http://www.msnbc.com/news/748369.asp?0si=- By Richard Thieme THE BUSINESS JOURNAL OF MILWAUKEE May 6, 2002 The self-proclaimed "Deceptive Duo" that hacked into Midwest Express Airlines' intranet say their goal was to embarrass the airline, which is part of the nation's transportation infrastructure and therefore essential to homeland defense. THE HACKERS, in an e-mail interview, said penetrating the Midwest Express computer server - from which they stole customer and user profiles, names, e-mail addresses, and passwords - was "easy" and the airline should have a secured site. They said the methods they used are well-known in the hacker community and mostly likely similar to those of terrorists. The incursion was designed to emulate a real terrorist attack, they said. "It should not be this easy to gain access to supposedly secure networks," the duo said. "But system administrators are doing exactly the opposite of what they should be doing." The Deceptive Duo - hacked into the Midwest Express server that is used to test new features for the airline's Web site and then posted evidence of their break-in on their own Web site and the Web site of the U. S. Space & Naval War Systems Command. The identity of the hackers thus far has eluded Midwest Express management and a Chicago computer security firm the airline hired. However, sources confirmed that the parties responding to e-mail questions from The Business Journal were at the same e-mail address as the hackers. The hackers did not access or compromise any other data such as credit-card information, said Lisa Bailey, a spokeswoman for Midwest Express. The airline's management learned of the security breach April 22, said Bailey. The airline asked the hackers to immediately remove their posting from the duo’s Web site, and they complied, said Bailey. The Navy removed the posting as soon as it was detected. SECURITY CONSULTANTS The airline changed all customer passwords, not just those that were compromised, and is working with computer security consultants to evaluate the security of Midwest Express' computer system, Bailey said. Midwest Express executives were not particularly embarrassed by the incident, Bailey said. "But we do realize that that the test server was not as secure as we thought and we are doing whatever we need to do to be sure the information is secure moving forward," she said. Midwest Express does not plan to prosecute the intruders, but Bailey noted that government and military sites were also attacked and the Federal Aviation Administration has indicated its intention to prosecute. FAA officials could not be reached for comment. The airline is focused on using the intrusion to strengthen its security measures. "It is a potential threat for us and our customer data, and we want to be sure it does not happen in the future," Bailey said. The airline plans to review its site security continuously, assess vulnerabilities and change passwords, Bailey said. The hackers offered, via e-mail to Midwest Express, to assist in fixing the flaws they discovered, but the airline declined, Bailey said. The hackers said they were motivated to intrude on the sites of Midwest Express and other corporate and military sites to demonstrate that the U.S. infrastructure is still vulnerable to terrorists even after Sept. 11. Midwest Express and other corporate targets were apparently chosen at random. When asked whether they might achieve their objectives by privately notifying system administrators of vulnerabilities rather than boasting of their intrusion on other sites, they said they tried that with no success. "We've tried subtle ways of informing them, but it seems to take drastic means before they will realize the severity of this," the hackers said. "Unfortunately, it takes action to get a reaction." NO CONTACT Bailey disputed that version of events. She said the hackers did not contact Midwest Express before posting evidence of their conquest of the airline's computer system. "If we'd been contacted prior to posting, we would've obviously acted very quickly," Bailey said. The hackers said they entered the Midwest Express server by guessing right on an elementary security password - they typed a default password commonly used by Microsoft Corp. The duo merely had to access the corporate intranet, then enter the default password to gain entry to the database. The airline uses Microsoft SQL, a standard language for performing tasks on the data base, they said. The hackers said they found flaws in the server page scripts that allowed them to view information that should have been accessible only by authorized Midwest Express insiders. The hackers said they discovered other unauthorized logins, which suggested that other hackers may have been there before them. However, Bailey said the airline found no evidence of other hacker entries or flaws in its server scripts. The duo threatened to continue their strategy for alerting the guardians of the infrastructure. They said Midwest Express was part of the first stage, which scanned targets running on Microsoft products for widely known vulnerabilities. The Department of Defense and other government agencies need to focus on eliminating known vulnerabilities, they said. (MSNBC is a Microsoft - NBC joint venture.) "In general, we are telling our targets to do their jobs correctly," the hackers said. "Doing a system administration job correctly includes researching, analyzing and fixing all known vulnerabilities." Next, the duo intends to use more subtle methods. They said they will attack targets on multiple operating systems "with vulnerabilities that range from the widely known to the little known" with the goal of controlling software "that a terrorist might use to advantage." The third and final leg of their strategy will expose "the most dangerous but least likely scenarios," said the hackers. Such vulnerabilities are not well known, making them difficult to defend against in advance, they said. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu May 09 2002 - 03:37:27 PDT