Home page logo
/

nanog logo nanog mailing list archives

Feds pull suspicious .gov site
From: blitz <blitz () macronet net>
Date: Thu, 06 Feb 2003 03:28:22 -0500





Forwarded from: William Knowles <wk () c4i org>

http://news.com.com/2100-1023-983384.html

By Declan McCullagh
Staff Writer, CNET News.com
February 5, 2003

WASHINGTON--In a move that raises questions about the security of
governmental domains, the Bush administration has pulled the plug on a
.gov Web site pending an investigation into the authenticity of the
organization that controlled it.

Until recently, visitors to the AONN.gov Web site were treated to a
smorgasbord of information about an agency calling itself the Access
One Network Northwest (AONN), a self-described cyberwarfare unit
claiming to employ more than 2,000 people and had the support of the
U.S. Department of Defense.

No federal agency called AONN appears to exist, and no agency with
that name is on the official list of organizations maintained by the
U.S. National Institute of Standards and Technology.

The General Services Administration (GSA), which runs the .gov
registry, pulled the domain on Jan. 24, after a query from CNET
News.com.

"There are questions about the authenticity of the Web site that
includes the AONN name," the agency said in an e-mail reply. "Until
the situation is resolved, we have eliminated the URL from the .gov
directory name server."

The action could point to the first case of a .gov domain name
hijacking.

The GSA investigation raises questions about the integrity of federal
Web sites at a time when the Bush administration is touting electronic
government initiatives. President Bush signed the E-Government Act of
2002 in December, and the IRS in January began a program to encourage
Americans to file their taxes electronically.

Cybersquatting, or registering a domain to which you may not be
entitled, is hardly uncommon among the multitude of .com and .net
domains. In 1999, President Bill Clinton signed an anticybersquatting
law, and an alternate process through which domain names can be
challenged has resulted in more than 11,000 domain names being
transferred away from the parties who had registered them.

But there are no known cybersquatting incidents involving a
governmental domain, according to the GSA. "I'm not aware of any
incident" in the past when an unapproved individual has gained control
of a .gov domain name, an agency representative said.

Chris Casey, who in 1995 helped to create Congress' first Web sites
and now runs a Web design company called Casey.com, says he was
surprised to hear that AONN had apparently secured a .gov name, and
said a misappropriated .gov domain could create confusion among Web
users.

"I'm not aware of it ever happening before," Casey said. ".gov, .edu
and .mil carry a feeling of trustworthiness...People have learned to
place more faith in them."

AONN's background

Claiming credit for the deleted .gov site is a man who calls himself
Robert L. Taylor III, whose name and contact information appeared in
documents on the AONN.gov site.

Taylor, who appears to reside near Everett, Wash., declined to explain
how, exactly, he secured a .gov domain for the group, calling AONN's
operations "classified."

"We have exploited a security hole in the bureaucracy," Taylor said in
a telephone interview. "There are loopholes, there are security holes,
there are holes in the system."

On its now-deleted site, AONN contended its "U.S. Defense Security
Intelligence Network" (DSIN) was launched at Harvard University's John
F. Kennedy School of Government last year, but Doug Gavel, the Kennedy
School's communications director, says he's not aware of any such
program. Similarly, AONN said its champion in Congress is Rep. Jay
Inslee, D-Wash., whose office categorically denies it. A Senate Budget
Committee representative said he had never heard of AONN.

A Pentagon representative also said that AONN has no affiliation with
the U.S. military and he had no knowledge of the organization.

It's unclear when the site was first registered or how Taylor may have
taken control of a .gov domain. According to the official .gov
registration rules, only organizations that appear in an official list
of government agencies qualify for a .gov domain--and AONN is not on
it. If AONN were a legitimate Defense Department agency, it would have
to register a .mil--rather than a .gov--domain name.

One loophole exists for city and state governments, which were allowed
to register .gov domains before the current rules took effect in May
1997. Such registrations are no longer permitted. But local and state
governments with existing sites, such as the state of California's
ca.gov, were allowed to keep them.

Registering a .gov domain name involves writing an authorization
letter--two samples are provided on the GSA Web site--printing it out,
and then sending it to the ".GOV Domain Manager" in Reston, Va. The
GSA would not comment on what security measures were in place, and
what changes, if any, have been made.

The GSA's safeguards don't provide foolproof security, says Adrian
Lamo, a hacker and social engineer who claims to have penetrated
computer systems run by The New York Times and a string of other
corporations.

"The process isn't intended to stop anyone who isn't going to be
stopped by the need to go to Kinko's, print out some letterhead and
then send an honest-to-God postal letter," Lamo said. "It'll stop the
people that are willing to break any rule, as long as they can fill
out a Web form to do it. And that eliminates 95 percent of pranks."

If someone expressed interest in AONN, Taylor would send them a
122-page PDF file containing buzzwords such as "computer intrusion
teams, "beyond state-of-the-art super computing... next level
broad-range security systems, cyber warfighting, highly advanced
satellite technologies and nano-technologies." It described AONN as a
"joint-counterstrike force (that) possesses such a culmination of some
of the world's brightest and most brilliant intellect, intelligentsia,
academicians and minds, it can quite easily be said that the AONN DSI
concept by itself is worth multibillions."

A notice on AONN.gov offered to "split payment on contract
disbursements" with its fund-raisers. Taylor also offered this deal to
potential buyers: "You come up with fifty million dollars and we'll
sign contracts as well as deliver both human assets and the DSIN
program."

Taylor would not say if he had collected any money from corporations
and individuals as a result of these offers.

Besides claiming to be a military intelligence agency, AONN also said
it has an "emerging and expensive clothing line" and an urban and R&B
record label that has signed "certified platinum artists." In November
2000, a company named AONN Records released a CD called November 12
Projekt that a local newspaper described as a collaboration of "two
ambitious young rappers."

Taylor said that that AONN.gov and AONN Records are the same.

No company named AONN Records or Access One Network Northwest is
listed with directory assistance, and the Washington state government
has no record of a company with either name being incorporated.

AONN Records' CD release appears to have been distributed by The
Orchard, which provides a vehicle for independent musicians to sell to
online stores such as Amazon.com and CDNow.com. The Orchard could not
locate AONN Records or Robert Taylor in its files. A representative
said that would be the case if The Orchard no longer carried the
November 12 Projekt CD.

One document Taylor distributed from his Hotmail account this week,
called a "Special Projects Dossier," lists excerpts from job
applications apparently sent to him by intelligence officers seeking
employment.

"Some have suggested it is a spoof by a rock group who has misused the
aonn.com and aonn.gov registrations," a representative for the
Association of Former Intelligence Officers said this week. "How they
obtained the (top-level domain) of .gov is baffling and shows a flaw
in the registration system that could create greater mischief in other
hands."


  By Date           By Thread  

Current thread:
  • Feds pull suspicious .gov site blitz (Feb 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]