---------- Forwarded message ---------- Date: Sun, 5 May 2002 20:59:18 -0400 (EDT) From: security curmudgeon <jerichoat_private> To: defaced-commentaryat_private Subject: [defaced-commentary] Deceptive Duo in the news again Earlier today (May 5, 2002), the defacing group "Deceptive Duo" struck again changing the home page of three gov/mil systems. Website: asp.navair.navy.mil (22.214.171.124) Mirror: http://defaced.alldas.org/mirror/2002/05/05/asp.navair.navy.mil/ OS: Windows Website: www.export.gov (126.96.36.199) Mirror: http://defaced.alldas.org/mirror/2002/05/05/www.export.gov/ OS: Windows Website: www.fhfb.gov (188.8.131.52) Mirror: http://defaced.alldas.org/mirror/2002/05/05/www.fhfb.gov/ OS: Windows Despite only defacing 9 machines (5 .gov, 2 .mil, 2 .com), they have received media attention because of their "objective" and "mission". From one of their defacements: Objective: Alert all National Security threats. Specifically the critical infrastructures(government agencies, banks, environmental system controls, airport/airlines, corporations) within The United States of America Mission Outline: Locate and scan critical cyber-components of The United States of America for vulnerabilities creating a foreign threat, while remaining undetected. Once located, publicly inform those who deserve to know the extent of incompetence that lies between foreign lines and the United States Administration. While this sounds noble, one has to wonder if they are sincere about their desire, or if this is nothing more than a means for publicity. If they are sincere about improving the security of the national infrastructure, several questions come to mind. * With the recent events of 9-11, the FBI is overtasked with tracking down leads related to terrorists and potential threats. How is taking federal agents off those tasks to investigate domestic computer crime helping? * If they are so interested in improving security, why are their targets only Windows machines? Defacing a single type of operating system typically points to script kiddies who are abusing the latest vulnerability, not people competant at computer security. * Why are they exposing personal information such as home phone numbers and addresses of people affiliated with the sites? These are not people that are responsible for the security of the systems being compromised. Sharing this personal information with a recognized journalist would serve the same purpose and protect their personal information. So far, these defacements don't seem to show a real concern for national security. Media attention seems to be a higher priority. -- Deceptive Duo defacements: http://defaced.alldas.org/?attacker=The+Deceptive+Duo FAA Confirms Hack Attack By Kevin Poulsen, Apr 25 2002 4:52PM http://online.securityfocus.com/news/378 Computerworld > News > Saturday, 4 May, 2002 Hacker duo say they hack for sake of national security "We must take drastic means for them to take this seriously" Linda Rosencrance, FRAMINGHAM http://www.computerworld.com/securitytopics/security/story/1,10801,70728,00.html - The information and commentary is Copyright 2002, by the individual author. Permission is granted to quote, reprint or redistribute provided the text is not altered, and the author and attrition.org is credited. The opinions expressed in this mail are not necessarily the opinion of all Attrition staff members. Commentary Archive: http://www.attrition.org/security/commentary/ The Attrition Mirror: http://www.attrition.org/mirror/attrition/ Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html Contacting Attrition Staff: staffat_private To subscribe to Defaced Commentary, send mail to majordomoat_private with "subscribe defaced-commentary" in the BODY of the mail (without quotes). To unsubscribe, include "unsubscribe defaced-commentary" in the BODY of the mail. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon May 06 2002 - 04:04:48 PDT