Re: [ISN] Scriptkiddies, China and U.S.

From: Robert G. Ferrell (rootat_private)
Date: Mon Apr 16 2001 - 07:54:23 PDT

  • Next message: InfoSec News: "[ISN] Simple attack hurts Microsoft server product"

    >Pr0phet's claimed his attack on Chinese websites was prompted by the
    >recent emergency. But according to Internet sites that monitor Web site
    >defacements he had, in fact, routinely defaced dozens of Chinese and
    >Korean websites in the past with vulgar animations and profanity that did
    >not claim any political motivation. Instead, he said, he defaced the sites
    >because they were "small subdomains no one cares about."
    >
    >Security experts felt the threat was little more than hot air from a
    >"script kiddie,"
    
    Perhaps.  I've been watching pr0phet's defacing career lately however, and
    while even he admits that he is a 'script kiddie,' he doesn't fit my version of
    the script kiddie profile completely.  For one thing, he is a multi-platform
    defacer; I've seen him (either solo or as a member of 'Hackweiser') break into
    Solaris, Irix, Linux (RedHat, Cobalt, Conectiva), FreeBSD, NT, and Win 2K in the
    last three months. That's a decent list of operating systems for a mere script
    kiddie.  Admittedly all of these have published exploits, but if you analyze the
    typical defacement group's tactics, you'll see they generally stick to one or
    two platforms, most often NT.
    
    So, while pr0phet may well fall short of being a true 'hacker,' he seems
    to me to stand above the roiling script kiddie crowd.
    
    As to his politics, they seem to be evolving as well.  But that's not
    surprising, given that the odds are he's in his mid to late teens and
    beginning to transition his political philosophies to a more sophisticated
    adult sensibility.
    
    Just a few thoughts from an interested observer...
    
    Cheers,
    
    RGF
    
    Robert G. Ferrell, CISSP
    Information Systems Security Officer
    National Business Center
    U. S. Dept. of the Interior
    Robert_G_Ferrellat_private
    ========================================
     Who goeth without humor goeth unarmed.
    ========================================
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email LISTSERVat_private with a message body of
    "SIGNOFF ISN".
    



    This archive was generated by hypermail 2b30 : Tue Apr 17 2001 - 03:00:11 PDT