[defaced-commentary] Hacker 'Doctor Nuker' Claims FBI Fingered Wrong Person

[InfoSec News <isn () c4i org>]

---------- Forwarded message ----------
Date: Wed, 31 Oct 2001 21:47:25 -0700 (MST)
From: security curmudgeon <jericho () attrition org>
To: defaced-commentary () attrition org
Subject: [defaced-commentary] Hacker 'Doctor Nuker' Claims FBI Fingered Wrong Person

Hacker 'Doctor Nuker' Claims FBI Fingered Wrong Person
   
By Brian McWilliams, Newsbytes
WASHINGTON, D.C., U.S.A.,
31 Oct 2001, 4:59 PM CST

A computer hacker who vandalized a pro-Israeli group's Web site said
law enforcement officials have issued an arrest warrant for the wrong
person.
   
In an online interview today, a Pakistani hacker who calls himself
Doctor Nuker said he was responsible for the Nov. 2000 attack on the
Web site of the American-Israel Public Affairs Committee (AIPAC).
   
But the hacker claimed a federal grand jury made a mistake last week
in indicting Misbah Khan of Karachi on four computer crime-related
counts.
   
"It's a girly name, sort of like calling a guy Mary Smith," said the
hacker, who claimed he is a 35-year-old male and that several other
people have used his nickname to deface sites.
   
In the defacement of the AIPAC site, Doctor Nuker posted a rant about
Israel's treatment of Palestinians, along with credit card numbers and
e-mail addresses of some of the group's members.
   
Each of the offenses carry fines of up to $250,000 and jail sentences
of up to ten years, according to the Justice Department.
   
The FBI will not disclose how it discovered the identity of Doctor
Nuker, a prolific Web site defacer and founder of a hacking group
known as Pakistan Hackerz Club.
   
In a DoJ press release, Lynne Hunt, the FBI agent handling the case,
said that "computer hackers often leave behind a more elaborate trail
of evidence than they realize, and we will follow that trail no matter
where in the world it leads."
   
The IP address contained in several e-mail messages from Doctor Nuker
to Newsbytes this month indicated he was using an Internet service
provider in Karachi. But the hacker claimed he merely uses insecure
servers in Pakistan to get online anonymously.
   
Brian Martin, one of the operators of the Attrition.org security
information site, said many Web site defacers give themselves away by
being the first to view their handiwork.
   
According to Martin, log files from defaced Web sites are combed by
investigators. Many attackers leave their footprints by browsing the
site prior to when the defacement appears on sites which publicize
security break-ins, he said.
   
"Many times you see (the attackers) viewing the defacement first. Five
minutes later, there will be a small flood of random addresses usually
from friends on Internet relay chat, and then the regular hits from
the mirrors," said Martin, who added that attackers may not realize
their Internet protocol (IP) address is being logged.
   
In the interview, Doctor Nuker refused to give his real name or
country of residence but said he was born in the U.S. and received
training as a medical doctor.
   
According to Doctor Nuker, the Department of Justice issued the arrest
warrants as a way to "scare hackers" but says that he plans to
continue defacing Web sites.
  
A spokesperson for Justice declined to say whether the government
would seek to have Khan extradited for trial in the U.S.
 
On Sept. 19, Doctor Nuker took credit for defacing the Web site of
World Trade Services, a California-based firm that facilitates
international e-commerce.
   
In a message left at the defaced site, the hacker suggested the U.S.  
government may have orchestrated the terrorist attacks on America to
justify widening its manhunt for Osama bin Laden.
   
A mirror of the AIPAC defacement is here:
http://www.attrition.org/mirror/attrition/2000/11/02/www.aipac.org/
   
   

-
The information and commentary is Copyright 2001, by the individual author.
Permission is granted to quote, reprint or redistribute provided the text is not
altered, and the author and attrition.org is credited. The opinions expressed
in this mail are not necessarily the opinion of all Attrition staff members.

Commentary Archive: http://www.attrition.org/security/commentary/
The Attrition Mirror: http://www.attrition.org/mirror/attrition/
Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html
Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html
Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html

Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html
Contacting Attrition Staff: staff () attrition org

To subscribe to Defaced Commentary, send mail to majordomo () attrition org
with "subscribe defaced-commentary" in the BODY of the mail (without
quotes). To unsubscribe, include "unsubscribe defaced-commentary" in
the BODY of the mail.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.