Arbitrary rant of the day 00-05-17

[William Knowles <wk () C4I ORG>]

Forwarded by: cult hero <jericho () attrition org>


One of the resources Attrition.org provides is mirroring defaced web
pages. One of the related services is running three mail lists revolving
around defaced web pages. We offer three different mail lists to
accomodate people wishing to stay abreast of the latest defacements:

        defaced - this list receives one piece of mail per domain hacked
                  and spans all TLDs regardless of country.

        defaced-gm - this list receives on piece of mail for each .gov
                  or .mil domain defaced. this caters to law enforcement,
                  security personnel, etc.

        defaced-alpha - this list contains the same traffic as
                  'defaced-gm', but sends it to alpha-numeric pagers. this
                  list caters to law enforcement.

The Attrition defacement mirror is fairly high profile. Articles from
almost every online publication ranging from the New York Times to MSNBC
to Slashdot have linked to our mirrors to show their readers what was
defaced or list other defacements by the same individual. There are
currently over one thousand subscribers to the various lists mentioned
above, with more joining every day.

Despite this high profile resource that is directly related to computer
crime, intrusion incidents and 'hacking' statistics, one of the most well
known computer crime organizations is just catching wind of us. CERT was
originally the Computer Emergency Response Team (www.cert.org) which
tracks computer intrusions, hacking incidents and web page defacements. In
doing so, they are essentially the government's answer to generating
statistics and responding to computer crime.

Almost six months after the creation of these mailing lists, even longer
after the creation of the defacement mirror, CERT finally subscribes to
one of the three lists. Rather than subscribg to 'defaced' to learn about
ALL web page defacements, this CERT employee opted to subscribe to
'defaced-gm' to learn about government/military sites being defaced.

Perhaps it is just me, but when you have a site like Attrition offering
these lists to everyone for free, it might be prudent to use those
resources. In generating statistics or tracking computer crime, why leave
out a bulk of the defacements that are occuring and only look at gov/mil?

Does this hint that CERT is not interested in the masses any longer?  That
only government and military sites deserve their attention? That lowly
.com, .net or .edu people aren't worthy of their attention? Ironic coming
from a group based out of Carnegie Mellon University.

One of the reasons Attrition stands out is that web defacers will report
their crimes to us.  Obviously, they will not run to CERT or law
enforcement and do the same.  Does this not seem like the perfect resource
for both to use? Juding from the amount of gov/mil subscribers to both
lists, it seems that law enforcement has figured it out pretty quick. Yet
CERT has not.

Who funds CERT?

   The CERT/CC is funded primarily by the U.S. Department of Defense and a
   number of Federal civil agencies. Other funding comes from the private
   sector.  As part of the Software Engineering Institute, some funds come
   from the primary sponsor of the SEI, the Office of the Under Secretary
   of Defense for Acquisition and Technology.

My tax dollars help fund CERT. Great. There is nothing more discouraging
than seeing a citizen funded organization not using free resources at
their disposal. Resources that would help them in their mission statement
and be more effective at what they do. With organizations like CERT
wearing blinders, computer criminals are a bit safer.

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".