[ISN] Is Military Hiding Hacks?

From: InfoSec News (isnat_private)
Date: Mon Jun 04 2001 - 16:22:15 PDT

  • Next message: InfoSec News: "[ISN] Alldas.de told to look for another home"

    By Michelle Delio 
    2:00 a.m. June 4, 2001 PDT 
    Staffers at Alldas, an archive that maintains copies of websites that
    have been involuntarily altered, believes that their site is being
    deliberately blocked from accessing defaced websites owned by the
    United States military.
    Alldas staffers believe that the U.S. military is trying to cover up
    defacements of its websites by blocking Alldas' access to the greater
    part of the military's network.
    Spokespeople from the U.S. military would not comment on whether they
    have blocked Alldas, but a retired army lieutenant general, who
    requested anonymity, said he wouldn't be surprised if some site
    administrators had decided to block Alldas.
    "It's a public relations problem when your site has been defaced," he
    said. "It can also become an employment issue for systems people who
    can find their military career track has come to a dead end, due to
    allowing hackers into their site. The military takes security very
    Website defacers gain access to the contents of a Web page server and
    then replace a website with pages of the defacers' own design, or
    simply add messages - usually sarcastic - to the original website's
    "Mirror sites," such as Alldas, archive copies of the defacements,
    since site administrators usually quickly remove altered Web pages.
    Mirror sites are typically alerted to website defacements by the
    people who altered the defaced site's contents -- often as a play for
    publicity. A staffer then connects to the defaced site and makes a
    copy of the defacement using a tool called "Wget" to retrieve the code
    and graphics from the defaced site.
    Since Alldas, which is based in Norway, can no longer connect to many
    U.S. military sites, it cannot copy or archive defacements.
    Fredrik Ostergren, head of media relations at Alldas, said that two
    weeks ago staffers began to notice that they were unable to connect to
    most sites in the .mil domain.
    Ostergren said Alldas chose not to contact the U.S. military about the
    matter but confirmed the problem by repeatedly trying to connect with
    15 different U.S. military sites over the last 10 days.
    "Most of the connections were denied, all .navy.mil and .army.mil were
    denied. As of (Thursday) it seems that .navy.mil may have released
    most of their blocking, but www.army.mil is still denying us access,"
    said Ostergren.
    Ostergren believes that the sites that are blocking Alldas have set up
    filters on their network to block any requests coming in from Alldas'
    Internet address.
    Taltos, a Budapest-based hacker, said that he believes the U.S.
    military is operating on the theory that if hackers get no glory from
    defacing websites, they will scamper away and hack sites that can be
    mirrored in Alldas' archive.
    He also suggests that a bit of national pride may be at work.
    "The U.S. military allowed American-defacement-archive Attrition to
    mirror defacements of U.S. military sites. But when Attrition
    announced it was ceasing to archive defacements, the military must
    have decided that they didn't want some foreign site mirroring
    defacements of American sites," Taltos said.
    Security consultant Ian Davies, of Britain-based security firm
    TechServ said that it was more likely that the U.S. military's
    attention was drawn to the defacement mirrors last week when the news
    of Attrition's stoppage hit the media.
    I think it's quite likely that someone, some top level person, may
    have suddenly become alerted to the existence of defacement mirrors
    when all the media ran stories on Attrition last week, checked it out,
    discovered that plenty of military sites had been defaced and hung in
    the hall of shame, and decided to call a total cease fire on
    But William Knowles, Senior Analyst with C4I.org, a computer security
    and intelligence site, believes that the blockade is not apt to be an
    official effort by the U.S. military to block Alldas' access to their
    "While it doesn't really surprise me that the U.S. Military is
    blocking attempts to archive defaced and compromised servers from
    overseas, I doubt that this was given as a directive from the military
    to block access just to Alldas, as it's likely being done on a
    case-by-case, IP-by-IP basis by the individual embarrassed system
    administrators of cracked machines," Knowles said.
    Said Marquis Grove at Security News Portal, a security news site: The
    problem with this slight-of-hand trick is that someone in the military
    is probably going to try to take credit for having greatly reduced the
    number of hacked websites and point to the statistics generated over
    at Alldas as proof."
    Ostergren said he would much rather "see people educate themselves in
    computer security than try to deny the fact that they got defaced."
    Ostergren also said that Alldas will definitely continue to mirror
    U.S. military site defacements.
    Alldas can hide its identity easily by connecting to military sites
    through a proxy or anonymous server.
    Connections coming through such a server appear to be originating
    directly from that server, and will allow Alldas to pass through any
    military filters that have been set up to block connections from the
    Alldas domain.
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Tue Jun 05 2001 - 07:03:01 PDT