Forwarded From: Sunit Nangia <nangias@cerf.net>
U.S. Information Agency site hacked--again
By Dan Goodin
January 21, 1999, 12:10 p.m. PT
http://www.news.com/News/Item/0,4,31240,00.html
Web operators at the United States Information Agency are scrambling to
rebuild their downed Web site after its security was breached by an
intruder, who appears to be attacking other sites as well.
Computer consultant James McGregor said he expected to have the site
online later today, although some advanced features will not available
until much later. The site has been down since January 13, when an unknown
intruder broke into the system and diverted visitors to a different site.
The break-in was the second in six months for the U.S. Information
Agency, which administers the "Voice of America" radio network and other
foreign news services.
A page at the alternate site read: "Hack by Zyklon. Crystal, I love you,"
and claimed to have breached the security of other high-profile Web sites.
When the federal agency was hacked six months ago, the intruder left the
same message and moniker, and a query on the HotBot search engine
suggested that at least a dozen other sites have been similarly breached.
The USIA maintains one of the busier government Web sites. Foreign
citizens and diplomats all over the world use it to get information about
U.S. affairs, including official speeches and transcripts of hearings.
"We do an enormous amount of updating every day," said McGregor, who added
the work in rebuilding the site was considerable. "Our automated systems
are going to have to be examined and updated." For the time being, he
added, updates are "tortuously manual."
By noon PT, the USIA's site was still down. McGregor said he hoped to have
the site back up later today, but added that features such FTP and Telnet
access would be suspended until security could be shored up.
The intruder, known in the hacker community as a "cracker" because of the
strong-armed tactics used, appears to be the same person who attacked the
USIA's site six months ago, said McGregor. During that episode, the
cracker destroyed much of the data on the Web site and replaced it with
his own. During last week's attack, the individual took a different tack,
tampering with the site's domain name server so that visitors were
redirected to a different, fraudulent server.
Despite the method of the latest instance, however, the USIA lost all its
data as a result of the attack, because operators had to completely
reformat the hard drive to insure no so-called Trojan horse programs had
been left behind.
According to another USIA computer consultant, the hacker appears to have
recently broken into the Web sites maintained by the Toronto Star
newspaper and Bell Atlantic. But other than leaving clues about those
attacks, the intruder left few footprints, the consultant said.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 17:05:35 1999