Home page logo

isn logo Information Security News mailing list archives

Re: Is Military Hiding Hacks?
From: "B.K. DeLong" <bkdelong () pobox com>
Date: Wed, 06 Jun 2001 10:57:38 -0400

At 07:46 PM 06/05/2001 -0400, Jonathan Rickman wrote:

I'm sure they are. Why not block Attrition? Attrition provided several
services to alert administrators via email or alpha pager. AFAIK Alldas
does not. I could be wrong as I haven't visited in a while, and am
composing this offline.

Not only that, but Attrition never did full nmaps of every mirror they took and post the full information up for anyone to see (and exploit). The only nmapping we did was of a few common ports and the only information we ever stored was OS fingerprinting. Of course the Army and other Defense Department groups would block Alldas - they're performing an intrusive scan each time they take a mirror and then leaving up resulting data for any kiddie to use.

> Taltos, a Budapest-based hacker, said that he believes the U.S.
> military is operating on the theory that if hackers get no glory from
> defacing websites, they will scamper away and hack sites that can be
> mirrored in Alldas' archive.

...which might very well be true in many cases.

I'm MIGHTY suspicious of this "Taltos" character. This is the *12th* Michelle Delio Wired article he's been quoted in since February and I haven't seen any work he's done or information he's produced in the hacker community. Has anyone else? All I can find are Wired articles he's been in (http://www.google.com/search?q=Taltos+hacker+&hl=en&lr=&safe=off)

> He also suggests that a bit of national pride may be at work.
> "The U.S. military allowed American-defacement-archive Attrition to
> mirror defacements of U.S. military sites. But when Attrition
> announced it was ceasing to archive defacements, the military must
> have decided that they didn't want some foreign site mirroring
> defacements of American sites," Taltos said.

Good god, this guy knows nothing. I know of two reporters from major US media publications who went straight to the Army/Navy and flat-out asked if and why they were blocking Alldas. The answer was simple - their nMap scans were setting off alarms and they then publicly posted the data. National pride my ass.

Nope...I'm sure the gang at Attrition can review their logs and debunk
that theory. The mirror page at Attrition was one of the most frequently
visited sites (by IT folk) when I was on active duty. American military
personell are not totally clueless...despite what many may think. I think
too many people mistake not giving a wet rat's ass (hereafter referred to
as WRA), for lack of knowledge.

Definitely....we know for a fact that people from the FBI, DoDIG, FedCirc, JTF-CNO, DSIC etc all looked at and used our mirror on a regular basis. There is no way they're "just finding out" about our mirror because our mirror-taking program auto-notified the NIPC with every defacement, FedCIRC with every .gov/.mil defacement and individual admins based on Internic domain info for each defacement. I think it was impossible for them NOT to know with the notification we were doing, mostly to cover our ass so we didn't get accused of having prior knowledge of said incident.

> I think it's quite likely that someone, some top level person, may
> have suddenly become alerted to the existence of defacement mirrors
> when all the media ran stories on Attrition last week, checked it out,
> discovered that plenty of military sites had been defaced and hung in
> the hall of shame, and decided to call a total cease fire on
> archiving."

Morons. Michelle Delio quotes morons!

> Said Marquis Grove at Security News Portal, a security news site: The
> problem with this slight-of-hand trick is that someone in the military
> is probably going to try to take credit for having greatly reduced the
> number of hacked websites and point to the statistics generated over
> at Alldas as proof."

Doubtful. There's enough checks and balances in the government to keep that from happening. Even if there were no defacement mirrors, the GAO will still run around bitch-slapping various agencies with reports of just how insecure their network is.

All Alldas has to do is stop doing a full nMap of .mil and .gov servers, stop posting ALL of the resulting info from those scans on the mirror and once they bring the attention of that cease-fire, (so to speak), to the military's attention, I'm sure they will be unblocked.

Christ....people are so dense.

ISN is hosted by SecurityFocus.com
To unsubscribe email isn-unsubscribe () SecurityFocus com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]