Home page logo

isn logo Information Security News mailing list archives

Re: Is Military Hiding Hacks?
From: Jonathan Rickman <jonathan () xcorps net>
Date: Tue, 5 Jun 2001 19:46:22 -0400 (EDT)

Here we go again...

On Mon, 4 Jun 2001, InfoSec News wrote:

Alldas staffers believe that the U.S. military is trying to cover up
defacements of its websites by blocking Alldas' access to the greater
part of the military's network.

I'm sure they are. Why not block Attrition? Attrition provided several
services to alert administrators via email or alpha pager. AFAIK Alldas
does not. I could be wrong as I haven't visited in a while, and am
composing this offline.

Ostergren believes that the sites that are blocking Alldas have set up
filters on their network to block any requests coming in from Alldas'
Internet address.

I'd imagine so...probably at the second tier firewall level.
(please don't ask what that means)

Taltos, a Budapest-based hacker, said that he believes the U.S.
military is operating on the theory that if hackers get no glory from
defacing websites, they will scamper away and hack sites that can be
mirrored in Alldas' archive.

...which might very well be true in many cases.

He also suggests that a bit of national pride may be at work.

"The U.S. military allowed American-defacement-archive Attrition to
mirror defacements of U.S. military sites. But when Attrition
announced it was ceasing to archive defacements, the military must
have decided that they didn't want some foreign site mirroring
defacements of American sites," Taltos said.

Doubt it...see above, and below.

Security consultant Ian Davies, of Britain-based security firm
TechServ said that it was more likely that the U.S. military's
attention was drawn to the defacement mirrors last week when the news
of Attrition's stoppage hit the media.

Nope...I'm sure the gang at Attrition can review their logs and debunk
that theory. The mirror page at Attrition was one of the most frequently
visited sites (by IT folk) when I was on active duty. American military
personell are not totally clueless...despite what many may think. I think
too many people mistake not giving a wet rat's ass (hereafter referred to
as WRA), for lack of knowledge.

I think it's quite likely that someone, some top level person, may
have suddenly become alerted to the existence of defacement mirrors
when all the media ran stories on Attrition last week, checked it out,
discovered that plenty of military sites had been defaced and hung in
the hall of shame, and decided to call a total cease fire on

This is entirely possible...probable even.

Said Marquis Grove at Security News Portal, a security news site: The
problem with this slight-of-hand trick is that someone in the military
is probably going to try to take credit for having greatly reduced the
number of hacked websites and point to the statistics generated over
at Alldas as proof."

Doubt it, they'll be perfectly happy that the "top level person" mentioned
above, who now has Alldas bookmarked, is not aware of the situation and
messing up their day. Secure in this knowledge, they will patch their
boxen...not because they give a WRA, but because they don't want to bother
with pulling out last night's backup again.

Ostergren said he would much rather "see people educate themselves in
computer security than try to deny the fact that they got defaced."

Wouldn't we all...

Ostergren also said that Alldas will definitely continue to mirror
U.S. military site defacements.
Alldas can hide its identity easily by connecting to military sites
through a proxy or anonymous server.
Connections coming through such a server appear to be originating
directly from that server, and will allow Alldas to pass through any
military filters that have been set up to block connections from the
Alldas domain.

Yeah, but let's remember something here. The military is not running an
e-commerce operation. They could give a WRA whether or not anyone can
access most of the sites in question. They're concerned with the top level
servers...not joespc.mechshop.wowthisislame.ergspac.lejeune.usmc.mil

If "Joe Public" can get to www.usmc.mil and www.lejeune.usmc.mil, they're
perfectly happy to block as many anonymous proxies/ppp accounts as
necessary. And if I were involved, I'd do it...not because I give a WRA,
but just to prove a point. Contrary to popular belief, the United States
Military does not issue orders or plan operations via http. It all
takes place through a combination of anonymous ftp and pcANYWHERE chat
sessions...ok, just kidding. Either way, the public's inability to access
a website did not stop them from fighting and winning battles for the last
2+ centuries...and it's not going to now. Beans, Bullets, and
Bandages...that's the basics. I dont recall anyone using the phrase "Perl,
CGI, and MySQL" when referring to a fighting person's essential needs.

By the way...I appreciate the fact that Alldas is willing to put up with
the crap they obviously are taking in an effort to keep their mirror
going and this post should not be taken seriously without the proverbial
"grain of salt". I'll leave it to the reader to decide whether or not it
should be taken seriously at all...

Jonathan Rickman
X Corps Security

ISN is hosted by SecurityFocus.com
To unsubscribe email isn-unsubscribe () SecurityFocus com 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]