[ISN] Feds pull suspicious .gov site

From: InfoSec News (isnat_private)
Date: Wed Feb 05 2003 - 22:20:00 PST

  • Next message: InfoSec News: "[ISN] Terrorist group claims responsibility for Slammer"

    Forwarded from: William Knowles <wkat_private>
    
    http://news.com.com/2100-1023-983384.html
    
    By Declan McCullagh 
    Staff Writer, CNET News.com
    February 5, 2003
    
    WASHINGTON--In a move that raises questions about the security of
    governmental domains, the Bush administration has pulled the plug on a
    .gov Web site pending an investigation into the authenticity of the
    organization that controlled it.
    
    Until recently, visitors to the AONN.gov Web site were treated to a
    smorgasbord of information about an agency calling itself the Access
    One Network Northwest (AONN), a self-described cyberwarfare unit
    claiming to employ more than 2,000 people and had the support of the
    U.S. Department of Defense.
    
    No federal agency called AONN appears to exist, and no agency with
    that name is on the official list of organizations maintained by the
    U.S. National Institute of Standards and Technology.
    
    The General Services Administration (GSA), which runs the .gov
    registry, pulled the domain on Jan. 24, after a query from CNET
    News.com.
    
    "There are questions about the authenticity of the Web site that
    includes the AONN name," the agency said in an e-mail reply. "Until
    the situation is resolved, we have eliminated the URL from the .gov
    directory name server."
    
    The action could point to the first case of a .gov domain name
    hijacking.
    
    The GSA investigation raises questions about the integrity of federal
    Web sites at a time when the Bush administration is touting electronic
    government initiatives. President Bush signed the E-Government Act of
    2002 in December, and the IRS in January began a program to encourage
    Americans to file their taxes electronically.
    
    Cybersquatting, or registering a domain to which you may not be
    entitled, is hardly uncommon among the multitude of .com and .net
    domains. In 1999, President Bill Clinton signed an anticybersquatting
    law, and an alternate process through which domain names can be
    challenged has resulted in more than 11,000 domain names being
    transferred away from the parties who had registered them.
    
    But there are no known cybersquatting incidents involving a
    governmental domain, according to the GSA. "I'm not aware of any
    incident" in the past when an unapproved individual has gained control
    of a .gov domain name, an agency representative said.
    
    Chris Casey, who in 1995 helped to create Congress' first Web sites
    and now runs a Web design company called Casey.com, says he was
    surprised to hear that AONN had apparently secured a .gov name, and
    said a misappropriated .gov domain could create confusion among Web
    users.
    
    "I'm not aware of it ever happening before," Casey said. ".gov, .edu
    and .mil carry a feeling of trustworthiness...People have learned to
    place more faith in them."
    
    AONN's background
    
    Claiming credit for the deleted .gov site is a man who calls himself
    Robert L. Taylor III, whose name and contact information appeared in
    documents on the AONN.gov site.
    
    Taylor, who appears to reside near Everett, Wash., declined to explain
    how, exactly, he secured a .gov domain for the group, calling AONN's
    operations "classified."
    
    "We have exploited a security hole in the bureaucracy," Taylor said in
    a telephone interview. "There are loopholes, there are security holes,
    there are holes in the system."
    
    On its now-deleted site, AONN contended its "U.S. Defense Security
    Intelligence Network" (DSIN) was launched at Harvard University's John
    F. Kennedy School of Government last year, but Doug Gavel, the Kennedy
    School's communications director, says he's not aware of any such
    program. Similarly, AONN said its champion in Congress is Rep. Jay
    Inslee, D-Wash., whose office categorically denies it. A Senate Budget
    Committee representative said he had never heard of AONN.
    
    A Pentagon representative also said that AONN has no affiliation with
    the U.S. military and he had no knowledge of the organization.
    
    It's unclear when the site was first registered or how Taylor may have
    taken control of a .gov domain. According to the official .gov
    registration rules, only organizations that appear in an official list
    of government agencies qualify for a .gov domain--and AONN is not on
    it. If AONN were a legitimate Defense Department agency, it would have
    to register a .mil--rather than a .gov--domain name.
    
    One loophole exists for city and state governments, which were allowed
    to register .gov domains before the current rules took effect in May
    1997. Such registrations are no longer permitted. But local and state
    governments with existing sites, such as the state of California's
    ca.gov, were allowed to keep them.
    
    Registering a .gov domain name involves writing an authorization
    letter--two samples are provided on the GSA Web site--printing it out,
    and then sending it to the ".GOV Domain Manager" in Reston, Va. The
    GSA would not comment on what security measures were in place, and
    what changes, if any, have been made.
    
    The GSA's safeguards don't provide foolproof security, says Adrian
    Lamo, a hacker and social engineer who claims to have penetrated
    computer systems run by The New York Times and a string of other
    corporations.
    
    "The process isn't intended to stop anyone who isn't going to be
    stopped by the need to go to Kinko's, print out some letterhead and
    then send an honest-to-God postal letter," Lamo said. "It'll stop the
    people that are willing to break any rule, as long as they can fill
    out a Web form to do it. And that eliminates 95 percent of pranks."
    
    If someone expressed interest in AONN, Taylor would send them a
    122-page PDF file containing buzzwords such as "computer intrusion
    teams, "beyond state-of-the-art super computing... next level
    broad-range security systems, cyber warfighting, highly advanced
    satellite technologies and nano-technologies." It described AONN as a
    "joint-counterstrike force (that) possesses such a culmination of some
    of the world's brightest and most brilliant intellect, intelligentsia,
    academicians and minds, it can quite easily be said that the AONN DSI
    concept by itself is worth multibillions."
    
    A notice on AONN.gov offered to "split payment on contract
    disbursements" with its fund-raisers. Taylor also offered this deal to
    potential buyers: "You come up with fifty million dollars and we'll
    sign contracts as well as deliver both human assets and the DSIN
    program."
    
    Taylor would not say if he had collected any money from corporations
    and individuals as a result of these offers.
    
    Besides claiming to be a military intelligence agency, AONN also said
    it has an "emerging and expensive clothing line" and an urban and R&B
    record label that has signed "certified platinum artists." In November
    2000, a company named AONN Records released a CD called November 12
    Projekt that a local newspaper described as a collaboration of "two
    ambitious young rappers."
    
    Taylor said that that AONN.gov and AONN Records are the same.
    
    No company named AONN Records or Access One Network Northwest is
    listed with directory assistance, and the Washington state government
    has no record of a company with either name being incorporated.
    
    AONN Records' CD release appears to have been distributed by The
    Orchard, which provides a vehicle for independent musicians to sell to
    online stores such as Amazon.com and CDNow.com. The Orchard could not
    locate AONN Records or Robert Taylor in its files. A representative
    said that would be the case if The Orchard no longer carried the
    November 12 Projekt CD.
    
    One document Taylor distributed from his Hotmail account this week,
    called a "Special Projects Dossier," lists excerpts from job
    applications apparently sent to him by intelligence officers seeking
    employment.
    
    "Some have suggested it is a spoof by a rock group who has misused the
    aonn.com and aonn.gov registrations," a representative for the
    Association of Former Intelligence Officers said this week. "How they
    obtained the (top-level domain) of .gov is baffling and shows a flaw
    in the registration system that could create greater mischief in other
    hands."
    
    
     
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence 
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ================================================================
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Feb 06 2003 - 01:33:36 PST