From: anonymous <anon@juno.com>
http://www.nytimes.com/library/tech/99/01/biztech/articles/21hack.html
January 21, 1999
U.S.I.A. Says Invader Killed Web Site and Damaged Computer
By DAVID STOUT
WASHINGTON -- An outsider breached the Internet security of the United
States Information Agency a week ago, knocking its Web site out of action
and forcing the agency to re-evaluate its computer protection, an official
of the agency said today.
The Web site was invaded at about 9 P.M. on Jan. 13 by someone who
diverted users to other locations and then dismantled the site, according
to James McGregor, a computer expert for the agency. McGregor said the
site might function again by Thursday.
He said the sabotage, the second such incident in six months, had caused
"a constant stream of phone calls."
The agency oversees educational and cultural-exchange programs, including
the Voice of America radio network and the Fulbright scholarships.
American diplomats abroad and foreign diplomats constantly use the Web
location for statements on American policy or texts of official speeches
not covered by news organizations, McGregor said.
The new invasion of the site, created in 1994, is far more serious than
the first, McGregor said. The Federal Bureau of Investigation is working
on the case, and anyone caught could face serious criminal charges, he
added.
McGregor said there were similarities between the two break-ins. The
first crippled the site for several days.
In each attack the invader left the message, "Crystal, I love you," and
the signature "Zyklon," McGregor said. Zyklon-B was the poison gas widely
used in Nazi extermination camps.
The styles of sabotage, however, were different in the two cases. In the
first the hacker inserted his page into the site and then destroyed some
of the agency's electronic documents.
Computer experts at the agency said they thought that they had repaired
the damage, but the saboteur had planted a "Trojan horse" that repeated
the destruction hours later, McGregor said.
The new assault resulted in basic hardware damage and the destruction of
the site, McGregor said. The invader's message was also accompanied by a
strange scrawl. "Before, he was just into text," McGregor said. "Now he's
into bad graphics."
Since news of the new invasion began circulating in computer circles, the
agency has heard from people who call themselves hackers but disassociate
themselves from the tactics of the taunters, McGregor said. People who
consider themselves hackers affect a Robin Hood-like code of honor and
describe more malicious saboteurs as "crackers," McGregor said, adding
that the distinction is irrelevant to him.
The invasion occurs as the information agency is about to pass from the
scene. The independent agency will become part of the State Department on
Oct. 1.
McGregor said the damage from the break-ins could not be easily estimated.
More significant than dollars, he said, has been the time spent by
employees and outside contractors to make repairs.
McGregor said a more permanent cost would be tighter security at the Web
site. Users will not notice, he said, but employees will see changes as
they have to go through additional elaborate steps to place items on the
site.
"We simply can't have this happening every six months," McGregor said.
"People rely on us."
___________________________________________________________________
You don't need to buy Internet access to use free Internet e-mail.
Get completely free e-mail from Juno at http://www.juno.com/getjuno.html
or call Juno at (800) 654-JUNO [654-5866]
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 17:07:50 1999