Auction Web site offers $25,000 hacker bounty

[William Knowles <wk () C4I ORG>]

http://www.theregister.co.uk/content/1/13350.html

By: Thomas C Greene in Washington
Posted: 19/09/2000 at 08:12 GMT

On-line auction outfit Bidbay is offering a $25,000 bounty for
information leading to the conviction of malicious intruders who shut
down their operation intermittently for two days starting 7 September,
rendering service unavailable to users.

The hacking underground is sure to resent the idea of offering
financial incentives to rat on one's buds, but the company is
unapologetic. "Our CEO feels that if you start talking to people's
pocket books, you're more likely to get a response," Bidbay spokesman
Tim Allison told The Register. "He takes it kind of personally when
people mess with our site," Allison added.

The company believes it was not the ultimate target in the attack, but
rather that the intruders broke in to commandeer Bidbay's gear for
attacks on other targets. An aggressive port-scan is what rendered the
service unavailable, gobbling up "over ninety megs of bandwidth on one
server alone," a member of the engineering crew told us.

The company traced the attack back to a porno site, which it declined
to name, which also came under attack; but the use of numerous
intermediate machines made it impossible to pinpoint the true origin.

As the trail went cold, Bidbay bit the bullet, passed the hack logs on
to the FBI, backed up their data, re-formatted and started fresh.

Perhaps this explains why there is such a modest amount of merchandise
offered on the site, and why there should be so little bidding
activity. With a few exceptions, categories advertised with fifty
items often have one or none, and ones claiming over a hunderd often
have ten or twenty. This could be a problem related to the hack, of
course.

Another explanation could be that the hacking bounty is a bid for
publicity in the guise of news. We don't know, but it wouldn't be the
first time such a thing has happened.

Bounty hunters may e-mail Bidbay CEO George Tannous or ring
1-877-424-3229. The company says that all information offered will
remain confidential.

George Tannous <bidpayceo () bidpay com>


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".