the
    medium these days. 
    Enterprising Net-heads can purchase anything from socks to sex without
    leaving their PCs. Nevertheless, companies with Internet-savvy should
    temper this ubiquitous marketing power with a healthy level of paranoia,
    because things can go wrong. There have been some unfortunate incidents
    when organisations' Web sites haven't quite provided the results they
    originally hoped for. 
    In a world that is meant to be rapidly evolving into an information
    society, it is disappointing to find that information brokers can't
    deliver the goods. US-based online stockbroker Etrade found itself in just
    such a situation last November, shortly after the hectic re-adjustment of
    the US stock market. For months, the share index had been rising rapidly
    and it was only a matter of time before the market took a dive. Sure
    enough, on 27 October last year, billions of dollars were wiped off the
    Dow Jones index as investors got cold feet. 
    When the going gets tough, it appears some Web sites don't get going as
    well as people would expect. At least that was the view of some Etrade
    customers who bought a class action lawsuit against the company a month
    later. The clients asked Santa Clara County Superior Court to prevent
    Etrade from taking on additional accounts until it was able to guarantee
    timely access to the site. The plaintiffs also wanted damages to cover the
    money they said they had lost through an inability to execute trades in
    Sometimes, however, Web site disasters stem not so much from an inability
    to process the volume of users as from a lack of security. There are a
    large number of well-documented Web site hacks that have caused
    considerable embarrassment to Web site owners. 
    Often, security breaches are initiated by individuals or groups with a
    political or religious motive. One recent example of a
    politically-motivated Web hack targeted the Indian Army's Kashmir Web
    site.  With India and Pakistan trying to smooth over their difficulties,
    the hack couldn't have come at a worse time. The army launched its Kashmir
    Web site in September to dispel rumours that the army had been engaged in
    human rights abuses in the region. The hackers are said to have
    rededicated the site to individuals from Kashmir that they say have been
    oppressed by the army. The hack included statistics of alleged murders,
    rapes and tortures by Indian troops. 
    In the UK during the last election, the Labour Party was the victim of a
    security breach that enabled mischievous hackers to change the pages on
    its Web site. For an organisation with such a reputation for spin
    doctoring and keeping its publicity engine running so smoothly, the
    results were truly worthy of the term Web site disaster. 
    Stalwart Labour supporters would have been shocked if they had seen the
    site after the hack. Hackers had replaced the pages with their own unique
    interpretation of New Labour. Among the new hyperlinks on the main page
    were captions including "The Budget Response: More of those lies all
    parties feed you close to an election", and "New Information (Same Old
    Lies, New Packaging)". The Labour Web site was reported to have been
    hacked three times before being closed down for a period. 
    Hackers form a diverse community, however, and while one hacker group may
    see fit to subvert the cause of socialism, others are happy to attack
    A few weeks after the celebrated Labour hack, another group managed to get
    inside the Tory Web site. After superimposing a picture of the then
    Conservative leader John Major onto a swastika background, the hackers
    presented the party faithful with their own view of economic and monetary
    union among other things. 
    The less-than-articulate diatribe ran thus: "Now no offence to Germany but
    we won the war and now they are taking over control of our country again,
    but this time we aren't winning the fight and we are being taken over, not
    necessarily just by Germany, but by a whole group of politicians including
    ours from many different countries who just want to expand their power." 
    Although not responsible for the Conservative hack, one particularly
    belligerent group of hackers is the H4CKING FOR GIRL13Z co-operative,
    which recently hacked the New York Times Web site. The hack was an attempt
    to bring recognition to the plight of Kevin Mitnick, an alleged hacker who
    has been taken into custody by the US government. The newspaper staff were
    not amused to see their carefully crafted prose replaced by pornographic
    images in the shape of letters spelling out the H4CKING FOR GIRL13Z name,
    above an initial sentence which read: "F1rst off, we have to say ... we
    own yer dumb ass". 
    Football fans will be concerned to hear while hackers take great pleasure
    in attacking lofty political targets such as parliamentary parties and
    newspapers, they are also apparently happy to engage in a little
    cyber-football hooliganism. A group presenting itself as the Cumbrian
    Hackers Alliance allegedly infiltrated Arsenal Football Club's site,
    displaying a number of reasons why it felt Michael Knighton should be
    sacked from Carlisle FC. 
    It seems no one is safe from the wrath of the Internet hacking community. 
    The previous examples are just a fraction of hacks purported to have taken
    place in the past couple of years. Other victims include the official home
    page of Leonardo DiCaprio, where the star's picture was replaced with a
    pornographic image, the US Navy and Army, Unicef, and Web sites owned by
    the Rolling Stones and Janet Jackson. 
    Security on many Web sites is evidently not as tight as organisations
    would have us believe. Exploits such as this not only serve to create
    individual Web site disasters, but also threaten to bring the whole
    E-commerce movement to its knees. It's amazing what a few spotty, socially
    underdeveloped people can achieve.
    COMPUTER WEEKLY 05/11/1998 P42 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:10:13 PDT