- Email: [email protected]
Yahoo News Hacked
reports
Cyber Skirmishes — Hackers Threaten, Government Warns John Sterlicchi
As hackers around the world think about launching cyber skirmishes in the wake of recent terrorist attacks, one group of online vigilantes claims it has already destroyed data and Internet connections within Afghanistan and Palestine. Calling themselves, the Dispatchers, the group claims to have already disabled several Palestinian Internet service providers and warned that ISPs based in Afghanistan will be next “with the intent to destroy them and disable any use,” said one warning on a website defaced by the Dispatchers. “We, as a group of individuals, have taken a stand, armed with technology to disable our target in every method possible,” the group said in the statement. “As of 11 September 2001, we have united to fight back and to show that we will not tolerate this anymore.” Many hacker attacks were targeted specifically at sites connected to Afghanistan. One site, the Afghan News Network at www.myafghan.com, was reportedly knocked offline for 15 hours after an attack. According to an email, the operator of the site said: “We have received lots of hate email from people.”
Meanwhile the FBI’s National Infrastructure Protection Center (NIPC) issued an advisory, warning companies of increased hacking activity in the name of “patriotism”. The NIPC initially warned companies to beware of an increase in online activity. “Infrastructure owners and operators should be at a heightened state of alert and should implement appropriate security measures, both physical and cyber,” NIPC said. During a congressional committee meeting Michael Vatis, a former FBI assistant director and former head of the NIPC, said he believes the threat is “even greater today then it was before September 11.” Vatis based his prediction on an analysis, which found an increase in cyberattacks in connection with physical conflicts, such as the Israeli-Palestinian conflict and the US-China spy plane incident.
Bob Cohen, senior vice president of the trade group, Information Technology Association of America, said: “I don’t think it is out of the realm of possibilities that cyber terrorism could be used as one ingredient of a larger plan or perhaps another mechanism to create disturbance.” Furthermore, analysts, such as Gartner’s John Pescatore, have been advising companies on how to handle cyber terrorism threats, which he expects will occur as a result of US military assaults on terrorist camps in Afghanistan and elsewhere. Pescatore said: “The recent terrorist strikes, and the anticipated reprisals, dramatically increase the risk of cyber attacks. Enterprise should prepare for more assaults and increased Internet security requirements as companies have not made much progress against denial-ofservice attacks.” He recommended that enterprises immediately check their Internet-exposed systems and servers for vulnerabilities and test their cyber incident response plans. If enterprises use computing facilities outside North America as their primary Internet connections or computing centres, they should begin preparing for backup operations at North American sites. “Any military reprisals the US makes will inevitably lead to cyber-attacks against US Government, financial and political Internet sites, as well as similar sites in countries seen as supporting the US,” Pescatore said.
Yahoo News Hacked
circumventing copyrights on Adobe Systems software.
Barbara Gengler
DMCA
Security experts are warning of a most damaging kind of attack, the manipulation of content on trusted websites. The most recent exploitation took place when a 20-year old hacker rewrote the text of a Yahoo news story by accessing the portal’s Web-based production tools.
Adrian Lamo manipulated a 23 August news story about Dmitry Sklyarov, a Russian computer programmer, facing federal criminal charges under the Digital Millennium Copyright Act, for
The DMCA, which was passed in 1998, broadly outlines restrictions on the distribution or sale of any product, service or technology that circumvents access protections to copyrighted material. The DMCA also includes provisions concerning details on safe harbor, damages and notice and takedown practices. 5
reports Lamo altered Yahoo’s copy of a Reuters’ story that described a delay in Sklyarov’s court proceedings, so the text reported incorrectly that the computer programmer was facing the death penalty, if convicted. The appropriate maximum sentence is five years in prison. The text went on to say that Attorney General John Ashcroft held a press conference about the case before “cheering hordes”. It also incorrectly quoted Ashcroft as saying, “They shall not overcome. Whoever told them that the truth shall set them free was obviously and grossly unfamiliar with federal law.”
SecurityFocus views Yahoo news, which learned of the attack from security intelligence firm, SecurityFocus.com, said it had taken steps to close the security hole. “Yahoo takes security across its network very seriously, and we have taken appropriate steps to restrict unauthorized access to help ensure that we maintain a secure environment,” Kourosh Karimkhany, senior producer at Yahoo news, said in a statement. Yet, SecurityFocus.com said the incident highlighted how efficient the Internet could be as a means for quickly spreading misinformation.
AT&T Protects Routers Against DDos Attacks Barbara Gengler AT&T Labs Research has been working on a new router-based defence to control Distributed denial-of-service attacks, which have become a more frequent global Internet occurrence. DDoS attacks are those in which multiple systems worldwide are taken over and used to flood targets with false requests for service. This causes the target to overload and deny response to legitimate users.
