[ISN] U.S. Information Agency site hacked--again

From: mea culpa (jerichoat_private)
Date: Thu Jan 21 1999 - 14:19:39 PST

  • Next message: mea culpa: "[ISN] Digital certificates move toward interoperability"

    Forwarded From: Sunit Nangia <nangiasat_private>
    U.S. Information Agency site hacked--again 
    By Dan Goodin
    January 21, 1999, 12:10 p.m. PT 
    Web operators at the United States Information Agency are scrambling to
    rebuild their downed Web site after its security was breached by an
    intruder, who appears to be attacking other sites as well. 
    Computer consultant James McGregor said he expected to have the site
    online later today, although some advanced features will not available
    until much later. The site has been down since January 13, when an unknown
    intruder broke into the system and diverted visitors to a different site.
    The break-in was the second in six months for the U.S.  Information
    Agency, which administers the "Voice of America" radio network and other
    foreign news services. 
    A page at the alternate site read: "Hack by Zyklon. Crystal, I love you,"
    and claimed to have breached the security of other high-profile Web sites.
    When the federal agency was hacked six months ago, the intruder left the
    same message and moniker, and a query on the HotBot search engine
    suggested that at least a dozen other sites have been similarly breached. 
    The USIA maintains one of the busier government Web sites. Foreign
    citizens and diplomats all over the world use it to get information about
    U.S. affairs, including official speeches and transcripts of hearings. 
    "We do an enormous amount of updating every day," said McGregor, who added
    the work in rebuilding the site was considerable. "Our automated systems
    are going to have to be examined and updated." For the time being, he
    added, updates are "tortuously manual." 
    By noon PT, the USIA's site was still down. McGregor said he hoped to have
    the site back up later today, but added that features such FTP and Telnet
    access would be suspended until security could be shored up. 
    The intruder, known in the hacker community as a "cracker" because of the
    strong-armed tactics used, appears to be the same person who attacked the
    USIA's site six months ago, said McGregor. During that episode, the
    cracker destroyed much of the data on the Web site and replaced it with
    his own. During last week's attack, the individual took a different tack,
    tampering with the site's domain name server so that visitors were
    redirected to a different, fraudulent server. 
    Despite the method of the latest instance, however, the USIA lost all its
    data as a result of the attack, because operators had to completely
    reformat the hard drive to insure no so-called Trojan horse programs had
    been left behind. 
    According to another USIA computer consultant, the hacker appears to have
    recently broken into the Web sites maintained by the Toronto Star
    newspaper and Bell Atlantic. But other than leaving clues about those
    attacks, the intruder left few footprints, the consultant said. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:16:43 PDT