Re: [ISN] Is Military Hiding Hacks?

From: B.K. DeLong (bkdelongat_private)
Date: Wed Jun 06 2001 - 07:57:38 PDT

  • Next message: Jonathan Rickman: "Re: [ISN] Is Military Hiding Hacks?"

    At 07:46 PM 06/05/2001 -0400, Jonathan Rickman wrote:
    
    >I'm sure they are. Why not block Attrition? Attrition provided several
    >services to alert administrators via email or alpha pager. AFAIK Alldas
    >does not. I could be wrong as I haven't visited in a while, and am
    >composing this offline.
    
    Not only that, but Attrition never did full nmaps of every mirror they took 
    and post the full information up for anyone to see (and exploit). The only 
    nmapping we did was of a few common ports and the only information we ever 
    stored was OS fingerprinting. Of course the Army and other Defense 
    Department groups would block Alldas - they're performing an intrusive scan 
    each time they take a mirror and then leaving up resulting data for any 
    kiddie to use.
    
    > > Taltos, a Budapest-based hacker, said that he believes the U.S.
    > > military is operating on the theory that if hackers get no glory from
    > > defacing websites, they will scamper away and hack sites that can be
    > > mirrored in Alldas' archive.
    >
    >...which might very well be true in many cases.
    
    I'm MIGHTY suspicious of this "Taltos" character. This is the *12th* 
    Michelle Delio Wired article he's been quoted in since February and I 
    haven't seen any work he's done or information he's produced in the hacker 
    community. Has anyone else? All I can find are Wired articles he's been in 
    (http://www.google.com/search?q=Taltos+hacker+&hl=en&lr=&safe=off)
    
    
    > > He also suggests that a bit of national pride may be at work.
    > >
    > > "The U.S. military allowed American-defacement-archive Attrition to
    > > mirror defacements of U.S. military sites. But when Attrition
    > > announced it was ceasing to archive defacements, the military must
    > > have decided that they didn't want some foreign site mirroring
    > > defacements of American sites," Taltos said.
    
    Good god, this guy knows nothing. I know of two reporters from major US 
    media publications who went straight to the Army/Navy and flat-out asked if 
    and why they were blocking Alldas. The answer was simple - their nMap scans 
    were setting off alarms and they then publicly posted the data. National 
    pride my ass.
    
    >Nope...I'm sure the gang at Attrition can review their logs and debunk
    >that theory. The mirror page at Attrition was one of the most frequently
    >visited sites (by IT folk) when I was on active duty. American military
    >personell are not totally clueless...despite what many may think. I think
    >too many people mistake not giving a wet rat's ass (hereafter referred to
    >as WRA), for lack of knowledge.
    
    Definitely....we know for a fact that people from the FBI, DoDIG, FedCirc, 
    JTF-CNO, DSIC etc all looked at and used our mirror on a regular basis. 
    There is no way they're "just finding out" about our mirror because our 
    mirror-taking program auto-notified the NIPC with every defacement, FedCIRC 
    with every .gov/.mil defacement and individual admins based on Internic 
    domain info for each defacement. I think it was impossible for them NOT to 
    know with the notification we were doing, mostly to cover our ass so we 
    didn't get accused of having prior knowledge of said incident.
    
    > > I think it's quite likely that someone, some top level person, may
    > > have suddenly become alerted to the existence of defacement mirrors
    > > when all the media ran stories on Attrition last week, checked it out,
    > > discovered that plenty of military sites had been defaced and hung in
    > > the hall of shame, and decided to call a total cease fire on
    > > archiving."
    
    Morons. Michelle Delio quotes morons!
    
    > > Said Marquis Grove at Security News Portal, a security news site: The
    > > problem with this slight-of-hand trick is that someone in the military
    > > is probably going to try to take credit for having greatly reduced the
    > > number of hacked websites and point to the statistics generated over
    > > at Alldas as proof."
    
    Doubtful. There's enough checks and balances in the government to keep that 
    from happening. Even if there were no defacement mirrors, the GAO will 
    still run around bitch-slapping various agencies with reports of just how 
    insecure their network is.
    
    All Alldas has to do is stop doing a full nMap of .mil and .gov servers, 
    stop posting ALL of the resulting info from those scans on the mirror and 
    once they bring the attention of that cease-fire, (so to speak), to the 
    military's attention, I'm sure they will be unblocked.
    
    Christ....people are so dense.
    
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email isn-unsubscribeat_private
    



    This archive was generated by hypermail 2b30 : Thu Jun 07 2001 - 04:11:16 PDT