Forwarded from: H C <firstname.lastname@example.org> Cc: email@example.com, firstname.lastname@example.org, email@example.com Let's take a look at the wording of the "mission"... > From one of their defacements: > > Objective: > > Alert all National Security threats. Specifically the critical > infrastructures(government agencies, banks, environmental system > controls, airport/airlines, corporations) within The United States > of America Alert them of what? Insecurities? One has to then ask the same question that went around about what Lamos does...what gives Lamos or the "Deceptive Duo" the right or authority to conduct their activities? Another question arises...looking at the list of defaced sites as of today, are any of these systems part of the critical infrastructure? Were any of the systems housing classified, sensitive, or critical data, or in anyway connected to systems that did? Here's an eWeek story from Friday: http://www.eweek.com/article/0,3658,s=1884&a=26313,00.asp How does this affect the critical infrastructure? Sure, Gartner is a consulting firm that may provide information and advice to those who maintain the critical infrastructure, but the fact remains that the IT staff that manages things like the public web interface is usually a completely different organization from those providing advice and analysis. This isn't to say that I fully support Gartner...rather, I find DD's motives to be out of sync with their actions. A final thought on this topic...what happens if the DD gets into a system and modifies/destroys critical data, however inadvertently? What if their actions actually lead to damage of the critical infrastructure? Where then does their statement lie? > Mission Outline: > > Locate and scan critical cyber-components of The United States of > America for vulnerabilities creating a foreign threat, while > remaining undetected. Again, what gives the DD the authority to do this? Whenever a pen test or vulnerability assessment is conducted by a legitimate consulting firm, there are all sorts of legal documents and agreements that are signed. What about a public web server constitutes "creating a foreign threat"? W/ regards to remaining undetected...well, that's just a lot of empty rhetoric, isn't it? > Once located, publicly inform those who deserve to know the extent > of incompetence that lies between foreign lines and the United > States Administration. This statement makes little sense, but the thing that gets me is this...who determines who it is that deserves to know? Who gets informed? Why does it have to be public? > While this sounds noble, one has to wonder if they are sincere about > their desire, or if this is nothing more than a means for publicity. Agreed. On the surface, it _sounds_ noble... > * With the recent events of 9-11, the FBI is overtasked with > tracking down leads related to terrorists and potential threats. How > is taking federal agents off those tasks to investigate domestic > computer crime helping? While I'm not able to speak to what extent the FBI would investigate these incidents (does anyone know...I mean, really?), the Attorney General's mandate of a loss of $5000 most likely wouldn't come into play with these particular defacements. Given staffing levels and case load, a friend of mine at NIPC has alluded to the fact that the cut-off is closer to $50K or higher. Of course, the exact method by which the defacement seems to be known only to the "Deceptive Duo". Yes, we could speculate as to how they accomplished it, and perhaps many of us could even give several plausible answers...but so far as I've seen, the method of defacement hasn't been publicized. > * If they are so interested in improving security, why are their > targets only Windows machines? It may have more to do with their skill and available tools. Or, it may have to do with the fact that the systems they found just happened to be vulnerable Windows systems. > * Why are they exposing personal information You're right. One has to ask how posting the contents of databases, to include the rank, date of rank, and home phone numbers of staff members is pertinent to national security. The information extracted from the databases and displayed in the image on the defaced pages doesn't seem to be anything classified. One question, though...can you recommend a journalist that could be approached with such information, and would be able to accurately relate the story? I'd suggest Dan Verton...he's someone who'd be able to discern between unclass and classified information, at the very least. > So far, these defacements don't seem to show a real concern for > national security. Media attention seems to be a higher priority. This does seem to be the case, based on the outcome. However, I've been warned several times about attempting to discern the motives of an "attacker" based on the final results. - ISN is currently hosted by Attrition.org To unsubscribe email firstname.lastname@example.org with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue May 07 2002 - 04:52:05 PDT