[ISN] [defaced-commentary] Deceptive Duo in the news again

From: InfoSec News (isnat_private)
Date: Mon May 06 2002 - 00:29:41 PDT

  • Next message: InfoSec News: "[ISN] CERT running security pilots"

    ---------- Forwarded message ----------
    Date: Sun, 5 May 2002 20:59:18 -0400 (EDT)
    From: security curmudgeon <jerichoat_private>
    To: defaced-commentaryat_private
    Subject: [defaced-commentary] Deceptive Duo in the news again
    Earlier today (May 5, 2002), the defacing group "Deceptive Duo" struck
    again changing the home page of three gov/mil systems.
    Website: asp.navair.navy.mil (
    Mirror: http://defaced.alldas.org/mirror/2002/05/05/asp.navair.navy.mil/
    OS: Windows
    Website: www.export.gov (
    Mirror: http://defaced.alldas.org/mirror/2002/05/05/www.export.gov/
    OS: Windows
    Website: www.fhfb.gov (
    Mirror: http://defaced.alldas.org/mirror/2002/05/05/www.fhfb.gov/
    OS: Windows
    Despite only defacing 9 machines (5 .gov, 2 .mil, 2 .com), they have
    received media attention because of their "objective" and "mission".
    From one of their defacements:
      Alert all National Security threats. Specifically the critical 
      infrastructures(government agencies, banks, environmental system 
      controls, airport/airlines, corporations) within The United States 
      of America
      Mission Outline:
      Locate and scan critical cyber-components of The United States of 
      America for vulnerabilities creating a foreign threat, while 
      remaining undetected. 
      Once located, publicly inform those who deserve to know the extent of 
      incompetence that lies between foreign lines and the United States 
    While this sounds noble, one has to wonder if they are sincere about
    their desire, or if this is nothing more than a means for publicity.
    If they are sincere about improving the security of the national
    infrastructure, several questions come to mind.
    * With the recent events of 9-11, the FBI is overtasked with tracking
    down leads related to terrorists and potential threats. How is taking
    federal agents off those tasks to investigate domestic computer crime
    * If they are so interested in improving security, why are their
    targets only Windows machines? Defacing a single type of operating
    system typically points to script kiddies who are abusing the latest
    vulnerability, not people competant at computer security.
    * Why are they exposing personal information such as home phone
    numbers and addresses of people affiliated with the sites? These are
    not people that are responsible for the security of the systems being
    compromised. Sharing this personal information with a recognized
    journalist would serve the same purpose and protect their personal
    So far, these defacements don't seem to show a real concern for
    national security.  Media attention seems to be a higher priority.
    Deceptive Duo defacements:
    FAA Confirms Hack Attack
    By Kevin Poulsen, Apr 25 2002  4:52PM
    Computerworld > News > Saturday, 4 May, 2002
    Hacker duo say they hack for sake of national security
    "We must take drastic means for them to take this seriously"
    Linda Rosencrance, FRAMINGHAM
    The information and commentary is Copyright 2002, by the individual author.
    Permission is granted to quote, reprint or redistribute provided the text is not
    altered, and the author and attrition.org is credited. The opinions expressed
    in this mail are not necessarily the opinion of all Attrition staff members.
    Commentary Archive: http://www.attrition.org/security/commentary/
    The Attrition Mirror: http://www.attrition.org/mirror/attrition/
    Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html
    Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html
    Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html
    Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html
    Contacting Attrition Staff: staffat_private
    To subscribe to Defaced Commentary, send mail to majordomoat_private
    with "subscribe defaced-commentary" in the BODY of the mail (without
    quotes). To unsubscribe, include "unsubscribe defaced-commentary" in
    the BODY of the mail.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon May 06 2002 - 04:04:48 PDT