December 1998 (10 - 22)
Remote Explorer II
update by demoniz at Dec 22 , 16:18 CET
Remote Explorer, the new 'smart' virus for Windows NT is big news. We've collected some links to the mainstream media. For anyone who wants to know more about this first 'first legitimate incident of cyber- terrorism.'
MCI hit by computer virus - CNN
Virus Snarls NT Nets - Wired
Alarm over new 'smart' virus - ZDNet
NAI warns of dangerous virus - InfoWorld
Analysts question "cyberterrorism" hype - CNET
How secure are you?
update by demoniz at Dec 22 , 13:00 CET
Gromwood, a new site with various sections (games, security etc), asked me a few questions about Net security. It's online now, including my spelling faults. Hey, you need a editor-in-chief :)
Go check it out and let me now what you think.
Gromwood 'How secure are you' article
Horror for NT: Smart virus
update by demoniz at Dec 22 , 1:35 CET
A new - smart - virus wanders the Net. Last week the computer network of a Fortune 100 company was obliterated by a new virus that one official called "the first legitimate incident of cyber- terrorism" he had ever seen.
According to Network Associates (McAfee) the virus, dubbed as Remote Explorer, attacks Windows NT-based networks and propagates over the network. Remote Explorer is memory resident, encrypts EXE, TXT, and HTML files. It compresses the executable files of servers and workstations that it encounters, rendering them unusable. Remote Explorer also encrypts .DOC or .XLF files with a cipher that researchers still have not identified, making it impossible to gain access to those files.
Network Associates has released detection software for the virus and a fix.
Operation Desert Hack
update by demoniz at Dec 22 , 0:15 CET
It appears the Baghdad-Iraq Web site never got hacked. Or better: we can safely assume they didn't get compromised. It turns out the Web site was registred on December 18th, during the real Operation Desert Fox. The whole 'hack' was a fake. Thanks to Ken for informing us.
update by demoniz at Dec 21 , 16:49 CET
Operation Desert Fox continues, not in Iraq but on the Internet. Today the Web site 'Baghdad-Iraq' got compromised by hackers who support the attacks on Iraq. "Bomb that damn country good...find sadam and beat his ass with hot pokers..." Among several pictures on the site, the hackers Mind and KANE14, published a fake image of Saddam and Clinton naked in bed.
Baghdad-Iraq Web site
Archive of hacked site
(Tip by BHZ)
Free security upgrade
update by demoniz at Dec 21 , 3:33 CET
Now here's some bad PR for a business. Last week the Hacker News Network reported about several companies which got their Web site defaced. Nothing to get really excited about, it happens all the time. But what if you are days later still hacked? Two sites, www.metrocareers.com and www.netpromag.com, apparently enjoy their free security upgrade.
Archive of hacked sites (both the same)
Down, but not for good
update by demoniz at Dec 21 , 3:12 CET
There has been some confusion about the popular website host for hackers, Scorchers.net. It went down last week due to changes in the terms of the hostprovider of Scorchers and nobody really knew whether it was down for good or that is was down temporarily. According to the webmaster of Schochers, they will return but it will take some time. "Scorchers will be back, probably before spring of '99, but no later. We will be able to offer more space and a more reliable server after we get going in the spring.
Schorchers Web site
What comes around goes around
update by demoniz at Dec 19 , 13:54 CET
LoRD OaK, the hacker who defaced CyberArmy yesterday, got his own site hacked today. Ralder-X replaced the mainpage of thepoison.org with his own l33t version. "H4H4H4 TH1$ 0N3$ F0R 4LL TH3 $H1T U PUT MY M4N D4T4 THR0UGH." What comes around, goes around. It's true.
