[ISN] HACK MEDIA Swedish Crackers Taunt Mac Fans

From: mea culpa (jerichoat_private)
Date: Tue Jan 05 1999 - 15:56:39 PST

  • Next message: mea culpa: "[ISN] Free SANS Web Briefing: Intrusion Detection"

    Forwarded From: 7Pillars Partners <partnersat_private>
    
    Swedish Crackers Taunt Mac Fans
    by James Glave 
    10:25 a.m.  5.Jan.99.PST
    Apple and Intel in a merger of epic proportions. Heckuva story, isn't it?
       
    It would be, if it were true.
       
    A couple of Swedish crackers breached the Web sites for Macworld and
    MacWeek magazines Monday night and planted the bogus scoop. 
       
    "Today, Apple and Intel released the shocking news that they now have
    merged into APTEL Inc., starting a new line of Computer Systems featuring
    the Intel Pentium II processor and Linux Slackware Operating System," the
    fake story read. 
       
    The crackers, calling themselves Sobber and Freddie, played a game of cat
    and mouse with the Mac Publishing technical administrator, republishing
    the story to the site around 20 times late Monday and early Tuesday. 
       
    The attack occurred on the eve of Macworld Expo in San Francisco, Apple's
    annual celebration of its platform. 
       
    In an Internet relay chat interview with Freddie on Tuesday morning, the
    24-year-old said that he replaced the page "just for a laugh ... and also
    to give 'em a li'l beating for not patching such an obvious hole." 
       
    He was referring to a vulnerability in a version of the Solaris operating
    system known as "rpc.ttdbserver." The exploit is known as a remote buffer
    overflow, which occurs when the machine is given a value that is much
    longer than expected. 
       
    They then hid a "back door" program on the Web server that gave them
    access to the sites long after Mac Publishing content engineer Jeff Cheney
    patched the initial hole. Freddie said they posted the cracked page
    roughly 20 times in a game of cat and mouse with Cheney.  Early Tuesday, a
    weary Cheney was still digging through his system, trying to find where
    they had hidden their back door code. 
    
    "I didn't find a lot of humor in it," said Cheney. "I have been wondering
    a lot about the motives of a person who does such a thing ...  other than
    that I know that our security wasn't as good as it should have been." 
       
    Mac Publishing's director of online content said the prank was "highly
    irritating," given that the crack was done just as the Macintosh's biggest
    event of the year was about to start. 
       
    Though he has responded to a few emails from concerned readers, Matthew
    Rothenberg said "this is pretty obvious to anyone who is clued in that
    this is graffiti. I would be more concerned if it looked authentic." 
       
    The text quoted Tom Graham, a fictitious Apple executive, stating that the
    Linux operating system is the way of the future: "With our merger with
    Intel, Microsoft won't stand a chance, so UP YOURS Bill Gates!" 
       
    "Sources inside Intel have confirmed for MacWeek that the new Intel
    processors will have a built-in bug that will make it incompatible with
    Microsoft Windows," the story continued. 
       
    The pair taunted technical staff by posting a related -- if inarticulate
    -- fake news story about their own capture and punishment for the prank.
    "The hackers will now spend 6 months of cow milking on a farm locate in
    the southern parts of Sweden." 
       
    As of 8 a.m. PST Tuesday, Freddie said he still had access to the sites,
    and proved it during the interview by changing the Macworld page. 
       
    The hole was sealed for good a few hours later after Freddie informed
    Cheney through Wired News where he was hiding his back door program. 
       
    "I have no interest in making 'em suffer too much," Freddie said. "And I
    think they got it now that security is nothing to take lightly." 
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:15:06 PDT