Information Security News mailing list archives
Hacking for Israel
From: William Knowles <wk () C4I ORG>
Date: Thu, 16 Nov 2000 04:17:16 -0600
http://new.globes.co.il/serveEN/globes/DocView.asp?did=450980&fid=984 Aviva Mishmari 15.11.2000 15:00 Ehud Tenenbaum ("the Analyzer") was only eighteen-and-a-half at the end of 1998 when he achieved his fifteen minutes of fame by breaking into the US Pentagon computer. The Tenenbaum trial has continued ever since and the defense is now entering its plea. In the meantime, it turns out that Tenenbaum has adapted himself to the Zeitgeist by serving as technical manager and security consultant in the 2XS company, which for its part cooperates with an anonymous organization, called the Israeli Internet Underground (IIU). The goal, part commercial and part patriotic, includes marketing the security services of Tenenbaums company to Israeli web sites. Are you worried that Arab hackers will break through your security wall? Here is your salvation. "We can protect you" The Globes site was one of hundreds of sites that received e-mail from the IIU a few days ago, along the lines of, We have discovered security problems on your site...at least one of the sites services contains a bug, through which your site can be broken into and damage caused. We call upon you not to let this happen. We can protect you from attacks by malicious hackers belonging to Islamic groups. All you have to do is download a security report from our site, free of charge, including repairs for the security defects. The letter is signed by a White-hatted Hacker Group (hackers intending to warn of security defects, not steal information, A.M.). So you are alarmed and enter the site. There you find a list of several hundred sites in which security faults were discovered a real economic Whos Who. There is also a list of sites already broken into, including educational institutions, such as the Kibbutz Seminar and the Open University in Jerusalem, and various religious web sites behold and beware. After you have been properly horrified and have decided to save yourselves by hiring the security services of 2XS, you will be asked to sign a statement absolving the company of liability for the information collected for it by the IIU. Ex-hackers Why is this necessary? For reasons of legal liability. The IIU claims, Our aim is the good of all the Israeli companies. The idea for the statement came from 2XS. It is important for a security company to emphasize that it has no link to the IIUs activity. Do they really cooperate with hackers, while washing their hands? They are ex-hackers, corrects 2XS manager Sharon Weiss. They claim they have information about a massive attack on Israeli sites in the coming weeks and came to us to offer a solution. Ehud Tenenbaum explains that the IIU doesnt really break into sites. These guys are serious people with a worthwhile purpose. They want to protect Israel, not attack it. They trace general problems. For example, if a given site relies on a certain version of a server known to have many bugs, it is vulnerable to break-ins. You dont have to break in to find that out; it is enough to go online and examine the server. That is not an intrusive scan. 2XS is nevertheless in need of honesty. Tenenbaum writes in an e-mail: I cant say that IIU has done anything illegal, because I am not sure, but 2XS will definitely not assume responsibility. In conversation, he says, Although we share their goals, we cant accept responsibility for the way they get the information. Publishing a list of web sites is a little vulgar and overly aggressive; we would have confined ourselves to a personal e-mail. Thats the way hackers are, though. Our legal department told us straight out dont be part of the process. Thats why we published a statement, clearly saying that we are not responsible for the information. Well, this is at least a pretentious sales trick, if not something worse. How much do 2XSs security services cost? Ladies and gentlemen, a one-time offer. At the moment, at least for the coming week, the solution is provided for free, in Tenenbaums cautious wording. Globes: What happens later? Meanwhile, you have a list of potential customers. Tenenbaum: Were not forcing anyone to work with us in the future. To sum up the package, you get half a service, based on half-information (general information), collected using unorthodox means, from which 2XS is careful to disassociate itself. Tenenbaum himself says, What they have done is very nice, but not so clever. All those involved, however, take an oath in the name of patriotism, the one and only excuse, covering everything. Whom can this help? We are a young company with good intentions. We work with complete sincerity. Its not a gimmick. Weve received hundreds of thank you letters, avers Tenenbaum. Gall One of the recipients of the alarming letter was Dapey Reshet web site founder and Internet journalist Ido Amin, who claims, When companies sign the declaration, they give the Analyzer a comprehensive authorization to any sites whatsoever. I regard this as unmitigated gall, all the more infuriating because it is done in the name of patriotism. If Israeli Internet people want to do something patriotic, they should unreservedly condemn the childish and immoral attacks on the Hezbollah sites. These actions brought in their wake counterattacks that paralyzed half of Israels e-mail system for several days running. The spirit of the Internet is free speech, even if you dont like the photographs shown on the Hezbollah sites. Adv. Samuel Tzang, representing Tenenbaum, told Globes he was unaware of this activity by Tenenbaum. Im not involved in it, Tzang said. Im only working on the criminal case. Asked by Globes if Tenenbaum is permitted to work on safeguarding sites or break-ins, Tzang replied, As long as this activity takes place within the law. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Hacking for Israel William Knowles (Nov 17)