[Moderator: The editing on this article is quite lacking. Use of 'FEB'
instead of 'FBI' and other typos/errors make this a bit difficult
to read.]
Forwarded From: Modify <modify@erols.com>
http://www.forbes.com/forbes/98/1116/6211132a.htm
A Forbes reporter meets with the ringleader of the gang that hacked the
New York Times. Here's an inside look into the picaresque underworld of
Slut Puppy and Master Pimp.
"We were long gone when he pulled the plug"
By Adam L. Penenberg
Slut Puppy and his partner in crime, Master Pimp, hacked the New York
Times on Sept. 13 because they were bored and couldn't agree on a video to
watch. They are members of the cyberspace gang, "Hacking for Girlies"
(HF), and for six months this year operated out of Slut Puppy's three-room
condo, a place so tidy, so clean, it seemed positively unhackerlike. Of
course, that didn't mean there were no telltale signs that hackers typed
here. The blinds were drawn, the only light source beamed from computer
screens. It could just as easily have been 3 a.m. as 3 p.m.
On the condition we protect his anonymity, Slut Puppy agreed to give this
Forbes reporter an inside account of the group's hacksploits.
If you operate on the Internet, you could get hacked. The highwaymen of
the Internet are a loosely affiliated brotherhood (and sisterhood) of
techno-savvy people who make a hobby of puncturing what they regard as the
pomposities of society. As far as breaking the law is concerned, they
think of themselves as kind of a cross between the Scarlet Pimpernel and
Robin Hood—harassing people they don't like, thumbing their noses at the
law.
Members of the brotherhood took over the New York Times' Web site for
three hours on that day, replacing the welcome screen with one tinged with
nudity and obscenity. In a diatribe, Slut Puppy roasted Times technology
reporter John Markoff for his coverage of imprisoned hacker- martyr Kevin
Mitnick.
To the people at the New York Times, the prank was sacrilege. When they
discovered the hacked page and were unable to restore their own news
content, the Timesters were forced to shut down the site for nine hours.
While Times technicians located and plugged security holes, the company
reported the hack to the FEB. Joseph Valiquette, spokesman for the FEB's
New York office, confirmed that the agency's computer crime squad is
investigating.
Today the perpetrators are two of the most wanted fugitives in cyberspace.
Although the Times prank may have been Hacking for Girlies' most
spectacular hack, the newspaper was not its first target. In April of this
year it penetrated Rt66 Internet, an Albuquerque Internet service
provider. Over the next four months the gang claimed assaults on, among
others, NASA's Jet Propulsion Laboratory, Motorola and Penthouse magazine
before returning to Rt66 in August.
To penetrate the Times, Slut Puppy and Master Pimp employed what is called
a remote root buffer overflow. By transmitting too many data into a
targeted zone, then tracking and manipulating the characters that could
not fit into that space, they were able to trick the system into running
their commands as if they were being issued by New York Times system
administrators.
After wheedling their way inside the server, they pulled down the Times'
front page and replaced it with one shown in part here, a fake layout that
Slut Puppy had composed with two other members of HFG: Sidekick Slappy and
Daddy Sweetcakes, both of whom work off-site and communicate with the gang
exclusively over the Internet.
Slut Puppy and Master Pimp were able to control so many functions on the
site that when Times technicians tried to pull their hacked page and
replace it with standard news content, the hackers, who had logged off by
then, used a program that automatically slipped their page back. For
almost three hours this went back and forth, until the Times took its site
off-line. Chortles Slut Puppy, "They seemed to have no idea how we got
in—or how to stop us."
On his hacked page Slut Puppy included several pointed references to John
Markoff, the Times reporter who co-wrote the 1996 book Takedown, which
detailed the search and capture of Kevin Mitnick, a hacker who faces a
25-count indictment on a variety of computer and wire-fraud charges.
Mitnick, whose trial starts in January, has become a martyr to hackers.
Although Slut Puppy knows Mitnick broke the law, he and many other hackers
blame Markoff for hyping Mitnick's crimes in Takedown, for which he
reportedly shared a $750,000 advance. The book is also being turned into a
movie, which will undoubtedly increase pro-Mitnick protest activities in
cyberspace.