The Poison Web site
Archive of hacked site
(Tip contributed by deepcase)
Disgrace for Lotus
update by demoniz at Dec 19 , 12:58 CET
Some sysadmins have problems securing their servers. Their knowlegde of security is limited and their servers are a playground for the hacker scene. But what if you're a manufacturer of servers? As it turns out, it's the same story, no knowlegde. The Dutch Lotus office Web site got compromised today. And it was no complicated hack. It wasn't even a real hack. The webmaster forgot to change the rights of the 'Edit Document' option. *Ouch*
Lotus Nederland Web site
Archive of hacked Lotus Domino server
Companies believe the Net is safe
update by demoniz at Dec 19 , 12:57 CET
A new study released Thursday shows corporate users perceive the Internet as substantially safer for conducting business online than they did in 1996. 65 percent of the companies surveyed by Cahners In-Stat Group said they believed the Net is safe for electronic commerce, while only 37 percent of respondents agreed with that statement two years ago.
But, as we reported earlier this week, according to IBM nine out of ten online shopping servers are insecure. 'Ethical' hackers, on the payroll of IBM, gained easily access to several secured servers of e-commerce companies.
Read full article at Internet Week
(Tip contributed by Digital Sinner)
CyberArmy hacked again
update by demoniz at Dec 19 , 1:44 CET
The h/p/v/c/a searchengine CyberArmy was compromised again today. A hacker named LoRD OaK of the hackgroup The Poison hacked the cgi-bin of the site, replaced the links and added two new categories to the searchengine ('Hacked' and 'Hacked by LoRD OaK'.)
Iraqi cyber attack?
update by demoniz at Dec 18 , 16:04 CET
A computer-based counterattack from Iraq against the U.S. is not very likely. Earlier this week a report by the Center for Strategic & International Studies called for greater recognition of the threat posed by attacks and terrorism conducted over the Internet. It speculated that cyber terrorism and cyber warfare could be a plausible alternative because "no enemy can match the U.S. military, as demonstrated by the Gulf War."
The FBI said yesterday that such attack is not very likely. The Department of Energy's Computer Incident Advisory Capability (CIAC) agreed with that. A security analist of CIAC said: "You could say that about anything. It would be just as easy for Iraqi terrorists to make trains run off the track."
Read the full article at USA Today
IBM: Online shopping insecure
update by demoniz at Dec 17 , 15:28 CET
How often do you purchase articles online with your credit card? In the future you might think twice before using your flexible friend. According to IBM, Nine out of ten online shopping servers are insecure. 'Ethical' hackers, on the payroll of IBM, gained easily access to several secured servers of e-commerce companies. This revealed a spokesman of IBM Global Services today to the San Francisco Examiner.
IBM Web site
San Francisco Examiner Web site (article not online, yet)
(Tip by Thejian)
update by demoniz at Dec 17 , 14:54 CET
One of the main IRC networks, IRCnet, got hacked earlier today. Malicious hackers gained root access on irc.estpak.ee and killed roughly 6000 users. The Estonia server has been disconnected from IRCnet for the time being to avoid more problems.
MS Bug slows impeachment email
update by demoniz at Dec 17 , 12:49 CET
A bug in Microsoft's email server software couldn't have surfaced at a worse time for the U.S. House of Representatives. Just as House members were preparing for their vote on impeachment, constituent email messages began dropping into a void because of the glitch, which sends Microsoft Exchange servers into a continuous loop. The bug affected two of the House's 14 servers, which run Exchange 4.0 on Windows NT 4.0, according to Jason Poblete, a spokesman for the House. Due to the problems Judiciary Committee members haven't received email at all since Monday.
Read the full story at CNN
update by demoniz at Dec 17 , 2:46 CET
Saddam Hussein went too far this time. U.S. President Bill Clinton announced a few hours ago he had ordered a "strong, sustained" series of airstrikes on military and security forces in Iraq, designed to degrade Iraq's ability to develop weapons of mass destruction. In other words: they are bombing Iraq.
CNN Web site
update by demoniz at Dec 16 , 19:40 CET
No computer is safe from hackers. We already knew that and the U.S. government apparently knows it too. This week they released a report, entitled, 'CyberCrime, CyberTerrorism, and CyberWarfare: Averting an Electronic Waterloo,' which recommends several procedures U.S. policy makers can implement to defend the U.S. critical infrastructures from information warfare. The report admits that most of U.S. computer systems, including high level systems that control electrical power grids and US military command and control systems could be brought down by computer crackers.
