Today's ISN Sponsor: Repent Security Incorporated
Hackers hit California ISP Again
A Santa Rosa Internet Service Provider whose computers the FBI
suspects were broken into by two Cloverdale hackers was hacked
again Tuesday afternoon by someone who retitled the page ``The
Hacked NetDex Inc.''
The FBI, which last Thursday confiscated computers of two
Cloverdale teens who are believed to have hacked all the way
from NetDex to the Pentagon, was notified of the latest incident
Tuesday. The bureau said it would be looking into the case.
There was no indication Tuesday of the identity of the latest
hacker.
The Web page at NetDex was replaced Tuesday afternoon by one
with a message that claimed ``Makaveli,'' the name used by one
of the Cloverdale teen-agers, was not responsible for the
break-ins into military computers.
``This page has been hacked by Analyzer,'' said the message.
``It's very, very frustrating,'' said an irate Bill Zane, owner
of NetDex Inc., who said he will have to rebuild his computer
system. ``I'm getting a little frosted. This is no joke. These
hackers have done nothing to be proud of.''
The hacker on Tuesday also claimed to have a list of NetDex's
3,000 customers and their passwords, which he would provide by
e-mail upon request. Zane said only six passwords were stolen,
however, and those customers were notified.
Customers' credit card numbers are kept in separate files and
were not available to the hackers, Zane said.
Zane on Tuesday night was reworking the system to restrict its
use and make it less vulnerable to hackers. He said the services
that were being disabled were not ones that are commonly used by
customers.
George Grotz, spokesman for the FBI's National Computer Crime
Squad in San Francisco, said Tuesday they had just been informed
of the latest incident and would be looking into it.
NetDex was one of at least 800 computer sites, ranging from
foreign governments to U.S. military sites and universities,
that were attacked between Feb. 11 and 25 in one of the largest
hacking cases that has yet come to light.
The homes of two 16-year-old Cloverdale boys suspected in the
hacking were searched Feb. 25 and computers, equipment and logs
confiscated, but the boys, who are juniors at Cloverdale High
School, have not been arrested. Their names are being withheld
because they are minors.
Two other hackers in the United States and one in Israel, an
adult who was reportedly tutoring the two Cloverdale boys on how
to break into defense computers, were also involved in the
earlier case.
In that incident, because of the number of military sites that
were broken into while the United States was preparing for a
possible attack on Iraq, the issue of espionage was raised and
it caught the attention of Attorney General Janet Reno. One
source said even President Clinton was notified.
The sites hacked included the Pentagon, Scott Air Force Base,
the Naval Post Graduate School, Pearl Harbor, the U.S. Marine
Corps, the Naval Undersea Warfare Center, the National Oceanic
and Atmospheric Administration, the National Aeronautics and
Space Administration, government sites in Taiwan and the United
Arab Emirates, and at least a dozen universities and other
computers in the United States, Japan, Sweden and the
Netherlands.
Sources said, however, that it appears the teen-agers were just
breaking into the computers to be able to brag about their
exploits to other hackers.
The investigation involved the FBI, the Air Force, Pentagon and
the Attorney General's office.
News of Tuesday's hacking incident also was posted almost
immediately, with a copy of the bogus NetDex page, on another
Web site frequented by hackers, along with a description of how
the attack occurred.
The first warning that NetDex and the other sites, including the
Pentagon and military sites, were vulnerable to the hacking
program used by the suspected Cloverdale youths was issued four
months ago by the Computer Emergency Response Team, the federal
agency that provides security oversight of the Internet.
Zane said to fix the security problem will take time and money
and require rebuilding his entire computer system.
Until then, Zane said he will be shutting down parts of the
system, restricting some of the services for customers.
-----
(Bob Norberg writes for The Press Democrat in Santa Rosa,
Calif.)
(The Press Democrat Web site is at http://www.pressdemo.com.)
If you wish to receive ISN directly, mail majordomo@sekurity.org with "subscribe isn".
Received on Fri Mar 13 16:59:24 1998