http://www.wired.com/news/technology/0,1282,44190,00.html By Michelle Delio 2:00 a.m. June 4, 2001 PDT Staffers at Alldas, an archive that maintains copies of websites that have been involuntarily altered, believes that their site is being deliberately blocked from accessing defaced websites owned by the United States military. Alldas staffers believe that the U.S. military is trying to cover up defacements of its websites by blocking Alldas' access to the greater part of the military's network. Spokespeople from the U.S. military would not comment on whether they have blocked Alldas, but a retired army lieutenant general, who requested anonymity, said he wouldn't be surprised if some site administrators had decided to block Alldas. "It's a public relations problem when your site has been defaced," he said. "It can also become an employment issue for systems people who can find their military career track has come to a dead end, due to allowing hackers into their site. The military takes security very seriously." Website defacers gain access to the contents of a Web page server and then replace a website with pages of the defacers' own design, or simply add messages - usually sarcastic - to the original website's pages. "Mirror sites," such as Alldas, archive copies of the defacements, since site administrators usually quickly remove altered Web pages. Mirror sites are typically alerted to website defacements by the people who altered the defaced site's contents -- often as a play for publicity. A staffer then connects to the defaced site and makes a copy of the defacement using a tool called "Wget" to retrieve the code and graphics from the defaced site. Since Alldas, which is based in Norway, can no longer connect to many U.S. military sites, it cannot copy or archive defacements. Fredrik Ostergren, head of media relations at Alldas, said that two weeks ago staffers began to notice that they were unable to connect to most sites in the .mil domain. Ostergren said Alldas chose not to contact the U.S. military about the matter but confirmed the problem by repeatedly trying to connect with 15 different U.S. military sites over the last 10 days. "Most of the connections were denied, all .navy.mil and .army.mil were denied. As of (Thursday) it seems that .navy.mil may have released most of their blocking, but www.army.mil is still denying us access," said Ostergren. Ostergren believes that the sites that are blocking Alldas have set up filters on their network to block any requests coming in from Alldas' Internet address. Taltos, a Budapest-based hacker, said that he believes the U.S. military is operating on the theory that if hackers get no glory from defacing websites, they will scamper away and hack sites that can be mirrored in Alldas' archive. He also suggests that a bit of national pride may be at work. "The U.S. military allowed American-defacement-archive Attrition to mirror defacements of U.S. military sites. But when Attrition announced it was ceasing to archive defacements, the military must have decided that they didn't want some foreign site mirroring defacements of American sites," Taltos said. Security consultant Ian Davies, of Britain-based security firm TechServ said that it was more likely that the U.S. military's attention was drawn to the defacement mirrors last week when the news of Attrition's stoppage hit the media. I think it's quite likely that someone, some top level person, may have suddenly become alerted to the existence of defacement mirrors when all the media ran stories on Attrition last week, checked it out, discovered that plenty of military sites had been defaced and hung in the hall of shame, and decided to call a total cease fire on archiving." But William Knowles, Senior Analyst with C4I.org, a computer security and intelligence site, believes that the blockade is not apt to be an official effort by the U.S. military to block Alldas' access to their sites. "While it doesn't really surprise me that the U.S. Military is blocking attempts to archive defaced and compromised servers from overseas, I doubt that this was given as a directive from the military to block access just to Alldas, as it's likely being done on a case-by-case, IP-by-IP basis by the individual embarrassed system administrators of cracked machines," Knowles said. Said Marquis Grove at Security News Portal, a security news site: The problem with this slight-of-hand trick is that someone in the military is probably going to try to take credit for having greatly reduced the number of hacked websites and point to the statistics generated over at Alldas as proof." Ostergren said he would much rather "see people educate themselves in computer security than try to deny the fact that they got defaced." Ostergren also said that Alldas will definitely continue to mirror U.S. military site defacements. Alldas can hide its identity easily by connecting to military sites through a proxy or anonymous server. Connections coming through such a server appear to be originating directly from that server, and will allow Alldas to pass through any military filters that have been set up to block connections from the Alldas domain. ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribeat_private
This archive was generated by hypermail 2b30 : Tue Jun 05 2001 - 07:03:01 PDT