Forwarded From: Nicholas Charles Brawn <ncb05@uow.edu.au>
05Nov98 UK: WEB SITES LEFT IN A SPIN.
Think your Web site is safe? Think again. It only takes a lucky hacker to
bring it to its knees and start replacing your official publicity material
with obscene or libellous jibes, warns Danny Bradbury
There will always be a downside to any enabling technology and the Web is
no exception. The success of companies with their Web-based ventures is a
regular feature of the IT press. It seems anything can be done with the
medium these days.
Enterprising Net-heads can purchase anything from socks to sex without
leaving their PCs. Nevertheless, companies with Internet-savvy should
temper this ubiquitous marketing power with a healthy level of paranoia,
because things can go wrong. There have been some unfortunate incidents
when organisations' Web sites haven't quite provided the results they
originally hoped for.
In a world that is meant to be rapidly evolving into an information
society, it is disappointing to find that information brokers can't
deliver the goods. US-based online stockbroker Etrade found itself in just
such a situation last November, shortly after the hectic re-adjustment of
the US stock market. For months, the share index had been rising rapidly
and it was only a matter of time before the market took a dive. Sure
enough, on 27 October last year, billions of dollars were wiped off the
Dow Jones index as investors got cold feet.
When the going gets tough, it appears some Web sites don't get going as
well as people would expect. At least that was the view of some Etrade
customers who bought a class action lawsuit against the company a month
later. The clients asked Santa Clara County Superior Court to prevent
Etrade from taking on additional accounts until it was able to guarantee
timely access to the site. The plaintiffs also wanted damages to cover the
money they said they had lost through an inability to execute trades in
time.
Embarrassment
Sometimes, however, Web site disasters stem not so much from an inability
to process the volume of users as from a lack of security. There are a
large number of well-documented Web site hacks that have caused
considerable embarrassment to Web site owners.
Often, security breaches are initiated by individuals or groups with a
political or religious motive. One recent example of a
politically-motivated Web hack targeted the Indian Army's Kashmir Web
site. With India and Pakistan trying to smooth over their difficulties,
the hack couldn't have come at a worse time. The army launched its Kashmir
Web site in September to dispel rumours that the army had been engaged in
human rights abuses in the region. The hackers are said to have
rededicated the site to individuals from Kashmir that they say have been
oppressed by the army. The hack included statistics of alleged murders,
rapes and tortures by Indian troops.
In the UK during the last election, the Labour Party was the victim of a
security breach that enabled mischievous hackers to change the pages on
its Web site. For an organisation with such a reputation for spin
doctoring and keeping its publicity engine running so smoothly, the
results were truly worthy of the term Web site disaster.
Stalwart Labour supporters would have been shocked if they had seen the
site after the hack. Hackers had replaced the pages with their own unique
interpretation of New Labour. Among the new hyperlinks on the main page
were captions including "The Budget Response: More of those lies all
parties feed you close to an election", and "New Information (Same Old
Lies, New Packaging)". The Labour Web site was reported to have been
hacked three times before being closed down for a period.
Hackers form a diverse community, however, and while one hacker group may
see fit to subvert the cause of socialism, others are happy to attack
conservatism.
A few weeks after the celebrated Labour hack, another group managed to get
inside the Tory Web site. After superimposing a picture of the then
Conservative leader John Major onto a swastika background, the hackers
presented the party faithful with their own view of economic and monetary
union among other things.
The less-than-articulate diatribe ran thus: "Now no offence to Germany but
we won the war and now they are taking over control of our country again,
but this time we aren't winning the fight and we are being taken over, not
necessarily just by Germany, but by a whole group of politicians including
ours from many different countries who just want to expand their power."
Although not responsible for the Conservative hack, one particularly
belligerent group of hackers is the H4CKING FOR GIRL13Z co-operative,
which recently hacked the New York Times Web site. The hack was an attempt
to bring recognition to the plight of Kevin Mitnick, an alleged hacker who
has been taken into custody by the US government. The newspaper staff were
not amused to see their carefully crafted prose replaced by pornographic
images in the shape of letters spelling out the H4CKING FOR GIRL13Z name,
above an initial sentence which read: "F1rst off, we have to say ... we
own yer dumb ass".
Infiltration
Football fans will be concerned to hear while hackers take great pleasure
in attacking lofty political targets such as parliamentary parties and
newspapers, they are also apparently happy to engage in a little
cyber-football hooliganism. A group presenting itself as the Cumbrian
Hackers Alliance allegedly infiltrated Arsenal Football Club's site,
displaying a number of reasons why it felt Michael Knighton should be
sacked from Carlisle FC.
It seems no one is safe from the wrath of the Internet hacking community.
The previous examples are just a fraction of hacks purported to have taken
place in the past couple of years. Other victims include the official home
page of Leonardo DiCaprio, where the star's picture was replaced with a
pornographic image, the US Navy and Army, Unicef, and Web sites owned by
the Rolling Stones and Janet Jackson.
Security on many Web sites is evidently not as tight as organisations
would have us believe. Exploits such as this not only serve to create
individual Web site disasters, but also threaten to bring the whole
E-commerce movement to its knees. It's amazing what a few spotty, socially
underdeveloped people can achieve.
COMPUTER WEEKLY 05/11/1998 P42
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Sat Nov 7 13:21:33 1998