[ISN] [defaced-commentary] Washington Post's Tech site hacked

From: InfoSec News (isnat_private)
Date: Wed Jan 30 2002 - 01:36:18 PST

  • Next message: InfoSec News: "[ISN] Bills aim at raising infosec expertise"

    ---------- Forwarded message ----------
    Date: Tue, 29 Jan 2002 21:47:04 -0500 (EST)
    From: security curmudgeon <jerichoat_private>
    To: defaced-commentaryat_private
    Subject: [defaced-commentary] Washington Post's Tech site hacked 
    By Nicholas Johnston
    Washington Post Staff Writer
    Tuesday, January 29, 2002; Page E05 
    Computer hackers attacked the Web site Washtech.com yesterday evening,
    replacing content on the news site's home page with taunts to the site's
    administrators and greetings to fellow hackers. The attack occurred around
    6 p.m., and the bogus content on the home page was visible for about 20
    minutes before administrators could shut the site down.
    As of last night, officials at Washtech, a Web site for technology news
    that operates alongside washingtonpost.com, did not know how the attack
    was conducted or when the Web site would be back online. At about 8:20
    p.m., the main page of Washtech was rudimentarily rebuilt with a few
    headlines and links.
    "As soon as we learned about it, we took the site down," said Valerie
    Voci, Washtech's publisher. "We're still assessing what the security
    breach was." 
    The Washington Post's main news site, washingtonpost.com, runs on separate
    computers from the Washtech site and was not affected by the attack, Voci
    said. Both Web sites are run by Washingtonpost.Newsweek Interactive, the
    Internet arm of The Washington Post Co. 
    "It's a dangerous neighborhood out there," said Alan Paller, director of
    research at the SANS Institute, an Internet security research and
    education organization in Bethesda. "There are certain attacks that nobody
    can block. . . . If your people aren't absolutely, all the time on the
    latest patches, you're going to get hit." 
    The message on the Web site included names tied to a group known as aCid
    fAlz Group. The group's Web site said the group defaces Web pages only as
    a means of exposing security holes in server software. It does this by
    changing a site's index file, the first page displayed on a site. That was
    the file altered on the Washtech Web site. 
    E-mails sent to members of the group were not returned; a phone number
    listed for the administrator of the aCid fAlz Web site was not in service. 
    Under the National Information Infrastructure Protection Act of 1996,
    unauthorized access of a computer that results in damages in excess of
    $5,000 can result in a fine or imprisonment of up to five years. A recent
    study found there were 52,658 network security breaches last year. Another
    study found that 41 percent of companies surveyed by a local Internet
    security firm reported a security breach that compromised their computer
    "This happens on the Internet," Voci said. "Unfortunately it's happened to
    The information and commentary is Copyright 2001, by the individual author.
    Permission is granted to quote, reprint or redistribute provided the text is not
    altered, and the author and attrition.org is credited. The opinions expressed
    in this mail are not necessarily the opinion of all Attrition staff members.
    Commentary Archive: http://www.attrition.org/security/commentary/
    The Attrition Mirror: http://www.attrition.org/mirror/attrition/
    Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html
    Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html
    Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html
    Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html
    Contacting Attrition Staff: staffat_private
    To subscribe to Defaced Commentary, send mail to majordomoat_private
    with "subscribe defaced-commentary" in the BODY of the mail (without
    quotes). To unsubscribe, include "unsubscribe defaced-commentary" in
    the BODY of the mail.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Jan 30 2002 - 05:19:03 PST