|
All Archives /
humbug /
1996-12
|
<<< Date >>> | |
| Permanent Link | ||
|
Date: Mon, 30 Dec 1996 10:42:56 -1000 (GMT)
From: Bruce Collier To: Home Unix Machine - Brisbane Unix Group Message-Id: <199612300047.KAA08691@zerlargal.humbug.org.au> Subject: Fw: Media: "Unamailer delivers Christmas grief" |
No followups recorded. |
|
Someone's been busy this Christmas... > From: Elliott Parker <3 Z L U F U R @ C M U V M . C S V . C M I C H . E D U > To: S P A M - L @ e v a . d c . L S O F T . C O M > Subject: Media: "Unamailer delivers Christmas grief" > Date: Saturday, 28 December 1996 23:26 > > FYI > Crossposted to LSTOWN-L, SPAM-L > Re-posted with permission. > > ---------------------------------------------------------------- > Elliott Parker Bitnet: 3 Z L U F U R @ C M U V M > List Owner, SEASIA-L and CARR-L Internet: e l l i o t t . p a r k e r @ c m i c h . e d u > Department of Journalism Less certain possibilities: > Central Michigan University e p a r k e r @ i g c . a p c . o r g > Mt. Pleasant, MI 48859 USA The WELL: e p a r k e r @ w e l l . c o m > Office tele: +1 517 774 3196 U R L : m a i l t o : 3 z l u f u r @ c m i c h . e d u > > > ====================== Forwarded Message ========================== > Date: Thu, 26 Dec 1996 15:33:49 -0800 (PST) > From: "Brock N. Meeks" <b r o c k @ w e l l . c o m > To: c w d - l @ c y b e r w e r k s . c o m > > CyberWire Dispatch / Copyright (c)1996/ December 26, 1996 / > > Jacking in from the "Spam in the Stocking" Port: > > Unamailer Delivers Christmas Grief > > by Lewis Z. Koch > Special to CyberWire Dispatch > > "johnny xchaotic," also known as the "Unamailer," is back, and > twenty-one individuals -- many of whom are deeply involved in the > Internet ---journalists, the heads of computer companies such as > Mircrosoft, politicians, and religious figures -- received a "denial of > service" Christmas present they wished they didn't have. > > johnny, and possible friends of johnny, effectively halted these > individuals' ability to send and receive E-mail, a denial of service > attack which may take days to restore. > > Among those hit were prominent journalists including magazine columnist > joel snyder, because, in xchaotic's words,"your last article in > 'Internet World' places all the blame of my actions on an innocent > person." Also hit was the magazine's editor Michael Neubarth because of > his failure to "apologize" for what were termed journalistic errors.'' > > Political figures, such as former Presidential candidate Pat Buchanan > and U.S. Senate wannabe David Duke, also were targets. Religious > figures such as Pat Robertson and Billy Graham were subject to e-mail > bombings, as were members of the Church of Scientology and members of > the KKK. > > Mircosoft's Billl Gates, several people from the cable channel MTV also > were among those apparently attacked. Others hit include Carolyn Meinel > who operates a "Happy Hacker" mailing list, the Klu Klux Klan, MTV and > the Nazi party. > > All told, 21 individuals were hit, some, like Gates for the second > time. This is the second time in six months that the work of one or > more individuals has exploited relatively simple vulnerabilities in > Internet e-mail lists. > > The first attack, in August, targeted more than 40 individuals, > including Bill Clinton and Newt Gingrich and brought a torrent of > complaints from the people who found their names sent as subscribers to > some 3,000 E- mail lists. By comparison to the Christmas attack, even > that relatively modest attack sent enough e-mail to the targeted > recipients that it effectively halted their computers' ability to > process the messages. > > This attack is estimated to involve 10,139 listservs groups, 3 times > greater than the one that took place in the summer, also at xchaotic's > instigation. If each mailing list in this attack sent the targeted > individuals just a modest 10 letters to the subscribers' computer those > individuals would receive more than 100,000 messages. If each listing > system sent 100 messages -- and many do -- then the total messages could > tally 1,000,000. > > Once again, johnny xchaotic has offered an "open letter," given to this > reporter before it was scheduled to be posted throughout the Internet, > as a way to explain the reasons behind the attack. He also taunted the > FBI, telling the agency not to "waste tax dollars trying to track me" > because "there are a lot more dangerous people out there you should be > concentrating on." (The complete letter will be released