Re: [ISN] Is Military Hiding Hacks?

From: Jonathan Rickman (jonathanat_private)
Date: Tue Jun 05 2001 - 16:46:22 PDT

  • Next message: Meritt James: "Re: [ISN] Is Military Hiding Hacks?"

    Here we go again...
    On Mon, 4 Jun 2001, InfoSec News wrote:
    > Alldas staffers believe that the U.S. military is trying to cover up
    > defacements of its websites by blocking Alldas' access to the greater
    > part of the military's network.
    I'm sure they are. Why not block Attrition? Attrition provided several
    services to alert administrators via email or alpha pager. AFAIK Alldas
    does not. I could be wrong as I haven't visited in a while, and am
    composing this offline.
    > Ostergren believes that the sites that are blocking Alldas have set up
    > filters on their network to block any requests coming in from Alldas'
    > Internet address.
    I'd imagine so...probably at the second tier firewall level.
    (please don't ask what that means)
    > Taltos, a Budapest-based hacker, said that he believes the U.S.
    > military is operating on the theory that if hackers get no glory from
    > defacing websites, they will scamper away and hack sites that can be
    > mirrored in Alldas' archive.
    ...which might very well be true in many cases.
    > He also suggests that a bit of national pride may be at work.
    > "The U.S. military allowed American-defacement-archive Attrition to
    > mirror defacements of U.S. military sites. But when Attrition
    > announced it was ceasing to archive defacements, the military must
    > have decided that they didn't want some foreign site mirroring
    > defacements of American sites," Taltos said.
    Doubt it...see above, and below.
    > Security consultant Ian Davies, of Britain-based security firm
    > TechServ said that it was more likely that the U.S. military's
    > attention was drawn to the defacement mirrors last week when the news
    > of Attrition's stoppage hit the media.
    Nope...I'm sure the gang at Attrition can review their logs and debunk
    that theory. The mirror page at Attrition was one of the most frequently
    visited sites (by IT folk) when I was on active duty. American military
    personell are not totally clueless...despite what many may think. I think
    too many people mistake not giving a wet rat's ass (hereafter referred to
    as WRA), for lack of knowledge.
    > I think it's quite likely that someone, some top level person, may
    > have suddenly become alerted to the existence of defacement mirrors
    > when all the media ran stories on Attrition last week, checked it out,
    > discovered that plenty of military sites had been defaced and hung in
    > the hall of shame, and decided to call a total cease fire on
    > archiving."
    This is entirely possible...probable even.
    > Said Marquis Grove at Security News Portal, a security news site: The
    > problem with this slight-of-hand trick is that someone in the military
    > is probably going to try to take credit for having greatly reduced the
    > number of hacked websites and point to the statistics generated over
    > at Alldas as proof."
    Doubt it, they'll be perfectly happy that the "top level person" mentioned
    above, who now has Alldas bookmarked, is not aware of the situation and
    messing up their day. Secure in this knowledge, they will patch their
    boxen...not because they give a WRA, but because they don't want to bother
    with pulling out last night's backup again.
    > Ostergren said he would much rather "see people educate themselves in
    > computer security than try to deny the fact that they got defaced."
    Wouldn't we all...
    > Ostergren also said that Alldas will definitely continue to mirror
    > U.S. military site defacements.
    > Alldas can hide its identity easily by connecting to military sites
    > through a proxy or anonymous server.
    > Connections coming through such a server appear to be originating
    > directly from that server, and will allow Alldas to pass through any
    > military filters that have been set up to block connections from the
    > Alldas domain.
    Yeah, but let's remember something here. The military is not running an
    e-commerce operation. They could give a WRA whether or not anyone can
    access most of the sites in question. They're concerned with the top level
    If "Joe Public" can get to and, they're
    perfectly happy to block as many anonymous proxies/ppp accounts as
    necessary. And if I were involved, I'd do it...not because I give a WRA,
    but just to prove a point. Contrary to popular belief, the United States
    Military does not issue orders or plan operations via http. It all
    takes place through a combination of anonymous ftp and pcANYWHERE chat
    sessions...ok, just kidding. Either way, the public's inability to access
    a website did not stop them from fighting and winning battles for the last
    2+ centuries...and it's not going to now. Beans, Bullets, and
    Bandages...that's the basics. I dont recall anyone using the phrase "Perl,
    CGI, and MySQL" when referring to a fighting person's essential needs.
    By the way...I appreciate the fact that Alldas is willing to put up with
    the crap they obviously are taking in an effort to keep their mirror
    going and this post should not be taken seriously without the proverbial
    "grain of salt". I'll leave it to the reader to decide whether or not it
    should be taken seriously at all...
    Jonathan Rickman
    X Corps Security
    ISN is hosted by
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Wed Jun 06 2001 - 05:59:26 PDT