Information Security News
mailing list archives
[defaced-commentary] Anti-Terror Hackers Claim Arab National Bank Breach
From: InfoSec News <isn () c4i org>
Date: Mon, 15 Oct 2001 02:59:19 -0500 (CDT)
---------- Forwarded message ----------
Date: Sun, 14 Oct 2001 00:04:22 -0600 (MDT)
From: security curmudgeon <jericho () attrition org>
To: defaced-commentary () attrition org
Subject: [defaced-commentary] Anti-Terror Hackers Claim Arab National Bank Breach
[More on the Kimble defacement. One of the two domains was also
defaced a second time by someone that bears a striking resemblance to
fluffy bunnies style. The second defacement of kill.net is quite
amusing. Mirror available:
By Brian McWilliams, Newsbytes
RIYADH, SAUDI ARABIA
11 Oct 2001, 8:51 AM CST
Vigilante hackers apparently penetrated the security of a Saudi bank
Wednesday, even as the hackers' own Web site was defaced by a
notorious computer prankster, Fluffi Bunni.
In an effort to locate financial information about terrorists, a
member of a group called Yihat claims to have breached the defenses of
an Internet-connected server operated by Arab National Bank.
As proof, the hacker, who uses the nickname "Splices," provided
Newsbytes with three spreadsheet files allegedly gleaned from the
server. The files apparently contained records of accounts held by a
handful of ANB customers. None of the names on the accounts appear on
the recently released list of 22 terrorists most wanted by the FBI.
Nor do the customer names appear to match those of top Taliban
The compromised system, which was separate from the bank's Web site at
http://www.anb.com.sa , was running Microsoft's Windows 2000 operating
system. According to Splices, the server was configured to allow file
sharing by unauthorized remote users.
A security consultant, who requested that his identity not be
revealed, confirmed that the ANB server was not protected by a
firewall and had directories accessible to outside users.
A spokesperson for ANB told Newsbytes the bank had no indication that
its Web server was penetrated. The official did not provide
information on the status of the allegedly compromised separate
According to Splices, who said he is an American citizen, Yihat's intent
wasn't to harm the bank but to "look for terrorists." The hacker said he
has turned the information over to Yihat's leader who will forward the
data to U.S. law enforcement.
Yihat, which stands for Young Intelligent Hackers Against Terrorism,
is organized by Kim Schmitz, a controversial German hacker turned
entrepreneur. Schmitz has offered a $10 million reward for the capture
of Osama bin Laden.
Schmitz's personal site and that of Yihat were defaced Wednesday night
apparently by a hacker calling himself Fluffi Bunni. The attacker
replaced the home page of Yihat's site at Kill.net with one that
included a photo of Osama bin Laden and a doctored version of Yihat's
logo that read "Young Idiotic HaXorz and Terrorists."
Fluffi Bunni also replaced the home page of Schmitz's site at
Kimble.org with a lewd image of a pink toy rabbit and the words "The
Fluffy Bunny has owned you." (Note that the hacker changes the
spelling of his name, sometimes it's Fluffi Bunni and sometimes Fluffy
Both sites were not functioning properly this morning. Schmitz was not
immediately reachable for comment.
On a hacking message board, one participant wrote of the defacements:
"Maybe Kimble should use some of that reward money to hire someone who
can secure his own servers."
Last month, Schmitz claimed that Yihat members were able to penetrate
AlShamal Islamic Bank in Sudan and collect data on the accounts of Al
Qaeda terrorists and Osama bin Laden.
Schmitz provided no proof of the incursion, but claimed to have turned
information over to the FBI. The agency would not confirm or deny
whether such an exchange had occurred.
In an e-mail to Newsbytes earlier this week, Schmitz said "Face the
fact, I have a track record and I reached my goals. I have no need to
lie about the Shamal hack."
A mirror of the Kill.net defacement is here:
The Kimble.org defacement is archived here:
The information and commentary is Copyright 2001, by the individual author.
Permission is granted to quote, reprint or redistribute provided the text is not
altered, and the author and attrition.org is credited. The opinions expressed
in this mail are not necessarily the opinion of all Attrition staff members.
Commentary Archive: http://www.attrition.org/security/commentary/
The Attrition Mirror: http://www.attrition.org/mirror/attrition/
Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html
Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html
Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html
Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html
Contacting Attrition Staff: staff () attrition org
To subscribe to Defaced Commentary, send mail to majordomo () attrition org
with "subscribe defaced-commentary" in the BODY of the mail (without
quotes). To unsubscribe, include "unsubscribe defaced-commentary" in
the BODY of the mail.
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
- [defaced-commentary] Anti-Terror Hackers Claim Arab National Bank Breach InfoSec News (Oct 15)