FC: More on "anti-terrorist" hackers targeting innocent sites

From: Declan McCullagh (declanat_private)
Date: Wed Oct 24 2001 - 08:18:58 PDT

  • Next message: Declan McCullagh: "FC: RIAA claims it never wanted to hack PCs, was misunderstood"

    Previous message:
    
    "'Anti-terrorist' hackers reportedly target attrition.org mirror"
    http://www.politechbot.com/p-02700.html
    
    *********
    
    From: "Essenberg, Ivo" <ivo.essenbergat_private>
    To: "'declanat_private'" <declanat_private>
    Subject: RE: "Anti-terrorist" hackers reportedly target attrition.org mirr
    	or
    Date: Wed, 24 Oct 2001 10:25:58 +0200
    
    Declan,
    
    You might be interested in the attack on Security News Portal at:
    
    	http://www.securitynewsportal.com/
    
    also supposedly committed by Kimble's group.
    
    Cheerio,
    
    Ivo
    
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Ivo Essenberg <mailto:ivo.essenbergat_private>
    Strategy and Policy Unit
    International Telecommunication Union <http://www.itu.int>
    Place des Nations, 1211 Geneva, Switzerland
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    *********
    
    Date: Wed, 24 Oct 2001 10:46:58 -0400
    Content-Type: text/plain; charset=us-ascii
    From: " Scullyat_private" <Scullyat_private>
    To: security curmudgeon  <jerichoat_private>
    CC: <declanat_private>
    Subject: YIHAT and Kimble
    
    Jericho and Declan,
    
    In reference to:
    
    http://www.attrition.org/news/content/01-10-22.001.html
    Kimble & YIHAT Morons Threaten Attrition
    
    I recall a few weeks back a defacer had done some defacing in the name of 
    YIHAT and Kimble came out with this big statement about how they weren't 
    about defacing.  Their mission was on the index of http://www.kill.net/, 
    which now appears to be voluntarily taken down.  But I remember very 
    clearly it stated that Kimble and YIHAT did not encourage defacing.
    
    Yesterday, I posted an item on Cipherwar about a SecurityNewsPortal article 
    that fabricated a quote and presented it in a light that suggested I, or a 
    colleague, said it.  Today, I received an email directing me to 
    http://www.securitynewsportal.com where I find a statement by its editor 
    explaining why they are shutting down the site.  The catalyst for the shut 
    down appears to be their defacement done by Kimble.
    
    "I have attached a copy of the defacement that replaced our web pages 
    below.  Although it claims to have been done by Kimble, I would ask that 
    you take that with a grain of salt... "
          -Marq of securitynewsportal.com
    
    I just thought it was rather entertaining.  If Kimble did indeed do the 
    defacement, it "suggests" that he is a hypocrite and a liar.
    
    Below is the entire statement on Kimble's YIHAT website at 
    http://www.kill.net/:
    
    ------------------
    First Phase of Mission Completed - YIHAT Terminates All Public Activities
    
    Munich, October 20, 2001
    
    YIHAT, founded to acquire and coordinate a team of hackers with the goal of 
    eliminating the electronic foundations of terroristic activities worldwide, 
    has successfully completed the first phase of its mission: The team has 
    reached the projected strength and has gathered a sufficient amount of 
    information to launch the second phase of the YIHAT operation, which is to 
    monitor, infiltrate and take control of the information infrastructure used 
    by or supporting terrorists. Therefore, the public web site, www.kill.net, 
    is no longer needed and has been closed down effective immediately in order 
    to prevent the dissemination of confidential information to those who are 
    not part of the core YIHAT team, and to take away motivation from those who 
    - for good reason! - did not become part of the core YIHAT team from 
    continuing to play around, e.g. defacing completely unrelated web sites.
    
    The decision to take kill.net offline completely is also based on the fact 
    that the additional administrative effort (mainly caused by DDoS attacks) 
    has led to an inacceptable situation. YIHAT moves to the underground.
    
