[ISN] Check Point mum on alleged Sudan bank hack

From: InfoSec News (isnat_private)
Date: Thu Oct 04 2001 - 01:03:16 PDT

  • Next message: InfoSec News: "[ISN] Three Minutes With Microsoft's Scott Culp"

    By Ned Stafford, Newsbytes.
    October 03, 2001
    Israeli information technology security firm Check Point says a
    German's claim that he hacked into a Sudan bank with possible links to
    Osama bin Laden "cannot be substantiated."
    The claims were made last week by hacker-turned-terrorism-opponent Kim
    Schmitz, who said his U.K.-based team of hackers had gained entry into
    computers installed with Check Point FireWall-1 software at the
    AlShamal Islamic Bank in Sudan. Schmitz said the hackers collected
    data on the accounts of the Al Qaeda terrorist organization and on Bin
    Laden, and that the information was turned over to the FBI.
    Bin Laden, a millionaire Saudi exile based in Afghanistan, is
    suspected of being the driving force behind the deadly Sept. 11
    attacks on the World Trade Center and the Pentagon. According to CNN,
    Sen. Carl Levin, D-Mich., last week referred to a 1996 State
    Department report that said Bin Laden provided the AlShamal Islamic
    Bank with $50 million in start-up capital.
    A spokeswoman from Check Point Software Technologies, a Nasdaq-listed
    company based in Ramat-Gan, Israel, says the company does not believe
    the hacking occurred.
    Elena Annuzzi, at Check Point's U.S. headquarters in Redwood City ,
    Calif., said in an e-mail to Newsbytes: "We would have to say that the
    details about penetrating a Check Point FireWall-1 installation are
    not substantiated, and we believe the account to be inaccurate."
    She added: "There are no open vulnerabilities that would allow a
    hacker to penetrate FireWall-1."
    Asked specifically to comment on the timeframe that AlShamal Islamic
    Bank began using Check Point FireWall-1, she replied: "It's not
    appropriate for us to comment on any of our customer's
    An FBI spokesman in Washington declined to comment on Schmitz's story,
    saying that the agency's policy is not to comment on information and
    leads it is receiving concerning the Sept. 11 terrorist attacks.
    Attempts to contact the AlShamal Islamic Bank using telephone numbers
    listed on the bank's Web site were unsuccessful. Phone calls either
    were unanswered or were greeted with a recorded Message. Three
    attempts were made to contact the bank by e-mail, using the address
    listed on the Web site, bankat_private, also were unsuccessful.
    Each e-mail was returned as non-deliverable.
    Schmitz, asked about CheckPoint's assertion that his claim is
    "inaccurate," says he stands by his story.
    Schmitz, 27, is a former teen hacking prodigy who spent time behind
    bars before starting a successful data security business. He later
    sold 80 percent of that firm, Data Protect, for a small fortune. Since
    the Sept. 11 terrorist attacks, he has become an outspoken opponent of
    totice on his personal Web site offering a $10 million reward for the
    capture of bin Laden.
    Schmitz lives in Munich. He founded a group of about two dozen hackers
    after the Sept. 11 attack called "Young Intelligent Hackers Against
    Terror," which has the acronym YIHAT, similar to the word Jihad, an
    Arabic term that describes holy war. He claims that some U.K.-based
    members of this group hacked the AlShamal Islamic Bank, and that they
    wish to remain anonymous.
    He insists that his anti-terrorism pronouncements are not a public
    relations prank, but stem from his desire to wipe out terrorism. He
    says he has received death threats from the Middle East.
    Schmitz said that while he was still at his former company, Data
    Protect, he had a "hate and love relationship" with Check Point.
    Check Point Software Technologies Home Page:
    AlShamal Islamic Bank Home Page: http://www.shamalbank.com/
    Schmitz Reward For Osama Bin Laden:
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 03:06:08 PDT