Pushing back The AT&T team has been working on what they call a Pushback mechanism, which allows routers to identify malicious traffic patterns and react to efficiently defeat the denial-of-service attacks. AT&T Labs researcher Steven Bellovin explained that during a DDoS attack, the arriving packets do not obey end-to-end congestion control algorithms, instead, they bombard the victim, causing the well-behaved flows to back off. In addition, a large-scale DDoS attack not only causes trouble to the intended victim, but also interferes 6
with other traffic that may happen to share a portion of the heavily congested network. According to Bellovin, if the packets belonging to an attack could be detected and only those dropped, the problem would be solved. He explained that routers could not tell with total certainty whether a packet actually belongs to a 'good' or a 'bad' flow. “Our goal will be to try to identify most of the bad packets, while trying not to interfere with the goods ones.” He said functionality has been added to routers that help relieve congestion caused by the subset of traffic, called an aggregate, and which do not obey TCP-like congestion control. Such aggregates are identified, usually at an access router, and preferentially dropped.
According to a SecurityFocus report, Lamo said he was acting to make Yahoo’s security lapses obvious. Lamo, who said he was troubled by how easily he got access to Yahoo’s news pages, said he exploited a flaw that let its corporate network be tricked into thinking it was communicating with an internal computer. Lamo also said he had changed other Yahoo news stories over the past few weeks. Since the incident, Yahoo has declined to comment on the specifics of the hack and would not comment on whether it planned to take legal action against Lamo.
“We have implemented this approach under the advanced Unix operating system, FreeBSD, and we have shown promising results for how such a system could be incorporated in core routers,” he said. Bellovin added that the researchers already know from simulations that Pushback is a promising way of combating DDoS attacks and flash crowds. “There are some aspects that are easy to simulate, but real code running on real machines allows us to explore the details of a real system,” he said.
Future plans According to the researchers, better data on topologies, attacker source lists and more information about sustained periods of congestion, are still needed. Bellovin said the team also plans to investigate using features such as the Committed Access Rate in Cisco routers to implement the rate-limiting, while sniffing traffic on both incoming and outgoing links of each router. This will allow the researchers to detect congestion and dropped packets, even if the router itself cannot report them. AT&T is also working with the Internet Engineering Task Force (IETF) on router protocols.
Cyber Skirmishes — Hackers Threaten, Government Warns John Sterlicchi
As hackers around the world think about launching cyber skirmishes in the wake of recent terrorist attacks, one group of online vigilantes claims it has already destroyed data and Internet connections within Afghanistan and Palestine. Calling themselves, the Dispatchers, the group claims to have already disabled several Palestinian Internet service providers and warned that ISPs based in Afghanistan will be next “with the intent to destroy them and disable any use,” said one warning on a website defaced by the Dispatchers. “We, as a group of individuals, have taken a stand, armed with technology to disable our target in every method possible,” the group said in the statement. “As of 11 September 2001, we have united to fight back and to show that we will not tolerate this anymore.” Many hacker attacks were targeted specifically at sites connected to Afghanistan. One site, the Afghan News Network at www.myafghan.com, was reportedly knocked offline for 15 hours after an attack. According to an email, the operator of the site said: “We have received lots of hate email from people.”
Meanwhile the FBI’s National Infrastructure Protection Center (NIPC) issued an advisory, warning companies of increased hacking activity in the name of “patriotism”. The NIPC initially warned companies to beware of an increase in online activity. “Infrastructure owners and operators should be at a heightened state of alert and should implement appropriate security measures, both physical and cyber,” NIPC said. During a congressional committee meeting Michael Vatis, a former FBI assistant director and former head of the NIPC, said he believes the threat is “even greater today then it was before September 11.” Vatis based his prediction on an analysis, which found an increase in cyberattacks in connection with physical conflicts, such as the Israeli-Palestinian conflict and the US-China spy plane incident.
Bob Cohen, senior vice president of the trade group, Information Technology Association of America, said: “I don’t think it is out of the realm of possibilities that cyber terrorism could be used as one ingredient of a larger plan or perhaps another mechanism to create disturbance.” Furthermore, analysts, such as Gartner’s John Pescatore, have been advising companies on how to handle cyber terrorism threats, which he expects will occur as a result of US military assaults on terrorist camps in Afghanistan and elsewhere. Pescatore said: “The recent terrorist strikes, and the anticipated reprisals, dramatically increase the risk of cyber attacks. Enterprise should prepare for more assaults and increased Internet security requirements as companies have not made much progress against denial-ofservice attacks.” He recommended that enterprises immediately check their Internet-exposed systems and servers for vulnerabilities and test their cyber incident response plans. If enterprises use computing facilities outside North America as their primary Internet connections or computing centres, they should begin preparing for backup operations at North American sites. “Any military reprisals the US makes will inevitably lead to cyber-attacks against US Government, financial and political Internet sites, as well as similar sites in countries seen as supporting the US,” Pescatore said.
