[ISN] ISP hacks suscribers PC

From: mea culpa (jerichoat_private)
Date: Thu Feb 18 1999 - 21:38:18 PST

  • Next message: mea culpa: "[ISN] L0pht Security Advisory: Windows NT"

    Service & Reliability February 99: Hard drive hacked -- by ISP
    Roulla Yiacoumi
    When APC's Service & Reliability column received a phone call from an
    Internet user claiming his hard drive had been hacked into by his ISP, we
    had reservations. After all, this was something we had heard many times
    before, but had never seen proven.
    What made this time different, however, was that the user claimed he had
    received a letter from his provider explaining how it had committed the
    deed. Of course we were interested, but we still had no proof. So we asked
    the reader to forward the letter to us.  To our utter surprise, there were
    the words, in black and white. In an email addressed to the user, the
    provider wrote: "For your information, our network administrator, with
    very little effort, was able to violate your computer's security and
    examine the contents of your hard drive in only a few minutes."
    We read it and re-read it. Surely no ISP would actually admit it had
    hacked a user's hard drive?
    The name of this ISP? Internet Information Superhighway (IIS). Regular
    readers will recall that IIS was also the subject of a Service &
    Reliability column in March 1998 (see here), when a reader claimed he had
    been disconnected from the service after complaining about a fee increase.
    So, what horrible offence had this user committed that IIS felt it was
    within its power to violate the user's hard drive? He had installed an
    option from the Windows 98 CD called 'HTTP Server' (part of 'Personal Web
    Server'), believing it was some kind of Web site creation tool. When he
    discovered it wasn't what he thought it was, he left it sitting on his
    hard drive until he received the heavy- handed letter from IIS which
    claimed it had "detected" the program on his machine, demanding it be
    immediately removed. Further, the provider had the gall to tell the reader
    that "operating such a service without the appropriate sanctions by the
    authorities offends State and Federal legislation, not to mention
    breaching our usage policy under our terms and conditions."
    Now, we do not dispute that installing this program may have breached the
    ISP's terms and conditions. Indeed, it is in every user's best interests
    to read the online agreement before signing up with any provider and to
    make sure they understand what they can and can't do. However, to claim
    having this program offends state and federal legislation is ludicrous.
    There are no laws requiring users to seek approval before running a Web
    service. Indeed, when we asked IIS to clarify what it meant by these
    statements, we received a nasty legal letter -- but no answers.
    The user told us he had contacted the Telecommunications Industry
    Ombudsman (TIO) and the NSW Commercial Crime Agency. We contacted both of
    these bodies to see what they had to say about this incident.
    The TIO said that it had received this complaint and confirmed the matter
    had been referred to the NSW Police's Commercial Crime Agency. 
    We contacted the NSW Police and spoke to the Computer Crime Investigations
    Unit. A spokesperson confirmed the matter had been referred to them and
    had been investigated. Although no further action was taken against this
    ISP, the police have informed Service & Reliability that they would
    consider taking action against any ISP that acted with malicious intent,
    or without authority or lawful excuse in accessing data stored on a
    And, of course, we attempted to contact the ISP. As we had previously
    dealt with this ISP, we sent email to the three addresses we had on our
    books, but all three came back a day later saying they could not be
    APC's daily news service Newswire (http://newswire.com.au/)  published the
    story 'ISP busted for hacking' in November 1998 (see here). At the time of
    posting the story on its site, Newswire wrote that it was unable to
    contact IIS for comment. 
    When we later decided to run this story as part of Service & Reliability
    in the magazine, we again attempted to contact the ISP -- this time by
    fax. We sent a letter and a copy of the Newswire article, inviting the ISP
    to give its side of the story. We informed the provider that if it wished
    to respond via Australian Consolidated Press' lawyers, it was welcome to
    do so. (Australian Personal Computer is published by Australian
    Consolidated Press.) We requested a written response be forthcoming within
    one week.
    Shortly before this deadline expired, our legal team received a written
    response from the provider's lawyer. It stated that "Newswire was not
    unable to contact my client as alleged" (false), that the NSW Commercial
    Crime Agency had not conducted an "investigation" into its client (we only
    stated that the police had investigated the matter), and that the user was
    "publishing pornographic material over the Internet using my client's
    service" -- a claim both the user and police instantly dismissed.
    Further, the police added that the viewing and downloading of adult
    material over the Internet was not illegal (with the exception of child
    pornography, which was not an issue in this case). If the ISP suspected
    illegal activity on the part of a user, it is obligated to contact the
    police and not take matters into its own hands.
    The ISP's lawyer demanded a retraction, claiming Newswire's article was
    "biased, distorted and malicious". It further accused the author of the
    article (yours truly) of being "involved in a conspiracy to falsely accuse
    my client of a crime", adding that this in itself is a crime "punishable
    by penal servitude for fourteen years". 
    We do not succumb to the threat of legal proceedings -- regardless of who
    the vendor is. Our readers trust APC for its unbiased reporting and
    thoroughly investigated issues.
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:19:19 PDT