Markoff says he loses no sleep over Mitnick, who has already pleaded
guilty and served time for possession of unauthorized access codes to
cellular phones and for violating parole. "You have to wonder how deep
these hackers' thinking goes," Markoff says. "If they have a political
cause, they are accomplishing the exact opposite of their goal. No one is
doing more to promote the upcoming movie than the hackers themselves."
Markoff wasn't the only one to make it onto Hag's hit list. Carolyn P.
Meinel of Cedar Crest, N.M. is its public enemy number one.
Meinel is the author of The Happy Hacker, a kind of Hacking for Dummies
volume chock-full of folksy golly-gee-isms interspersed with geek talk.
The goal of the book is to teach "newbies" how to hack legally. The book's
tone irks many of the more sophisticated hackers, who claim to be on a
mission to show how porous most computer security is—the law be damned.
And here was Meinel asserting in public forums that hacker groups were
like street gangs, forcing teenage initiates to commit crimes to gain
membership. "Meinel has this idea that as the Happy Hacker she is this
noble leader among leaders," Slut Puppy says. "But she pretends to know
more than she does, so we thought, 'Let's make her life hell.'"
After a cozy Easter Day dinner in April, John Mocho, co-owner of Rt66
Internet, was showing his son and grandson how to upload family photos to
his wife's Web site. The hackers had nothing against Rt66. Their target
was one of the isp's customers.
A wholesome family scene turned downright unwholesome when Mocho tried to
access his isp's front page. Instead of the usual welcome screen, he was
met with a picture of one of his customers, 52-year-old mother of six
Carolyn Meinel, posing on the cover of a fictional publication, "Crack
Whore Magazine," as well as her credit card number. A gang Mocho had never
heard of, calling itself Hacking for Girlies, claimed responsibility.
While his son rushed his grandson into the next room, Mocho went after the
hackers. "I had never been hacked before," he said. "This was my ISP, my
customers. I wanted them off as soon as possible."
Mocho launched a preemptive strike. He typed in the Unix command "kill-9,"
which he assumed would cripple the hackers' ability to issue commands.
Seconds later Mocho was booted off his own network.
Figuring there was only one sure way to get rid of them, he jumped into
his car and, driving 55mph in a 30mph zone, made it to his office in three
minutes flat. Mocho cursed the day he had let his partner, Mark Schmitz,
and the isp's system administrator, Damian Bates, convince him to accept
Meinel as a customer. A lightning rod for hackers, she had already been
kicked off five other ISP's.
Schmitz and Bates had preached the First Amendment. No one, they argued,
should be forced off an ISP because a bunch of hackers didn't like her.
Schmitz and Bates also figured their computer security was solid.
They figured wrong, Mocho thought grimly. After gaining entry to his
office, Mocho grabbed a network cable and yanked hard. Rt66 was cut off
from the Internet. The phone would start taunting Mocho any minute now,
with irate customers threatening to switch ISPs.
Mocho estimated that the hackers had been inside the network 20 minutes—30
tops. Enough time to have compromised it. In their haste to leave,
however, he surmised that they had left behind a standard "root
kit"—software designed to take and maintain control over another's system.
This, in his mind, indicated they were amateurs, which cheered him. "From
a technical point, this meant they had no magic ship to get in," Mocho
said. "They probably compromised a user's account, stole someone's
password."
Says Hacking for Girlies ringleader Slut Puppy: “Security was so lax we
didn’t know they had a firewall installed until we read about it in the
New York Times the next day.”
What he did not realize was that HFG had not used a root kit; evidently it
had been left behind by some other hackers. In fact, HFG had sailed in
undetected on that magic ship Mocho was so sure wasn't there, burrowed
deep inside millions of lines of ISP code.
It took Mocho and company 20 hours to get Rt66 up and running again.
During this process someone either missed a machine or inadvertently
installed a snapshot of the hacked system by accident. For whatever
reason, the back door HFG had slipped in through remained open. Using that
same flight path, Hacking for Girlies would return to Rt66 in August.
