[ISN] [defaced-commentary] Hacker 'Doctor Nuker' Claims FBI Fingered Wrong Person

From: InfoSec News (isnat_private)
Date: Thu Nov 01 2001 - 02:13:04 PST

  • Next message: InfoSec News: "[ISN] MS to force IT-security censorship"

    ---------- Forwarded message ----------
    Date: Wed, 31 Oct 2001 21:47:25 -0700 (MST)
    From: security curmudgeon <jerichoat_private>
    To: defaced-commentaryat_private
    Subject: [defaced-commentary] Hacker 'Doctor Nuker' Claims FBI Fingered Wrong Person
    Hacker 'Doctor Nuker' Claims FBI Fingered Wrong Person
    By Brian McWilliams, Newsbytes
    31 Oct 2001, 4:59 PM CST
    A computer hacker who vandalized a pro-Israeli group's Web site said
    law enforcement officials have issued an arrest warrant for the wrong
    In an online interview today, a Pakistani hacker who calls himself
    Doctor Nuker said he was responsible for the Nov. 2000 attack on the
    Web site of the American-Israel Public Affairs Committee (AIPAC).
    But the hacker claimed a federal grand jury made a mistake last week
    in indicting Misbah Khan of Karachi on four computer crime-related
    "It's a girly name, sort of like calling a guy Mary Smith," said the
    hacker, who claimed he is a 35-year-old male and that several other
    people have used his nickname to deface sites.
    In the defacement of the AIPAC site, Doctor Nuker posted a rant about
    Israel's treatment of Palestinians, along with credit card numbers and
    e-mail addresses of some of the group's members.
    Each of the offenses carry fines of up to $250,000 and jail sentences
    of up to ten years, according to the Justice Department.
    The FBI will not disclose how it discovered the identity of Doctor
    Nuker, a prolific Web site defacer and founder of a hacking group
    known as Pakistan Hackerz Club.
    In a DoJ press release, Lynne Hunt, the FBI agent handling the case,
    said that "computer hackers often leave behind a more elaborate trail
    of evidence than they realize, and we will follow that trail no matter
    where in the world it leads."
    The IP address contained in several e-mail messages from Doctor Nuker
    to Newsbytes this month indicated he was using an Internet service
    provider in Karachi. But the hacker claimed he merely uses insecure
    servers in Pakistan to get online anonymously.
    Brian Martin, one of the operators of the Attrition.org security
    information site, said many Web site defacers give themselves away by
    being the first to view their handiwork.
    According to Martin, log files from defaced Web sites are combed by
    investigators. Many attackers leave their footprints by browsing the
    site prior to when the defacement appears on sites which publicize
    security break-ins, he said.
    "Many times you see (the attackers) viewing the defacement first. Five
    minutes later, there will be a small flood of random addresses usually
    from friends on Internet relay chat, and then the regular hits from
    the mirrors," said Martin, who added that attackers may not realize
    their Internet protocol (IP) address is being logged.
    In the interview, Doctor Nuker refused to give his real name or
    country of residence but said he was born in the U.S. and received
    training as a medical doctor.
    According to Doctor Nuker, the Department of Justice issued the arrest
    warrants as a way to "scare hackers" but says that he plans to
    continue defacing Web sites.
    A spokesperson for Justice declined to say whether the government
    would seek to have Khan extradited for trial in the U.S.
    On Sept. 19, Doctor Nuker took credit for defacing the Web site of
    World Trade Services, a California-based firm that facilitates
    international e-commerce.
    In a message left at the defaced site, the hacker suggested the U.S.  
    government may have orchestrated the terrorist attacks on America to
    justify widening its manhunt for Osama bin Laden.
    A mirror of the AIPAC defacement is here:
    The information and commentary is Copyright 2001, by the individual author.
    Permission is granted to quote, reprint or redistribute provided the text is not
    altered, and the author and attrition.org is credited. The opinions expressed
    in this mail are not necessarily the opinion of all Attrition staff members.
    Commentary Archive: http://www.attrition.org/security/commentary/
    The Attrition Mirror: http://www.attrition.org/mirror/attrition/
    Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html
    Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html
    Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html
    Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html
    Contacting Attrition Staff: staffat_private
    To subscribe to Defaced Commentary, send mail to majordomoat_private
    with "subscribe defaced-commentary" in the BODY of the mail (without
    quotes). To unsubscribe, include "unsubscribe defaced-commentary" in
    the BODY of the mail.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Nov 01 2001 - 08:47:30 PST