Read the full story at Internet Week
Wassenaar violation of Human Rights
update by demoniz at Dec 15 , 16:11 CET
On the occasion of the 50th birthday of the Universal Declaration of Human Rights, the Canadian privacy-softwarecompany Zero-Knowledge Systems launched a campaign to convince authorities that the Wassenaar Agreement is a violation of these rights. "The best defense for online privacy is to use strong cryptography, wich allows Internet users to preserve the privacy of their communications and personal information."
FreeCrypto.org Web site
Zero-Knowlegde Web site
Contributed by Thejian
update by demoniz at Dec 15 , 16:07 CET
The USA has court TV, the Dutch will have Internet Court. Four Dutch courthouses will participate in an experiment starting next february to bring justice online. The courts will report on upcoming trials, verdicts and crime-statistics. Nothing really new, but plans are also to ask the Internet crowd for their help to bring criminals down. Makes me wonder if they are planning to divulge all the details about the cases.
Read more here (Dutch only)
Contributed by Thejian
December 1998 (10 - 22)
Lets make the Net a better place
The Inevitability of Failure
update by demoniz at Dec 15 , 13:19 CET
The security paper of six employees of the U.S. National Security Agency (NSA) which was published at the 21st National Information Systems Security Conference in October, is now available in HTML format to the public.
'The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments.' discusses, among other things, why mandatory security mechanisms are useful outside the context of classification levels, even on single-user systems. And trusted-path mechanisms, like the PASSCRED stuff recently implemented in Linux and NT's Ctrl-Alt-Del login feature.
HTML version of Security paper
HackCity releases programs to the public..
update by Qubik at Dec 15 , 7:16 CET
HackCity.Com, a large group which has recently been under watchful eyes, has released their first round of programs to the public showing that, according to Hadez, HackCity.Com "..are still planning on making the site available to the public as well as our members."
HackCity Web site
update by demoniz at Dec 15 , 0:07 CET
WHiTe VaMPiRe of Project Gamma wrote an editorial about the major 'hackflood' of the last few days. I suggest you all take a look at it. It might enlighten you. "They are pulling innocent bystanders into their petty disputes, that is uncalled for and unwarrented." He couldn't be more right.
Project Gamma Web site
Strike to protest Wassenaar
update by demoniz at Dec 14 , 17:15 CET
To protest the signing of the Wassenaar Arrangement, an international treaty that imposes new restrictions on cryptographic software technology, all computer professionals are called to strike today. The strike is meant to raise awareness about the importance of cryptography, about the U.S. government's wrongheaded attempts to curtail its use, and about the strong-arm tactics used by the United States to pressure other countries into limiting their citizens' rights the way it has limited its own.
Wassenaar Strike Web site
Wassenaar Arrangement Web site
Jack Daniels hacked
update by demoniz at Dec 14 , 17:06 CET
The Web site of the famous whiskey distillery, Jack Daniels, got defaced this weekend. The hacker, Fluxx, replaced the mainpage with a page dedicated to the sysadmin. "I was here, but now I'm gone, I leave my tag, to carry on. Oh by the way, your sysadmins security sucks. Put me out of my misery, then and only then can I truly be free"
Jack Daniels Web site
Archive of hacked page
Financial trouble for Packet Storm
update by demoniz at Dec 14 , 16:13 CET
The number 1 exploit archive, Packet Storm Security, is in financial trouble. In a short time the Web site became so popular that it's now threatend by its own succes. The webmaster of Packet Storm, Ken Williams called on the visitors for an solution. "Due to the increasing popularity of this Web site, we are now averaging over 80,000 hits/day, and double that figure on some days (...) After shopping around, we have been quoted figures of $1500-8000/month to host this web site by other companies and service providers. Since this site is free (on principle), and we do not offer advertising (on principle), we pay for it ourselves. If you have any viable solutions or suggestions, then please contact us ASAP."
