Forwarded From: Aleph One <aleph1@nationwide.net>
http://www.news.com/News/Item/0,4,22267,00.html?st.ne.ni.lh
ACLU suffers hack on AOL
By Jim Hu
Staff Writer, CNET NEWS.COM
May 18, 1998, 6:25 p.m. PT
When America Online users wanted to check up on the latest
information from the American Civil Liberties Union (ACLU) today,
they were greeted with a simple message: "HEY DID ENDO HACK ME?"
While previous attacks on AOL content pages often have left the
graphics intact or changed just the text on the sites' title bar,
today's attack wiped out all images and reduced the page to text
proclaiming: YES HE DID!
AOL has since taken down the site, and will not permit access to users
that type in "ACLU" as a keyword until the site is cleaned up, an AOL
spokeswoman said.
Neither the ACLU nor AOL believe the hack was politically motivated.
Instead, ACLU spokeswoman Emily Whitfield said the attack was more a
"mischief hack" than someone expressing antipathy toward the
organization..
"We will be looking into security measures in our AOL site and online
site, and checking with our service providers to make sure they're
doing everything possible to prevent security breaches," said
Whitfield.
According to industry newsletter AOL Watch, the ACLU today became
the latest in a list of AOL sites that have been tampered with,
including the New York Times, Business Week, and Reebok,
among others. Many times, these hacks resulted in vulgarized text
changes or the notification of the hacker's success.
Nonetheless, AOL said the incident was the result of a password
compromise, which the company cites as the most common cause of hacks
in its proprietary service. AOL explained that passwords can be
harnessed by means of a so-called Trojan horse file. Trojan horses are
files that are delivered to users via attachments that "masquerade" as
help files, screen savers, and the like. When a user opens the
attachment, it records the user's keystroke patterns and can record
the user's password. Once the password is successfully recorded, it is
sent back to the hacker, and the outgoing message is deleted from the
victim's email out-box.
And how does AOL advise its members to be less susceptible to Trojan
horses? "You shouldn't be downloading files from strangers," said
Tatiana Gau, who oversees AOL members' security.
In the case of today's ACLU hack, AOL has not confirmed the presence
of a Trojan horse, but it is expected to undergo an investigation to
determine the cause of the password compromise. If a Trojan horse is
detected, AOL plans to refer the matter to law enforcement.
Though the ACLU first began its online efforts on AOL's proprietary
service, the organization does not seem to be overly anxious about the
incident, since its Web sites outside the AOL network are running
smoothly.
"In respect to the Trojan horse, it's pretty much safe to say that
Troy has not fallen today," said Whitfield.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue May 19 18:03:07 1998