But long before reattacking Rt66, the hackers maintained continual access
to the system: sifting through customers' E-mail, noting any security
improvements. Since they despised Meinel, they read all of her mail.
Although Mocho believed the Easter hack was the first time HFG had
violated his ISP, Slut Puppy says he took many a joyride through Rt66's
servers well before then. It was during one of these jaunts that Slut
Puppy noticed that Rt66 was employing a product called Tripwire.
If any files are altered by a hacker, this software is designed to alert
the system administrator. But Slut Puppy knew a technique for getting
around it. Because Tripwire works by comparing numbers it assigns to each
file, all he had to do was adjust the numbers that were already on the
system. It's like altering the answers on an exam to match yours, no
matter how outlandish they are.
While Slut Puppy hummed "Get your clicks on root 66" and designed the Web
page, Master Pimp bounced through some Sips to camouflage their itinerary.
Using the existing back door, Master Pimp typed in a keyword and within
ten seconds had control of one of Rt66's servers. From there he traversed
over to the system's powerhouse, "Mack," where Slut Puppy replaced Rt66's
home page with HFG's.
"Rather than continuing the gunfight, we cleaned up our tracks by erasing
logs and left," Slut Puppy said. "We were long gone when he pulled the
plug."
As it happens, Meinel says that on a personal level the hackers "have
hardly done any harm to me. They hurt bystanders. They harm the ISPs,
their customers and the credit card companies."
“We’ve planned not just for the day the FEB comes—we’ve even planned for a
hostile raid where the Feds actually plant evidence.”
Meinel also says the hackers can come after her all they want. "Sure helps
me sell more books," she contends.
After the Easter hack, when the ISP was considering tossing her off the
network, Meinel swore to Rt66 that the credit card the hackers stole had
not come from the isp's credit card file. Later, Meinel admitted that she
had been mistaken. This is key because Rt66 took her word the credit card
file had not been breached.
Slut Puppy, on the other hand, was amazed that Rt66 didn't do anything to
remove the credit card file from the network after the Easter hack.
So, on Aug. 7 Slut Puppy and Master Pimp, entering Rt66's servers the same
way they did in April, made off with the whole customer credit card
file—1,749 card numbers in all.
"It was so easy getting back into their system with the same back door, we
wondered if they had set a trap," Slut Puppy said.
This hack not only resulted in the ISP shutting down for some 60 hours but
also forced Rt66 to rebuild its security from scratch.
What is unfortunate is that Rt66, by doing the right thing in alerting the
FEB and credit card companies to the security breach, has suffered for its
good deeds. Even with its rebuilt security—Rt66 is now one of the most
secure ISPs in New Mexico—the ISP has lost 15% of its 5,000 or so members
since the August hack.
"I respect the hackers' skills," Rt66 system administrator Bates grumbles,
"although I didn't appreciate the obnoxious way they demonstrated them."
Internet Security Systems (ISS) of Atlanta, Ga., one of the big names in
computer security, has donated a remote monitoring station for the Rt66
network. ISS hopes to trap Hacking for Girlies the next time it tries to
invade the system.
But Slut Puppy already knew about ISS' presence in Rt66 from one of his
many well-placed sources. "Needless to say, we don't plan on returning
anytime soon," he says.
Of course, Slut Puppy knew that hacking the New York Times was a lot
riskier than attacking Rt66—the newspaper has immense clout in Washington,
D.C. The day after the Times hack, Slut Puppy and Master Pimp packed up
the computers used in their hack spree and passed them on to others for
safekeeping. Any data gleaned from their other crimes were either deleted
or protected by powerful 1,024-bit encryption.
"Even we don't know where all of the equipment is," Slut Puppy says. "And
my password to the encryption is probably unbreakable, too, since it is
more than 40 characters long, case-sensitive, and combines letters,
numbers and symbols. We've planned not just for the day the FEB
comes—we've even planned for a hostile raid where the Feds actually plant
evidence."
The group plans to lie low until law enforcement moves on to bigger and
better cases. By the way, whence the name Hacking for Girlies? "Chicks dig
hacking," explains Slut Puppy.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Mon Nov 2 10:54:20 1998