shortly to the > Net by johnny.) > > The open letter, and the information outlining the e-mail blast, were > give to this reporter as the "attack" was concluding. The attack began > the evening of December 24 just before midnight and took four hours, > eight minutes and twenty-nine seconds. > > "They [listserv-based mailing lists] could stop this kind of attack > tomorrow," one source close to johnny said, "if they only took the > simplest of precautions --like authentication." Authentication is a > means by which the listing system, instead of agreeing to the > ''subscription'' and then automatically forwarding tens or hundreds of > letters to the subscriber, would first ask if the person really wanted > to subscribe. This ''verification'' could come as an electronic mail > message to the subscriber asking for confirmation. > > If this process had been in place, someone subject to an E-mail denial > of service attack would only receive one letter from each list-- that > one being the authentication confirmation query -- do you really want > this E-mail -- before sending on 10 or 100 messages. > > "They're either too lazy or too dumb to do that -- so they have to pay a > price," this source said, indicating that the attacks would continue > until the administrators "get it right," indicating that johnny and his > friends want to pressure administrators into authentication. > > In these kinds of instances, individuals who have been hit wind up > quickly canceling their e-mail accounts, thus passing the responsibility > for canceling the "subscription" back to the list administrator. Many > suspect the authentication-confirmation process is viewed by listserv > systems administrators as an inconvenience and confusing to the > subscriber and so, they just avoid it. > > The attack, however, may be a violation of federal law, punishable by up > to five years in prison, or $250,000.00 in fines or both. While there > are techniques for tracing this kind of attack when there is advance > warning, knowledgeable sources say that this kind of attack is very > difficult to trace once the attack has occurred. > > johnny xchaotic has been labeled a 'Net terrorist,' which, according to > some, debases the meaning of the word "terrorism." No one knows who > johnny is. He was misidentified earlier by Internet Underground > magazine as a well known hacker who calls himself "se7en." This > identification proved false. > > One person close to "johnny xchaotic" said the FBI and Secret Service > had been contacted about the illegality of this kind of hack but said > they had no interest in this kind of "Net" attack. "We have bigger fish > to fry," was the response from law enforcement officials, according to > this person. This attitude was confirmed by a former federal prosecutor > who said the few federal investigators who understood computers and the > Internet were stretched thin in their attempts to apprehend serious > cyber-criminals, or to pursue high profile but relatively unimportant > cases against hackers such as Kevin Mitnick. There has been a tendency > on the part of law enforcement and the media to grossly overestimate the > monetary damage caused by hackers. > > "johnny" and those close to him made it clear that there would be a > continuation of these kinds of email "denial of service" attacks. > > These same sources say those few Federal investigators with the Secret > Service and the FBI who are computer literate and savvy about hacking > are stretched thin in attempts to solve serious multimillion dollar > computer crimes, the vast majority of which are committed by insiders > against the companies they work for. > > It is far easier, these sources say, to track down, arrest and jail > 16-year-old hackers who brag about their exploits to friends and fellow > hackers than to track down a true professional computer cracker on > assignment from one company to search and steal the files of a > competitor company. While it may take up to three years to investigate > and prosecute one important computer thievery case, teenage hackers can > be arrested every few months, thus improving the "stats" by which the > FBI and other agencies make their mark and their budgets. > > This repeated E-mail denial of service attack will be sure to reignite > the debate about the "moral" issues surrounding hackers and hacking. > What may be ignored -- again --is the failure to rectify the problem > after the first attack back in August. Immediately following the first > E-mail bombing attack, the Computer