Forwarded From: Sunit Nangia <nangiasat_private> U.S. Information Agency site hacked--again By Dan Goodin January 21, 1999, 12:10 p.m. PT http://www.news.com/News/Item/0,4,31240,00.html Web operators at the United States Information Agency are scrambling to rebuild their downed Web site after its security was breached by an intruder, who appears to be attacking other sites as well. Computer consultant James McGregor said he expected to have the site online later today, although some advanced features will not available until much later. The site has been down since January 13, when an unknown intruder broke into the system and diverted visitors to a different site. The break-in was the second in six months for the U.S. Information Agency, which administers the "Voice of America" radio network and other foreign news services. A page at the alternate site read: "Hack by Zyklon. Crystal, I love you," and claimed to have breached the security of other high-profile Web sites. When the federal agency was hacked six months ago, the intruder left the same message and moniker, and a query on the HotBot search engine suggested that at least a dozen other sites have been similarly breached. The USIA maintains one of the busier government Web sites. Foreign citizens and diplomats all over the world use it to get information about U.S. affairs, including official speeches and transcripts of hearings. "We do an enormous amount of updating every day," said McGregor, who added the work in rebuilding the site was considerable. "Our automated systems are going to have to be examined and updated." For the time being, he added, updates are "tortuously manual." By noon PT, the USIA's site was still down. McGregor said he hoped to have the site back up later today, but added that features such FTP and Telnet access would be suspended until security could be shored up. The intruder, known in the hacker community as a "cracker" because of the strong-armed tactics used, appears to be the same person who attacked the USIA's site six months ago, said McGregor. During that episode, the cracker destroyed much of the data on the Web site and replaced it with his own. During last week's attack, the individual took a different tack, tampering with the site's domain name server so that visitors were redirected to a different, fraudulent server. Despite the method of the latest instance, however, the USIA lost all its data as a result of the attack, because operators had to completely reformat the hard drive to insure no so-called Trojan horse programs had been left behind. According to another USIA computer consultant, the hacker appears to have recently broken into the Web sites maintained by the Toronto Star newspaper and Bell Atlantic. But other than leaving clues about those attacks, the intruder left few footprints, the consultant said. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:16:43 PDT