[ISN] WTC Survivor List Sites Battle Bogus Entries

From: InfoSec News (isnat_private)
Date: Mon Sep 17 2001 - 02:09:49 PDT

  • Next message: InfoSec News: "[ISN] FBI operation penetrates hacker underground"

    By Brian McWilliams, Newsbytes
    13 Sep 2001, 8:40 PM CST
    Operators of a Web site which maintains an authoritative but
    unofficial list of World Trade Center attack survivors confirmed that
    the service is occasionally prone to error. But the site's owner
    denied rumors that NY.com had been hacked.
    "We haven't experienced any violations of our security. Our biggest
    problem in maintaining the survivor database is keeping the data
    clean," said Charles Thayer, president of Mediabridge Infosystems,
    which maintains the list at http://wtc.ny.com.
    With over 17,800 entries from site users, the NY.com list is one of
    the largest of a dozen or so online survivor databases that have
    sprung up since the twin towers crumbled from a terrorist attack
    But the site's data, which is mirrored by a handful of other sites
    around the world, has frequently been corrupted with obviously bogus
    entries such as "Bart Simpson" and "Elvis Presley," according to
    While the site's operators edit out false entries as quickly as
    possible, NY.com, like other operators of survivor lists, cautions
    users that it cannot guarantee the accuracy or authenticity of the
    The phony listings have led some to speculate on Internet e-mail lists
    and message boards today that hackers have infiltrated the site. There
    have even been reports of people accessing information that turned out
    to be incorrect.
    But with cell phones and other telecommunications in the city still
    disrupted by Tuesday's devastation, many friends and family of
    individuals in the vicinity of the attack depend on the Web for
    information about survivors.
    The official site of New York City, at nyc.gov, maintains no survivor
    list, although it has published several hotline numbers for reporting
    missing persons.
    To prevent fraud and to speed identification, some alternative
    survivor lists, such as the "I'm Okay Message Center" maintained by
    Prodigy Communications, allow but do not require those who report a
    survivor to include data such as birth year, home zip code, and other
    identifying information.
    Still, Prodigy spokesperson Denise Clarke Fraser said editors of the
    site, which is hosted at the company's data center in Yorktown
    Heights, just outside New York City, have numerous times had to pluck
    phony listings from the tally, which currently includes 5,400 names.
    "Our feeling is, if we can help even one family connect with a loved
    one, then we've done what we wanted to do," said Thayer, who reported
    that the site has handled 1.3 million searches since it went online
    six hours after the attacks.
    While some security experts are cautioning site operators everywhere
    in the country to be vigilant about potential terrorist cyber-attacks,
    Thayer said he is not concerned about the possibility of attempted
    breaches of the site.
    "A great many companies are helping distribute the load by mirroring
    our data. If our site went down right now, the list would still be
    available. An attack against us would be futile," he said.
    To beef up the site's ability to handle search requests -- and harden
    its security at the same time -- NY.com's survivor site is being
    transferred this evening to facilities operated by Loudcloud, a
    California-based managed services provider which is donating several
    servers and routers to handle the task, according to vice president
    Jason Rosenthal.
    NY.com's WTC survivor list is at: http://wtc.ny.com .
    Prodigy's "I'm Okay Message Center" is at http://okay.prodigy.net .
    A list of other WTC survivor lists can be found at
    http://www.shunn.net/okay/ .
    Loudcloud is online at http://www.loudcloud.com .
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Mon Sep 17 2001 - 04:47:57 PDT