[ISN] Fark founder accuses Fox newsman of hacking

From: InfoSec News (alerts@private)
Date: Sun Aug 19 2007 - 22:40:01 PDT


http://valleywag.com/tech/exclusive/fark-founder-accuses-fox-newsman-of-hacking-290286.php

By Owen Thomas 
valleywag.com
August 17, 2007

Local TV reporters are infamous for practicing "ambush" journalism -- 
but as they try to take their gotcha practices to the Web, increasingly 
they're the ones ambushed. The first rule of hacking, after all, is 
"Don't get caught." And Fox newsman Darrell Phillipsmay have broken that 
rule, says Drew Curtis. Curtis, left, is the founder of Fark.com, a 
thoroughly juvenile, and entertaining, social news site where users pick 
the headlines. Phillips, to his right, is the new media manager at WHBQ 
Fox13, a News Corp.-owned TV station in Memphis, Tenn. And Curtis claims 
to have assembled all-but-conclusive electronic evidence that Phillips 
has tried to hack into Fark's servers, potentially breaking several 
laws.

Curtis believes that Phillips, or someone working with Phillips, sent 
him and several other Fark employees deceptive emails in an attempt to 
get them to download a trojan, a form of computer virus. The Trojan was 
designed to capture their passwords and give the author access to Fark's 
servers. In one case, it succeeded, giving a hacker passwords to a file 
server and one Fark employee's email account; he tried, but failed, to 
break into Fark's Web servers and email. Unfortunately for the hacker, 
Fark was able to trace his attempts to break into their system back to a 
machine in Memphis connected to a Comcast high-speed Internet 
connection.

At the same time, Phillips, already a Fark member, logged into several 
other user accounts on Fark -- either ones he'd created or ones to which 
he'd somehow gotten access. Phillips also purchased, using PayPal, a 
paid subscription to TotalFark, a premium Fark service. The accounts all 
used the same IP addresses as the hacker. Busted. Curtis says he's "99 
percent sure" it's Phillips -- and is now attempting to pursue legal 
action, seeking detailed data from Comcast, to remove his doubts.

What does this mean? Curtis is unsure of Phllips's potential motives -- 
assuming Phillips is, indeed, the hacker. Phillips may have had 
accomplices, after all -- or his own accounts may have been compromised, 
which would be embarrassing enough for the reporter, who's apparently 
somewhat Internet-savvy.

But consider this: Phillips's station has launched a news aggregator, 
OnMemphis.com. The hacker appears to have been hunting for source code 
and trying to log into Fark's Web-based moderation tools. A look at 
either would be helpful to someone designing a social-news website.

Phillips might claim he was researching a story on the security of 
social news sites. If so, the fact that Fark employees so readily 
detected the intrusion and shut it down doesn't leave him with much of a 
tale to tell. But certainly, for a newsman, this would at least be a 
plausible cover story.

And one last motivation that should be mentioned, in the service of 
conspiracy theorists everywhere: Could Phillips have been working on 
behalf of higher-ups at News Corp.? It's a well-established fact that 
Fox News producers are fans of the thoroughly puerile headlines featured 
on Fark -- so much so that a newspaper reporter caught one red-handed 
using the site as a source for story ideas. That episode, in turn, got 
some News Corp. executives interested in Fark, for whom the site might 
be a logical acquisition. If so, the assault on Fark's servers could, 
just possibly, be a spectacularly hamhanded form of due diligence. It's 
unlikely veering on unbelievable, but when we're talking about someone 
who works for Rupert Murdoch, it would be foolish to rule it out 
altogether.


____________________________________
Attend HITBSecConf2007 - Malaysia 
Taking place September 3-6 2007 featuring seven tracks of technical 
training and a dual-track security conference with keynote speakers 
Lance Spitzner and Mikko Hypponen!  -  Book your seats today! 
http://conference.hitb.org/hitbsecconf2007kl/



This archive was generated by hypermail 2.1.3 : Sun Aug 19 2007 - 22:49:37 PDT