Yahoo News Hacked
circumventing copyrights on Adobe Systems software.
Barbara Gengler
DMCA
Security experts are warning of a most damaging kind of attack, the manipulation of content on trusted websites. The most recent exploitation took place when a 20-year old hacker rewrote the text of a Yahoo news story by accessing the portal’s Web-based production tools.
Adrian Lamo manipulated a 23 August news story about Dmitry Sklyarov, a Russian computer programmer, facing federal criminal charges under the Digital Millennium Copyright Act, for
The DMCA, which was passed in 1998, broadly outlines restrictions on the distribution or sale of any product, service or technology that circumvents access protections to copyrighted material. The DMCA also includes provisions concerning details on safe harbor, damages and notice and takedown practices. 5
reports Lamo altered Yahoo’s copy of a Reuters’ story that described a delay in Sklyarov’s court proceedings, so the text reported incorrectly that the computer programmer was facing the death penalty, if convicted. The appropriate maximum sentence is five years in prison. The text went on to say that Attorney General John Ashcroft held a press conference about the case before “cheering hordes”. It also incorrectly quoted Ashcroft as saying, “They shall not overcome. Whoever told them that the truth shall set them free was obviously and grossly unfamiliar with federal law.”
SecurityFocus views Yahoo news, which learned of the attack from security intelligence firm, SecurityFocus.com, said it had taken steps to close the security hole. “Yahoo takes security across its network very seriously, and we have taken appropriate steps to restrict unauthorized access to help ensure that we maintain a secure environment,” Kourosh Karimkhany, senior producer at Yahoo news, said in a statement. Yet, SecurityFocus.com said the incident highlighted how efficient the Internet could be as a means for quickly spreading misinformation.
AT&T Protects Routers Against DDos Attacks Barbara Gengler AT&T Labs Research has been working on a new router-based defence to control Distributed denial-of-service attacks, which have become a more frequent global Internet occurrence. DDoS attacks are those in which multiple systems worldwide are taken over and used to flood targets with false requests for service. This causes the target to overload and deny response to legitimate users.
Pushing back The AT&T team has been working on what they call a Pushback mechanism, which allows routers to identify malicious traffic patterns and react to efficiently defeat the denial-of-service attacks. AT&T Labs researcher Steven Bellovin explained that during a DDoS attack, the arriving packets do not obey end-to-end congestion control algorithms, instead, they bombard the victim, causing the well-behaved flows to back off. In addition, a large-scale DDoS attack not only causes trouble to the intended victim, but also interferes 6
with other traffic that may happen to share a portion of the heavily congested network. According to Bellovin, if the packets belonging to an attack could be detected and only those dropped, the problem would be solved. He explained that routers could not tell with total certainty whether a packet actually belongs to a 'good' or a 'bad' flow. “Our goal will be to try to identify most of the bad packets, while trying not to interfere with the goods ones.” He said functionality has been added to routers that help relieve congestion caused by the subset of traffic, called an aggregate, and which do not obey TCP-like congestion control. Such aggregates are identified, usually at an access router, and preferentially dropped.
According to a SecurityFocus report, Lamo said he was acting to make Yahoo’s security lapses obvious. Lamo, who said he was troubled by how easily he got access to Yahoo’s news pages, said he exploited a flaw that let its corporate network be tricked into thinking it was communicating with an internal computer. Lamo also said he had changed other Yahoo news stories over the past few weeks. Since the incident, Yahoo has declined to comment on the specifics of the hack and would not comment on whether it planned to take legal action against Lamo.
“We have implemented this approach under the advanced Unix operating system, FreeBSD, and we have shown promising results for how such a system could be incorporated in core routers,” he said. Bellovin added that the researchers already know from simulations that Pushback is a promising way of combating DDoS attacks and flash crowds. “There are some aspects that are easy to simulate, but real code running on real machines allows us to explore the details of a real system,” he said.
Future plans According to the researchers, better data on topologies, attacker source lists and more information about sustained periods of congestion, are still needed. Bellovin said the team also plans to investigate using features such as the Committed Access Rate in Cisco routers to implement the rate-limiting, while sniffing traffic on both incoming and outgoing links of each router. This will allow the researchers to detect congestion and dropped packets, even if the router itself cannot report them. AT&T is also working with the Internet Engineering Task Force (IETF) on router protocols.