[ISN] Hackers Humble Security Experts

From: InfoSec News (isnat_private)
Date: Thu Jan 16 2003 - 22:37:59 PST

  • Next message: InfoSec News: "RE: [ISN] Why I should have the right to kill a malicious process on your machine"

    http://www.wired.com/news/infostructure/0,1377,57229,00.html
    
    By Brian McWilliams  
    Jan. 16, 2003
    
    A wisecracking group of hackers confirmed its claim this week that it 
    spread an antipiracy virus was nothing but a hoax aimed at garnering 
    fame. 
    
    But members of the group, known as Gobbles Security, conceded that a 
    program it released to demonstrate the problem was a Trojan horse 
    capable of destroying files on the computers of unwary Unix users. 
    
    Experts said the bizarre incident, which caused a brief frenzy among 
    some security firms and fans of music file sharing, follows a grand 
    tradition of pranks by the playful hacking group. 
    
    "I think that the latest Gobbles advisory is genius," said Dave Aitel, 
    head of Immunity Security, a security software and services provider. 
    "Gobbles takes the piss out of all of us, and we need to respect and 
    appreciate that." 
    
    Gobbles' advisory said the Recording Association of America had 
    contracted the hacking group to develop a hydra-like computer worm 
    that has already spread widely by exploiting security vulnerabilities 
    in several popular music programs. 
    
    Gobbles claimed the antipiracy tool enabled the RIAA to create 
    infected MP3 music files and distribute them through file-sharing 
    networks, compromising and cataloging the infected systems. 
    
    In an e-mail interview, Gobbles representatives admitted that they 
    fabricated the RIAA claim to get attention. 
    
    "The only excuse we can offer for our immaturity is that we like the 
    fame," they said. 
    
    An RIAA spokesperson also said Gobbles' claim that it's working for 
    the trade association was a hoax, but the representative declined to 
    comment on RIAA's technology-based antipiracy efforts. 
    
    However, a security flaw described in the Gobbles warning was very 
    real, according to Michael Hipp, developer of mpg123, a Unix-based MP3 
    player cited in the advisory. 
    
    Included with the Gobbles advisory was source code to a hacking 
    program that exploits the security bug. The use of mpg123 to play 
    special MP3 files created by the hacking program will delete files on 
    the user's computer with the Unix command "rm -rf," Gobbles 
    acknowledged. 
    
    "If anyone was dumb enough to lose data because of this, they deserved 
    it," wrote Gobbles representatives in an e-mail, which also noted that 
    the program warned users before deleting their files. 
    
    Dan Ingevaldson, an R&D manager at Internet Security Systems said 
    Gobbles is "kind of an enigma" and is known to distribute both serious 
    and frivolous advisories. But Ingevaldson said he always enjoys 
    reading the group's bulletins, even though they sometimes poke fun at 
    ISS. 
    
    But to some in the security business, Gobbles' pranks and long-winded 
    advisories -- often written in faux broken-English and containing 
    diatribes about the industry -- have become tiring. 
    
    "It's just a big waste of everyone's time.... It's about as useful as 
    a bag of flaming dog doo on your doorstep," said Ryan Russell, author 
    and former moderator of the Vuln-Dev security mailing list. 
    
    Indeed, Gobbles' haughty attitude has made the group the target of 
    recent attacks, especially after a Gobbles leader, who uses the alias 
    Nwonknu, ridiculed members of the security industry in a rambling 
    keynote address in August at the annual Defcon hacker convention in 
    Las Vegas. 
    
    The following month, a computer allegedly owned by Nwonknu was hacked, 
    and some of its contents were anonymously posted to Full-Disclosure, a 
    security mailing list, from the e-mail account 
    bastedturkeyat_private 
    
    Then in October, someone forged hundreds of nonsensical messages to 
    the list with the subject line "Poot ze-a cheekee in de-a oofee!" from 
    Gobbles' e-mail address. The incident caused some list participants to 
    call for a blockade of e-mails from the group. 
    
    But some security experts said Gobbles' technical prowess gives the 
    group a platform as the voice of conscience for the security industry. 
    
    Mark Litchfield, co-founder of NGSSoftware, said he put up $275 in 
    response to a public request last August by Gobbles for help with 
    airfare to Defcon. 
    
    According to Litchfield, Gobbles "knows (its) stuff" and shares its 
    findings with the security community "instead of keeping all (its) 
    advisories/exploits and sharing them privately with the black-hat 
    community, which I would feel is a greater threat." 
    
    In a jab at SecurityFocus, the Symantec-owned security firm that 
    operates the popular Bugtraq mailing list, Gobbles registered the 
    domain Bugtraq.org in 2001. Due to an apparent spate of attacks on the 
    site (archived here), Gobbles' advisories have been mirrored at a site 
    hosted by Aitel. According to Aitel, who said he has no other 
    involvement with the group, Gobbles helps to keep the security 
    industry's "huge egos" in check. 
    
    "Gobbles teaches everyone the valuable lesson that no matter how elite 
    we are, how rich we are, how many three letter agencies we have 
    contracts with, how much of the Fortune 500 relies on us to keep their 
    systems secure, someone out there is giggling at us," said Aitel. 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Jan 17 2003 - 00:52:41 PST