Forwarded from: H C <keydet89at_private> Cc: jerichoat_private, deceptiveat_private Well, according to CNN/IDG, we now have an idea of the methods used by the DD to gain access to the systems... http://www.cnn.com/2002/TECH/internet/05/06/national.security.hackers.idg/index.html The methods they reportedly used to compromise the sites are clear, but there is another issue at hand: The article states: "They say they have hacked into classified and nonclassified systems..." And then later: ""We had access to data and Web servers which included things such as pictures from Operation Restore Hope..."" Okay...I'm not sure how that constitutes "classified" information. Finally: "Williamson adds that the pair didn't get access to any classified information." So...DD says they did, Williamson says they didn't. Given that the method of attack used wasn't your basic directory transversal exploit, who knows what they had access to, or what they did to the systems besides simple web page defacements. The fact that SQL was accessible via the 'net is bad enough, but the fact that the DD were able to get in via "NetBIOS brute force" amazes me...not so much that they were able to do so, but they didn't get caught. Doesn't anyone enable logging in the EventLog anymore? Doesn't anyone review the logs? This also concerns me b/c since about Nov '01, the majority of security engineer positions available in the metro DC area have all required current TS clearences. I interviewed for some of them (no, my clearence isn't active) and found out that they were for the FAA. The FAA had/has contracts w/ defense contracting firms for analysts to monitor network activity in a NOC. Other "gubmint" agencies have the same thing. That being the case, why were these attacks not detected? - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed May 08 2002 - 02:34:47 PDT