If you have a solution, mail Ken Williams. Details about how to contact him can be found at Packet Storm Security
German hackers worried about logfiles
update by demoniz at Dec 14 , 13:44 CET
Unsubstantiated reports are coming in that the German police has access to all log files of so called 0130 callers (0800). The rumour was spread after last friday's bust of NetGuru, an 18-year-old German high school student who got arrested for defacing a German government Web server and abusing stolen Credit Card nummers. He caused for $20,000 damage to an insurance company. NetGuru told an German computer magazine that he used an 0130 number during his hacks. According to an anonymous email we received, the hackers earlier assumed that the German Telecomm didn't even keep track of the callers.
NetGuru's bust at Chip Online (German only)
AntiGen becomes AntiGėn
update by demoniz at Dec 13 , 23:18 CET
Fresh Software has finally changed the name of their Back Orifice remover AntiGen. The program formerly know as AntiGen is now called AntiGėn. Last month the maker of the freeware BO killer was about to be sued by Sybari Software because they had the name Antigen trademarked for their own security program. After consulting the attourneys of Sybari, Andrew Niese, the maker of AntiGen, decided to back down and change the name of his program. "We didn't expect AntiGen to become so popular worldwide, so it never crossed my mind to check for trademark conflicts", writes Niese in an email to 100 % Pure Bikkel.
Fresh Software Web site
Hacker on the run? No more
update by demoniz at Dec 13 , 3:17 CET
Justin Petersen, the hacker on the run who was also an FBI informant, was captured last night by the U.S. Marshalls. We reported about a month ago about his sudden disappearance. The ex-hacker violated his parole and was wanted by the US Marshalls. Petersen hacked a few years ago a financial institution and pinched electronically $150,000.
Petersen was arrested and taken to the Metropolitan Detention Center in downtown Los Angeles. Ironically, this is the same place where imprisoned hacker Kevin Mitnick is currently being held. Petersen helped the FBI arresting Mitnick.
Call long-distance for free
update by demoniz at Dec 12 , 15:54 CET
That PalmPilot of 3Com is sure one nifty tool. We reported last week about unlocking cars with a PalmPilot using the infra red eye. Well, that's not all. You can make long-distance phonecalls with it too. For free that is.
Last Thursday an Canadian hacking site posted software which turns the PalmPilot into an unlimted calling card. The latest hack, known as RedPalm, exploits a weakness in older pay phones that phone hackers, known as phreakers, have used for years. The new RedPalm software plays tones through the PalmPilot's speaker that can fool some phones into believing that callers have deposited quarters.
PalmPilot Web site (3Com)
Hack Canada Web site
Read the full article at Wired News
(Tip contributed by Spikeman)
update by demoniz at Dec 12 , 10:56 CET
Our little soap opera is getting boring, but for those who care: Slampcoach was modified again today. This time the original hacker ^Dreamer changed the 'hacked' Web site again to a page with his version of this little fairy tale. To clear the air, he writes. "I'm receiving many flames to the www.slampcoach.com hack. Go there for the complete story... cause Hadez never hacked it. I got logs to prove it."
Archive of the third Slampcoach hack
To hack or not to hack
update by demoniz at Dec 12 , 0:14 CET
Many people commented on the hack flood of the last few days. According to many, the hacks weren't real hacks since all the Web sites got compromised using legitimate passwords. We received earlier today an email from ^Dreamer, the hacker who defaced Slampcoach for the first time. "Slampcoach.com wasn't 'ReHacked' by Hadez. I gave him the pass." The last victim, Legion2000 turned out to be hacked too using an 'non-hacked' password. As well as the Sekurity-net, the New-Line.org and the devastating CyberArmy hack. Decide for yourself whether it are real hacks or not.
Social engineering (Packet Storm)
Social engineering (fravia)
update by demoniz at Dec 11 , 23:42 CET
In todays episode of 'As the Hacker turns': The Legion2000 hack. Starring Iron-Lungs as the fall guy and an anonymous hacker as the attacker. In other words, the server of HcV org got hacked today and Iron-Lungs seems to be the target, again. According to our informer, Crawl-X of The A.R.G.O.N. the defaced Web site of Legion2000 had a redirect to a site of Iron-Lungs which was also compromised. Iron-Lungs stated on our webboard that the hack was done using an inside account. Sounds pretty damn familiar eh?
