Points to ponder, was Re: [ISN] Deceptive Duo in the news again

From: InfoSec News (isnat_private)
Date: Tue May 07 2002 - 01:47:26 PDT

  • Next message: InfoSec News: "[ISN] Cyberspace full of terror targets"

    Forwarded from: H C <keydet89at_private>
    Cc: jerichoat_private, eceptiveat_private, dennis_fisherat_private
    
    Let's take a look at the wording of the "mission"...
    
    > From one of their defacements:
    > 
    > Objective:
    >
    > Alert all National Security threats. Specifically the critical
    > infrastructures(government agencies, banks, environmental system
    > controls, airport/airlines, corporations) within The United States
    > of America
    
    Alert them of what?  Insecurities?  One has to then ask the same
    question that went around about what Lamos does...what gives Lamos or
    the "Deceptive Duo" the right or authority to conduct their
    activities?
    
    Another question arises...looking at the list of defaced sites as of
    today, are any of these systems part of the critical infrastructure?  
    Were any of the systems housing classified, sensitive, or critical
    data, or in anyway connected to systems that did?
    
    Here's an eWeek story from Friday:
    http://www.eweek.com/article/0,3658,s=1884&a=26313,00.asp
    
    How does this affect the critical infrastructure?  Sure, Gartner is a
    consulting firm that may provide information and advice to those who
    maintain the critical infrastructure, but the fact remains that the IT
    staff that manages things like the public web interface is usually a
    completely different organization from those providing advice and
    analysis.
     
    This isn't to say that I fully support Gartner...rather, I find DD's
    motives to be out of sync with their actions.
    
    A final thought on this topic...what happens if the DD gets into a
    system and modifies/destroys critical data, however inadvertently?  
    What if their actions actually lead to damage of the critical
    infrastructure?  Where then does their statement lie?
     
    > Mission Outline:
    >
    > Locate and scan critical cyber-components of The United States of
    > America for vulnerabilities creating a foreign threat, while
    > remaining undetected.
    
    Again, what gives the DD the authority to do this?  Whenever a pen
    test or vulnerability assessment is conducted by a legitimate
    consulting firm, there are all sorts of legal documents and agreements
    that are signed.
    
    What about a public web server constitutes "creating a foreign
    threat"?
    
    W/ regards to remaining undetected...well, that's just a lot of empty
    rhetoric, isn't it?
     
    > Once located, publicly inform those who deserve to know the extent
    > of incompetence that lies between foreign lines and the United
    > States Administration.
    
    This statement makes little sense, but the thing that gets me is
    this...who determines who it is that deserves to know?  Who gets
    informed?  Why does it have to be public?
     
    > While this sounds noble, one has to wonder if they are sincere about
    > their desire, or if this is nothing more than a means for publicity.
    
    Agreed.  On the surface, it _sounds_ noble...
    
    > * With the recent events of 9-11, the FBI is overtasked with
    > tracking down leads related to terrorists and potential threats. How
    > is taking federal agents off those tasks to investigate domestic
    > computer crime helping?
    
    While I'm not able to speak to what extent the FBI would investigate
    these incidents (does anyone know...I mean, really?), the Attorney
    General's mandate of a loss of $5000 most likely wouldn't come into
    play with these particular defacements.  Given staffing levels and
    case load, a friend of mine at NIPC has alluded to the fact that the
    cut-off is closer to $50K or higher.
    
    Of course, the exact method by which the defacement seems to be known
    only to the "Deceptive Duo".  Yes, we could speculate as to how they
    accomplished it, and perhaps many of us could even give several
    plausible answers...but so far as I've seen, the method of defacement
    hasn't been publicized.
    
    > * If they are so interested in improving security, why are their
    > targets only Windows machines?
    
    It may have more to do with their skill and available tools.  Or, it
    may have to do with the fact that the systems they found just happened
    to be vulnerable Windows systems.
    
    > * Why are they exposing personal information
    
    You're right. One has to ask how posting the contents of databases, to
    include the rank, date of rank, and home phone numbers of staff
    members is pertinent to national security.
    
    The information extracted from the databases and displayed in the
    image on the defaced pages doesn't seem to be anything classified.
    
    One question, though...can you recommend a journalist that could be
    approached with such information, and would be able to accurately
    relate the story?  I'd suggest Dan Verton...he's someone who'd be able
    to discern between unclass and classified information, at the very
    least.
     
    > So far, these defacements don't seem to show a real concern for
    > national security.  Media attention seems to be a higher priority.
    
    This does seem to be the case, based on the outcome.  However, I've
    been warned several times about attempting to discern the motives of
    an "attacker" based on the final results.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue May 07 2002 - 04:52:05 PDT