[ISN] 'ChineseSpyBoy' claims to have cracked McAfee sites

From: InfoSec News (isn@private)
Date: Wed Dec 15 2004 - 23:01:29 PST


By Joe Barr 
December 15, 2004

Did he or didn't he? A cracker identifying himself as "ChineseSpyBoy"  
has been contacting news organizations -- including NewsForge -- the
past day or so claiming to have broken into McAfee Inc. corporate
servers and providing screen shots as evidence. McAfee says he did not
break into its boxes but that he did compromise a partner's machine.

After receiving news of the alleged break-ins by email, NewsForge
invited "ChineseSpyBoy" into an IRC channel to chat about his exploits
earlier today. The invitation was readily accepted. In that brief
chat, "SpyBoy" told us that his motivation was, first of all, to find
a challenge, and secondarily because of his unhappiness with McAfee's
customer service.

He said that McAfee's customer service was "always speaking online
chats, never getting no direct answers." But the primary purpose seems
to have been to make a bigger name for himself.

When asked if breaking into McAfee's servers was difficult, "SpyBoy"  
told us: "well took alot of command tribulation, a little bit of
deviation and patience ... I was snooping, getting as much info on
their servers as possible for weeks."

He also told us in the IRC chat that "the point was to get in, play a
little get out and then publish it, I am not as destructive as I use
to be."

As evidence, SpyBoy provided us with links to images on another site
which purport to show screen shots captured on McAfee machines. What
each screenshot shows, however, is a screen taken on McAfee partner
Sento.com's site, which matches up with what McAfee had to say.

NewsForge spoke to McAfee corporate PR representative Dana Lengkeek
about the alleged compromise. She insisted that no McAfee machines
were broken into and noted that they were first contacted about the
alleged break-ins yesterday.

No Sento representatives were available to speak with NewsForge prior
to publication.

Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/

This archive was generated by hypermail 2.1.3 : Wed Dec 15 2004 - 23:53:29 PST