NASA not amused by Web vandalism

[InfoSec News <isn () C4I ORG>]

http://www.zdii.com/industry_list.asp?mode=news&doc_id=ZD2671675

January 5, 2001 5:43pm
By Robert Lemos ZDNet News

NASA said Friday it nabbed an Internet vandal who allegedly broke into
one of its Web sites and left a message urging the space agency to
beef up security.

On Dec. 26, agents from NASA's Office of the Inspector General charged
Matthew S. Lawrence of Shelton, Conn., with violations of state law
for hacking into the Goddard Space Flight Center's human resources
site last February and defacing a Web page.

Lawrence allegedly defaced the human resources department's home page,
under the alias "Mr_Min," by adding a single line of text to the
bottom of the Web page--"i know you have good intentions, but fix me
please. mr_min."

That's not the way to report a security hole, said Jim Jackson,
eastern supervisory special agent for NASA's OIG computer crime
division. "If there is a problem, send us email. Once you take steps
to modify something, you break the law. We have no choice. We have to
follow through."

Good Samaritan?

Last March, someone posted a similar message to the Web site of
e-Financial, using the Mr_Min name: "fix this problem of yours before
someone else takes advantage of this unlike me--mr_min."

NASA agents cooperated with the Shelton Police Department. Lawrence,
who was 18 at the time of the break-in, will be prosecuted in state
court as an adult.

In a statement, NASA cited damages associated with the defacement as
the "labor costs to rebuild the computer system" and that the attack
"kept the Web server out of service for almost a month." Jackson
estimated the overtime costs related to repairing the site at about
$1,700.

While NASA seemed ready to pin the entire cost of the repairs on
Lawrence, the suspected Net vandal wasn't the only one to deface the
site. According to security site Attrition.org, another group of
vandals posted more extensive changes to the human resources page on
February 10, the same day Lawrence allegedly left his note.

While "Mr_Min" was the least destructive and even seemed to have
altruistic motives, another group of vandals replaced the page with
their own--a combination of graphics and a diatribe in Portuguese.

A 'nonintrusive kid'

B.K. Delong, a staff member at Attrition.org, believes that Lawrence
and the other vandals are not related. "I don't think Matthew Lawrence
of Connecticut is a fluent speaker of Portuguese," he said.

Delong said he believes that the group was likely based in the
Portuguese-speaking country of Brazil, which has become an incubator
for Web vandals in recent years.

While stressing that NASA investigators have generally done their jobs
well, Delong questioned whether they went after the wrong individual
in this case.

Calling Lawrence a "nonintrusive kid," Delong said, "Did they go after
him because he was the easiest to find? You don't really see them
pulling in the big groups."

NASA's Jackson said the agency has to go after whomever they find
tresspassing on their sites. He would not say whether the
investigation had concluded.

With only small successes under its belt and computers that have a
reputation for being insecure, NASA will most likely see defacements
continue unabated, Delong said.

"This probably won't scare the kids," he said. "As long as NASA
machines are easy to break into, the kids are going to keep doing it."

NASA's Jackson seem to agree. "It is kind of a badge of honor to (pose
as) a NASA site. My job is to investigate what happens and to be a
deterrent.

"If NASA didn't get broken into, I would be out of a job."

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".