    All communication between the core team members has been switched over to a 
    new, confidential forum.
    
    Kim "Kimble" Schmitz
    Founder - Young Intelligent Hackers Against Terror
    ------------------
    
    
    And the "mirror" of the Kimble defacement at http://www.securitynewsportal.com:
    
    
    ------------------
    hacked by Kimble of YIHAT
    
    Hello, world!
    
    SECURITYNEWSPORTAL is temporarily down. We'd like to take this time to talk 
    to you about some things.
    
    There exists a cancer in the security community right now, and that cancer 
    exists in individuals and groups who could be classified as scenewhores. 
    These parties attempt to profit off the security community, without 
    actually being a part of it.
    
    For instance, SECURITYNEWSPORTAL.COM. This site was 
    hacked/cracked/rooted/whatever with the ssh1/crc32 exploit. Sure, SNP 
    staff, call us scriptkids. We won't argue that. But, what does it make you? 
    Your server has been vulnerable to a bug that has been known of since 
    February. You've built a popular "security" site (although, the truth is 
    its complete garbage, but the masses don't realize that, hopefully they 
    will start to now). Maybe if this weren't a "security" site, they would 
    have an excuse for this compromise, but lets be realistic -- there is no 
    reason for anything "security" related to be compromised by an eight-month 
    old bug. And, especially after all the current discussion about the bug in 
    "security" forums.
    
    SECURITYNEWSPORTAL.COM makes money off their website. They encourage the 
    actions of scriptkids. They encourage defacements. Why shouldn't they? They 
    make money off their actions. SECURITYNEWSPORTAL.COM is more about 
    insecurity than security; their business prospers. We are looking forward 
    to hearing them bitch about this incident. Hypocrites.
    
    Why do companies choose to advertise with an organization like 
    SECURITYNEWSPORTAL.COM? Advertising with them supports them, why do you 
    support them? Are you aware of what you're supporting? The people who run 
    SNP are _NOT_ hackers, they do _NOT_ possess any knowledge pertinant to 
    computer security; why is your money with them? Why don't you donate to 
    organizations that do _REAL_ security research? Why not invest your money 
    somewhere better?
    
    The era of security scenewhores is about to end. Well, not all scenewhores, 
    just the ones who attempt to exploit the security scene for their own 
    personal profit. SNP staff -- instead of trying to refute the claims 
    against you, why don't you spend some time learning computer security? 
    That'd be the intelligent thing to do. You probably want to get your 
    capitalist machine up and running again though, don't you?
    
    Everyone, please think of what we have said here. To the public, please 
    take the time and ponder how "security minded" the staff of 
    SECURITYNEWSPORTAL.COM are. Remember, this site was comprimised by an 
    eight-month old bug. Sure, they'll bitch and moan about being the victim of 
    some scriptkid, but what are they really saying? "We're too lame to 
    understand the security advisories we mirror", or "We don't have the time 
    to maintain security on this machine; all our time is invested in running 
    this magnificent website", or even try to claim that it was a different 
    vulnerability? To all who are advertising here, can you _PLEASE_ at least 
    consider what you are supporting? You aren't supporting the security 
    industry, the traffic you recieve back is from a "kiddie" population 
    (anyone who frequents this site and thinks its worthwhile is either 
    entirely ignorant of security matters, or a kiddie of some sort). It 
    shouldn't be too hard to find more profitable and worthwhile ventures.
    
    Incidently, if you're a real hacker, and looking to do some good for the 
    world, please come to irc.booze.de/#yihat and speak with us. We're always 
    looking to recruit new talent for our organization.
    
    Sincerely,
    
    Kim Schmitz (aka Kimble)
    YIHAT Founder / Chief Hacking Officer
    www.kill.net + www.kimble.org
    +49 89 523520
    
    <Kimble> to all the flamers, yihat will have thousands of members in a few 
    month, be carefull! critics are ok, insults NOT!
    --------------------
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Wed Oct 24 2001 - 08:27:47 PDT