Emergency Response Team (CERT) was > quick to tell the media that while they had no "solution," they had > "hopes" they would be able to "limit the impact" of these kinds of > attacks. Today's three-fold attack showed that a six month period of > study "hoping to limit the impact" has been futile. > > Vital communications do not appear to have been slowed down. The attack > is a major "inconvenience" to be sure. Others argue that "complacency" > is the only true victim of this attack. > > The temporary inconvenience caused by a few days loss of E-mail > privileges might seem to pale in significance with those who were killed > and maimed by the terrorists' bombing of the Federal Building, in > Oklahoma City, or at the World Trade Center in New York, or in Atlanta > at the 96 Olympics, or those who opened packages from the Unibomber and > were killed. > > Prominent government officials like U.S. Deputy Attorney General Jamie > Gorelick have called for the development of the equivalent of a > "Manhattan project" to stop hackers, though the specifics of what kind > of "bomb" Gorelick would develop and on whom she would drop "the bomb" > are vague. > > Unsafe at Any Modem Speed > > On December 16, a computer attack against WebCom knocked out more than > 3,000 Web sites for 40 hours, curtailing Website shopping. The attack > --a "SYN-flood" -- sent as many as 200 messages a second against the > WebCom host computer. This was the same kind of attack that brought down > the popular New York Internet provider Panix for more than a week in > September. > > While Seattle computer security consultant Joel McNamara is sympathetic > toward WebCom's users problems, he allows less leeway to the company. > "The SYN-flood denial of service attack has been known for months, and > there are a variety of solutions for addressing it," McNamara said, "I d > be curious as to what, if any, security measures WebCom, a large > provider, had in place to deal with a well-known SYN-flood attack. If I > couldn't conduct business for 40 hours, I'd have some serious questions > to ask." > > McNamara believes a great deal of the responsibility for the success of > these kinds of known attacks rests on the shoulders of managers and > systems administrators who do not fully "understand the implications of > poor security practices. While the industry hasn't seen this happen > yet, it's just a matter of time before a customer files a lawsuit > against a service provider because of damages caused by ineffective > security," he predicts. > > FBI agents have been undergoing some education in computer related > crimes, but sources say the educated ones are few in number and burdened > by too many cases. On the other hand, the FBI has singled out small but > prominent hackers for arrest and prosecution, hoping the jailing of > these individuals who are well-known to the Net would be a deterrent to > other younger people considering hacking. The recent adolescent-like > hacking of the Department of Justice Web site seems to indicate that > hackers aren't all that deterred. > > There are other indications that Web page hacks are going to become more > political, and perhaps even more dangerous than in the past. The recent > hack of the Kriegsman Furs company Web page by animal rights activists > indicates one new, sophisticated path. In this attack, the hackers left > a manifesto, as well as links to animals rights sites throughout the > Web. How easy was it to do? "Security for the site was extremely weak," > says McNamara, "The commonly known PHF exploit was likely used to > retrieve a system file, which contained a series of easy to crack > passwords." Presto, chango. Pro-fur into anti-fur. > > "It's too easy to pass the blame off on hackers," McNamara says. Like > the keys in the car or in the front door, "maintaining an insecure site > is just an invitation to problems." Those who were responsible for > today's denial of service attack were careful to repeatedly point out to > this reporter how "unsophisticated" their attack was and how easily it > could have been avoided if the list managers had only taken minimal > precautions. "It's kind of like buying new locks and getting an alarm > system after everything in the house is stolen. Sure it will probably > prevent it from happening again, but if you took the precautions in the > first place, the damn thing wouldn't have occurred," he concludes. > > -------------------- > > Lew Koch can be reached at: l z k o c h @ m c s . n e t Food for thought, -David |
|