We have two different versions of the defaced site:
Archive 1 of the hacked site
Archive 2 of the hacked site
Legion2000 Web site
The A.R.G.O.N. Web site
The art of social engineering
update by demoniz at Dec 11 , 7:28 CET
Without any technical knowlegde one can hack. How? With social engineering. The latest Web site hacks appeared all to be done through social engineering, a special form of hacking. Social engineering is not about technical knowlegde but about trying to fish a secret out of someone. The hacker in the CyberArmy hack called the host provider of the hacker site pretending to be the webmaster of CyberArmy. He asked for help changing his password. The kind help of the provider was rewarded with a devastating hack.
100 % Pure Bikkel searched the Web for information on social engineering and found it at Packet Storm Security
Social Engineering Tools and Misc Files
Packet Storm Security Web site
MS Excel hole patched
update by demoniz at Dec 11 , 6:08 CET
Microsoft released a patch today that fixes a vulnerability in Excel that could allow certain types of executables to be run without a warning to the user. Excell allows executables to be run from a worksheet. Without the users knowing it any kind of program can be launched. An Excel worksheet could be used as a trojan horse to activate malicious programs like Back Orifice or NetBus.
MS Excel patch
New school hackers root it twice
update by demoniz at Dec 11 , 4:25 CET
The hacked Web site of Slampcoach got hacked again. This time Hadez of HackCity defaced the defaced page of Slampcoach.com. And again HcV and Iron-Lungs get put down. According to a statement on the compromised site, Hadez doesn't agree with Iron-Lungs hacking methods. "Your days of fucking threatning people are over you fuckers. You call "phoning up webhosts and pretending to be account holders" hacking?"
Slampcoach.com Web site
Archive of hacked site
HackCity Web site
update by demoniz at Dec 11 , 1:38 CET
That there's some truth in the saying 'what comes around, goes around' is something which Sekurity-net can fully endorse. On thursday their mainpage was hacked by Iron-Lungs because the webmaster of Sekurity-net should "earn his respect and stop being a failure."
100 % Pure Bikkel found earlier on thursday out that Sekurity-net 'borrowed' all the news of this site. And as if this wasn't enough, the webmaster of Sekurity-net claimed on the webboard to be the real hacker of the new-line.org hack instead of Iron-Lungs of HcV. To back up his claim he linked to a modified copy of the defaced new-line.org on his own site.
We have nothing to do with this hack, but lets not act like saints. In this particular case, we love it. Unlike all the other hacks these past weeks, there was no real damage done. The hacked page linked to the old index of Sekurity-net.
Sekurity-net Web site
Archive of hacked site
100 % Pure Bikkel Webboard
(Thanks loser (yes, it's his real nick) for the copy of the hacked page)
A hack for a hack
update by demoniz at Dec 11 , 1:09 CET
In the old days, when people had a flaming row they would give eachother a proper hiding. That would set things right. But hey, the new millennium is coming and times have changed. Nowdays you don't beat someone, you hack. And you do not hack them, but just some random site to publish your statement. Today Slampcoach.com got hacked because "HcV is gay as fuck."
Slampcoach.com Web site
Archive of the hacked site
Old school hackers never die
update by demoniz at Dec 10 , 15:32 CET
With the devastating hack flood of the last months which destroyed so many Web sites, it appeared the hacker ethics lost its value for good. Guess again, old school hackers never die. Kr0me Corp recently relaunched their public Web site devoted to old school hacking. For the hacker who still cherishes the ethics.
"We want you to consider this: hacking is not a form of destruction, a power over the masses in the hands of young vandals, for status or personal gain. It is the art of creating and manipulating the information; it is the constant yearn for knowledge, the curiosity pushing the individual to look beyond the appearence of the things, to study and learn the inner aspects of their functioning."
Kr0me Corp Web site