Excellent point...but the delay COULD just be the fact that it is an anarchist group, with the resultant lack of organization (although many of these groups, anarchist or not, are almost as good as the corporations when it comes to PR announcements.) For those that joined this thread late, again, I am not saying these ARE the authors, I am advocating that we use this opportunity as a 'tactical exercise' in a well-known public forum, to show the public what tools are used and some of the procedures for tracking down these incidents. If this is not the correct forum, I expect the relevant authorities (the list moderator/admin) will tell us (and maybe make a suggestion on where would be more appropriate). Also, I don't personally believe this information from Canada is in any way more credible or believable than what came out of Germany, China, Holland, Mauritius and India. Finally, for any lurkers from the press: I don't believe that this is in any way 'cyber-terrorism,' whoever perpetrated 'Code Red,' its variants, or virii like SirCam. I don't believe that the TAO and their sibling organizations are terrorists. I don't believe whoever created Code Red is a terrorist. Terrorism kills people, not networks and computers. Terrorism costs lives and limbs, not money and bandwidth/inconvenience. What goes on in Israel/Palestine, Macedonia/Yugoslavia, Sri Lanka and elsewhere is terrorism. The computer security community is on the job and we do care. We want to make the Internet a safer place for communities and commerce. But to call any of what our opposition does 'terrorism' is to demean the lives and efforts of those who risk their lives combating that FAR more grievous menace. Bruce Schneier has said we in the security industry have lost the battle with the press when it comes to 'hacker' vs. 'cracker.' Let us not allow the press to portray activists, curious children, petty criminals and misguided individuals in the same way they do the animals that kill people with guns and bombs. 'Hacktivism' and electronic civil disobedience are better terms more amenable to the result of the crime. ----- Original Message ----- From: "Mike Lewinski" <mikeat_private> To: <incidentsat_private> Sent: Friday, August 24, 2001 3:09 PM Subject: Re: Code Red - A Possible Origin? > $ telnet tao.ca www > GET /~wrench/bloc/news/07_19_01.html HTTP/1.1 > > HTTP/1.1 200 OK > Date: Fri, 24 Aug 2001 19:47:42 GMT > Server: Apache > Last-Modified: Fri, 20 Jul 2001 01:52:42 GMT > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > The server appears to be located in the Toronto area which I believe > is -0400 GMT. If it hasn't been monkeyed with, the Last-Modified tag > places the document's creation time around 9:50pm local time on the 19th > of July. > > The original Eeye advisory containing details about the worm's > "whitehouse attack mode" was released two days earlier, on the 17th of > July. I'd be a lot more inclined to believe the claim of responsibility > if Apache was giving a 'last-modified' tag earlier than that date. By > the posting date it was already public knowledge. > > Mike > > ----- Original Message ----- > From: "Michal Nazarewicz" <m.nazarewiczat_private> > To: "'Michael J. Cannon'" <mcannonat_private>; > <incidentsat_private> > Sent: Friday, August 24, 2001 1:42 AM > Subject: RE: Code Red - A Possible Origin? > > > > > Tongue VERY firmly in cheek here, gang. Let's not mistake a > > > group's target > > > of opportunity for the real thing. But it's interesting that > > > somone would > > > have the balls to claim responsibility, no matter how indirectly. > > > > ...let's also add that there is a message written in black on black > > background which says: > > > > red worm denial-of-service dos code welcome to http://www.worm.com! > Hacked > > by Chinese - xo ha > > > > > > > > ---------------------------------------------------------------------- > ------ > > This list is provided by the SecurityFocus ARIS analyzer service. > > For more information on this free incident handling, management > > and tracking system please see: http://aris.securityfocus.com > > > > > > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 29 2001 - 08:13:53 PDT