---------- Forwarded message ---------- Date: Wed, 31 Oct 2001 21:47:25 -0700 (MST) From: security curmudgeon <jerichoat_private> To: defaced-commentaryat_private Subject: [defaced-commentary] Hacker 'Doctor Nuker' Claims FBI Fingered Wrong Person Hacker 'Doctor Nuker' Claims FBI Fingered Wrong Person By Brian McWilliams, Newsbytes WASHINGTON, D.C., U.S.A., 31 Oct 2001, 4:59 PM CST A computer hacker who vandalized a pro-Israeli group's Web site said law enforcement officials have issued an arrest warrant for the wrong person. In an online interview today, a Pakistani hacker who calls himself Doctor Nuker said he was responsible for the Nov. 2000 attack on the Web site of the American-Israel Public Affairs Committee (AIPAC). But the hacker claimed a federal grand jury made a mistake last week in indicting Misbah Khan of Karachi on four computer crime-related counts. "It's a girly name, sort of like calling a guy Mary Smith," said the hacker, who claimed he is a 35-year-old male and that several other people have used his nickname to deface sites. In the defacement of the AIPAC site, Doctor Nuker posted a rant about Israel's treatment of Palestinians, along with credit card numbers and e-mail addresses of some of the group's members. Each of the offenses carry fines of up to $250,000 and jail sentences of up to ten years, according to the Justice Department. The FBI will not disclose how it discovered the identity of Doctor Nuker, a prolific Web site defacer and founder of a hacking group known as Pakistan Hackerz Club. In a DoJ press release, Lynne Hunt, the FBI agent handling the case, said that "computer hackers often leave behind a more elaborate trail of evidence than they realize, and we will follow that trail no matter where in the world it leads." The IP address contained in several e-mail messages from Doctor Nuker to Newsbytes this month indicated he was using an Internet service provider in Karachi. But the hacker claimed he merely uses insecure servers in Pakistan to get online anonymously. Brian Martin, one of the operators of the Attrition.org security information site, said many Web site defacers give themselves away by being the first to view their handiwork. According to Martin, log files from defaced Web sites are combed by investigators. Many attackers leave their footprints by browsing the site prior to when the defacement appears on sites which publicize security break-ins, he said. "Many times you see (the attackers) viewing the defacement first. Five minutes later, there will be a small flood of random addresses usually from friends on Internet relay chat, and then the regular hits from the mirrors," said Martin, who added that attackers may not realize their Internet protocol (IP) address is being logged. In the interview, Doctor Nuker refused to give his real name or country of residence but said he was born in the U.S. and received training as a medical doctor. According to Doctor Nuker, the Department of Justice issued the arrest warrants as a way to "scare hackers" but says that he plans to continue defacing Web sites. A spokesperson for Justice declined to say whether the government would seek to have Khan extradited for trial in the U.S. On Sept. 19, Doctor Nuker took credit for defacing the Web site of World Trade Services, a California-based firm that facilitates international e-commerce. In a message left at the defaced site, the hacker suggested the U.S. government may have orchestrated the terrorist attacks on America to justify widening its manhunt for Osama bin Laden. A mirror of the AIPAC defacement is here: http://www.attrition.org/mirror/attrition/2000/11/02/www.aipac.org/ - The information and commentary is Copyright 2001, by the individual author. Permission is granted to quote, reprint or redistribute provided the text is not altered, and the author and attrition.org is credited. The opinions expressed in this mail are not necessarily the opinion of all Attrition staff members. Commentary Archive: http://www.attrition.org/security/commentary/ The Attrition Mirror: http://www.attrition.org/mirror/attrition/ Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html Contacting Attrition Staff: staffat_private To subscribe to Defaced Commentary, send mail to majordomoat_private with "subscribe defaced-commentary" in the BODY of the mail (without quotes). To unsubscribe, include "unsubscribe defaced-commentary" in the BODY of the mail. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Nov 01 2001 - 08:47:30 PST