Lucent says Mideast hackers attacked Web site

[William Knowles <wk () C4I ORG>]

http://news.cnet.com/news/0-1007-200-3368676.html?tag=st.ne.1002.bgif.ni

By Erich Luening
Staff Writer, CNET News.com
November 2, 2000, 3:30 p.m. PT

Just days after the FBI warned that the cyberwar raging in the Middle
East between hackers from both sides of the conflict could spread to
the United States, Lucent Technologies on Thursday confirmed that its
Web site was the victim of at least one attack by pro-Palestinian
hackers.

Lucent, based in Murray Hill, N.J., may be the first of many U.S.
companies and government agencies to be targeted by pro-Palestinian
hackers because of its ongoing business in Israel, experts said.

"There could be other organizations hit here in the U.S., but this is
the first U.S. corporation named directly on target lists being
circulated by pro-Palestinian hacker groups I've seen so far," said
Ben Venzke, director of intelligence production at iDefense.

The Fairfax, Va.-based Internet security company has been monitoring
the cyberattacks by pro-Palestinian and pro-Israeli groups that have
mounted in recent months because of the violence in Israel.

Lucent was hit by what is called a Defend tool, which is similar to
the FloodNet program designed and used by Zapatista rebels against the
Mexican government during that civil war, Venzke said.

An individual hacker has to target a specific Web site using the
Defend tool. Once it is set up and hitting the Web site, it constantly
refreshes the page every 2.5 seconds. The only way it can do damage is
if thousands of hackers target the same Web site. If requests to the
Web page from the attackers come fast enough, the target computer will
freeze up.

The Defend tool is different from the Tribe Flood Network, which is
more powerful and harder to detect than this version because an
attacker secretly embeds software into hundreds of computers, Venzke
said. Then, at a selected time, a command is issued that prompts the
infected computers to swamp a target Web site or server with messages
in a so-called denial-of-service attack. The program does not damage
the "infected" computers or the target, but the sudden flood of
messages typically knocks out the target system.

"Lucent, like many other companies, is doing business in Israel and
has been named as a target by Unity, a pro-Palestinian group" that
ironically has had a number of its Web sites attacked by pro-Israeli
hackers, Venzke said.

The attack on Lucent comes just days after the FBI issued a warning
that the recent email flooding and denial-of-service attacks that
shuttered and defaced both Israeli and Palestinian Web sites in the
past month could "spill over" to the United States.

Although he would not detail the type of attack on his company's Web
site, Lucent spokesman John Skalko said the attack was proven to have
come from pro-Palestinian hackers.

"We're aware of this stuff coming from all over the world," Skalko
said. "We were ready for this attack because of what we learned from
the 'Melissa' attacks last March. That was a wake-up call for all of
us. We're always on alert and looking for these types of things to
occur."

The Melissa virus struck individuals and businesses hard when it first
hit the Internet, causing more than $80 million in damage. The $80
million total was related to the time spent by systems administrators
to clear the virus off affected computers.

Although Melissa was an email-related virus, Skalko said the security
awareness at his company sparked by the virus allows it to meet
cyberthreats early on.

So far, pro-Palestinian attackers have hit at least 30 sites, and at
least 15 sites have been hit by pro-Israeli attackers, according to
iDefense.

Echoing the earlier warning from the FBI, Venzke said government
agencies and businesses in the United States should be prepared for
anything as the conflict continues in Israel.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".