[ISN] [defaced-commentary] Guilty plea in Al-Jazeera site hack

From: InfoSec News (isnat_private)
Date: Fri Jun 13 2003 - 01:30:22 PDT

  • Next message: InfoSec News: "[ISN] Secunia Weekly Summary"

    ---------- Forwarded message ----------
    Date: Thu, 12 Jun 2003 20:52:22 -0400 (EDT)
    From: security curmudgeon <jerichoat_private>
    To: defaced-commentaryat_private
    Subject: [defaced-commentary] Guilty plea in Al-Jazeera site hack 
    
    
    Guilty plea in Al-Jazeera site hack
    By Robert Lemos
    Staff Writer, CNET News.com
    June 12, 2003, 12:30 PM PT
    http://news.com.com/2100-1002-1016447.html
    
    A central California man plead guilty Thursday to two charges stemming
    from an attack on the Web site of the Arab news service Al-Jazeera
    during the early days of the Iraq conflict.
    
    In a plea agreement with the U.S. Attorney's office for the Central
    District of California, John William Racine II, a 24-year-old Web
    designer, admitted to tricking VeriSign subsidiary Network Solutions
    into giving him ownership of the aljazeera.net domain. Racine said he
    then redirected visitors to that Internet address to another site,
    where they were greeted by an American flag and the phrase "Let
    freedom ring." The Norco, Calif., resident turned himself in to FBI
    agents on March 26, according to the plea agreement.
    
    "Racine gained control of the aljazeera.net domain name by defrauding
    Network Solutions, where Al-Jazeera maintained an account for its
    domain name and e-mail services," the U.S. Attorney's office said in a
    statement.
    
    Racine, also known as "John Boffo," used a false photo identification
    card and forged signature to impersonate an Al-Jazeera systems
    administrator and get control of Al-Jazeera's account, according to
    the plea agreement. In doing so, he gained control of where any data
    sent to aljazeera.net--including Web page requests and
    e-mail--ultimately ended up.
    
    The actual defacement appeared on a free Web site service provided by
    NetWorld Connections. Technically known as a "redirect," the hack
    caused Web browsers that attempted to go to www.aljazeera.net--as well
    as the English-language site, english.aljazeera.net--to be
    surreptitiously redirected to the content hosted on NetWorld's servers
    and see the American flag instead.
    
    For an entire week in late March, Al-Jazeera had to contend with
    technical problems and hackers that caused the site to be unavailable
    as often as not.
    
    The Arabic and English news service, based in Doha, Qatar, found
    itself the focus of controversy during the war in Iraq for its
    coverage of the conflict. Opponents charged the Arab news group with
    bias, but many others have tuned into the young network's TV
    broadcasts and Web site for an alternative view of the issues
    surrounding the war and America's occupation of the Middle Eastern
    country.
    
    Al-Jazeera also had to face its reporters being barred from the New
    York Stock Exchange and the Nasdaq after the Pentagon criticized the
    news agency coverage of the war. Some U.S. officials commented that
    pictures and video that showed prisoners of war and dead American
    soldiers violated the Geneva Conventions on the treatment of captured
    soldiers and casualties.
    
    The plea agreement states that on March 24, after the initial verbal
    salvos between U.S government officials and Al-Jazeera, Racine
    searched the Internet and found that Muhammed Jasim AlAli was listed
    as the administrative contact for the Arab news service's Internet
    domain, aljazeera.net. He then created an account on Microsoft's
    Hotmail and impersonated AlAli in telephone messages and e-mail to
    VeriSign, claiming that he needed to have the account password
    changed. Unable to answer a challenge question by a VeriSign employee,
    he said he would call back later.
    
    Racine then created a false photo identification card with the name
    "Mohammed Jasim AlAli" and forged an authorization form that requested
    VeriSign change the password. He sent the documents to VeriSign
    subsidiary Network Solutions and followed up with a telephone call.
    Based on that documentation and the phone call, VeriSign changed the
    password on March 25, the plea agreement stated.
    
    On March 27, after the defacement gained media attention, VeriSign
    suspended the Al-Jazeera account. By then, Racine had already
    contacted the FBI and provided the agency with evidence of what he had
    done, the plea agreement stated.
    
    Racine "admitted that he knew his conduct was unlawful and voluntarily
    provided the documents and information to the FBI to assist in its
    criminal investigation," the agreement said.
    
    Racine could have faced up to 25 years in prison and a fine of
    $500,000. However, the U.S. Attorney's office has agreed to request a
    much lighter sentence: three years of probation and 1,000 hours of
    community service. The ultimate decision on the sentence, however,
    resides with the judge.
    
    Racine signed the plea agreement on Thursday, said the U.S. Attorney's
    office. He will be arraigned in court Monday.
    
    VeriSign couldn't immediately comment on the case.
    
    
    -
    The information and commentary is Copyright 2003, by the individual author.
    Permission is granted to quote, reprint or redistribute provided the text is not
    altered, and the author and attrition.org is credited. The opinions expressed
    in this mail are not necessarily the opinion of all Attrition staff members.
    
    Commentary Archive: http://www.attrition.org/security/commentary/
    The Attrition Mirror: http://www.attrition.org/mirror/attrition/
    Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html
    Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html
    Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html
    
    Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html
    Contacting Attrition Staff: staffat_private
    
    To subscribe to Defaced Commentary, send mail to majordomoat_private
    with "subscribe defaced-commentary" in the BODY of the mail (without
    quotes). To unsubscribe, include "unsubscribe defaced-commentary" in
    the BODY of the mail.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Jun 13 2003 - 03:44:21 PDT