Information Security News
mailing list archives
Re: Is Military Hiding Hacks?
From: "B.K. DeLong" <bkdelong () pobox com>
Date: Wed, 06 Jun 2001 10:57:38 -0400
At 07:46 PM 06/05/2001 -0400, Jonathan Rickman wrote:
I'm sure they are. Why not block Attrition? Attrition provided several
services to alert administrators via email or alpha pager. AFAIK Alldas
does not. I could be wrong as I haven't visited in a while, and am
composing this offline.
Not only that, but Attrition never did full nmaps of every mirror they took
and post the full information up for anyone to see (and exploit). The only
nmapping we did was of a few common ports and the only information we ever
stored was OS fingerprinting. Of course the Army and other Defense
Department groups would block Alldas - they're performing an intrusive scan
each time they take a mirror and then leaving up resulting data for any
kiddie to use.
> Taltos, a Budapest-based hacker, said that he believes the U.S.
> military is operating on the theory that if hackers get no glory from
> defacing websites, they will scamper away and hack sites that can be
> mirrored in Alldas' archive.
...which might very well be true in many cases.
I'm MIGHTY suspicious of this "Taltos" character. This is the *12th*
Michelle Delio Wired article he's been quoted in since February and I
haven't seen any work he's done or information he's produced in the hacker
community. Has anyone else? All I can find are Wired articles he's been in
> He also suggests that a bit of national pride may be at work.
> "The U.S. military allowed American-defacement-archive Attrition to
> mirror defacements of U.S. military sites. But when Attrition
> announced it was ceasing to archive defacements, the military must
> have decided that they didn't want some foreign site mirroring
> defacements of American sites," Taltos said.
Good god, this guy knows nothing. I know of two reporters from major US
media publications who went straight to the Army/Navy and flat-out asked if
and why they were blocking Alldas. The answer was simple - their nMap scans
were setting off alarms and they then publicly posted the data. National
pride my ass.
Nope...I'm sure the gang at Attrition can review their logs and debunk
that theory. The mirror page at Attrition was one of the most frequently
visited sites (by IT folk) when I was on active duty. American military
personell are not totally clueless...despite what many may think. I think
too many people mistake not giving a wet rat's ass (hereafter referred to
as WRA), for lack of knowledge.
Definitely....we know for a fact that people from the FBI, DoDIG, FedCirc,
JTF-CNO, DSIC etc all looked at and used our mirror on a regular basis.
There is no way they're "just finding out" about our mirror because our
mirror-taking program auto-notified the NIPC with every defacement, FedCIRC
with every .gov/.mil defacement and individual admins based on Internic
domain info for each defacement. I think it was impossible for them NOT to
know with the notification we were doing, mostly to cover our ass so we
didn't get accused of having prior knowledge of said incident.
> I think it's quite likely that someone, some top level person, may
> have suddenly become alerted to the existence of defacement mirrors
> when all the media ran stories on Attrition last week, checked it out,
> discovered that plenty of military sites had been defaced and hung in
> the hall of shame, and decided to call a total cease fire on
Morons. Michelle Delio quotes morons!
> Said Marquis Grove at Security News Portal, a security news site: The
> problem with this slight-of-hand trick is that someone in the military
> is probably going to try to take credit for having greatly reduced the
> number of hacked websites and point to the statistics generated over
> at Alldas as proof."
Doubtful. There's enough checks and balances in the government to keep that
from happening. Even if there were no defacement mirrors, the GAO will
still run around bitch-slapping various agencies with reports of just how
insecure their network is.
All Alldas has to do is stop doing a full nMap of .mil and .gov servers,
stop posting ALL of the resulting info from those scans on the mirror and
once they bring the attention of that cease-fire, (so to speak), to the
military's attention, I'm sure they will be unblocked.
Christ....people are so dense.
ISN is hosted by SecurityFocus.com
To unsubscribe email isn-unsubscribe () SecurityFocus com