Re: Is Military Hiding Hacks?

["B.K. DeLong" <bkdelong () pobox com>]

At 07:46 PM 06/05/2001 -0400, Jonathan Rickman wrote:

> I'm sure they are. Why not block Attrition? Attrition provided several
> services to alert administrators via email or alpha pager. AFAIK Alldas
> does not. I could be wrong as I haven't visited in a while, and am
> composing this offline.

Not only that, but Attrition never did full nmaps of every mirror they took 
and post the full information up for anyone to see (and exploit). The only 
nmapping we did was of a few common ports and the only information we ever 
stored was OS fingerprinting. Of course the Army and other Defense 
Department groups would block Alldas - they're performing an intrusive scan 
each time they take a mirror and then leaving up resulting data for any 
kiddie to use.

> > Taltos, a Budapest-based hacker, said that he believes the U.S.
> > military is operating on the theory that if hackers get no glory from
> > defacing websites, they will scamper away and hack sites that can be
> > mirrored in Alldas' archive.
>
> ...which might very well be true in many cases.

I'm MIGHTY suspicious of this "Taltos" character. This is the *12th* 
Michelle Delio Wired article he's been quoted in since February and I 
haven't seen any work he's done or information he's produced in the hacker 
community. Has anyone else? All I can find are Wired articles he's been in 
(http://www.google.com/search?q=Taltos+hacker+&hl=en&lr=&safe=off)


> > He also suggests that a bit of national pride may be at work.
> >
> > "The U.S. military allowed American-defacement-archive Attrition to
> > mirror defacements of U.S. military sites. But when Attrition
> > announced it was ceasing to archive defacements, the military must
> > have decided that they didn't want some foreign site mirroring
> > defacements of American sites," Taltos said.

Good god, this guy knows nothing. I know of two reporters from major US 
media publications who went straight to the Army/Navy and flat-out asked if 
and why they were blocking Alldas. The answer was simple - their nMap scans 
were setting off alarms and they then publicly posted the data. National 
pride my ass.

> Nope...I'm sure the gang at Attrition can review their logs and debunk
> that theory. The mirror page at Attrition was one of the most frequently
> visited sites (by IT folk) when I was on active duty. American military
> personell are not totally clueless...despite what many may think. I think
> too many people mistake not giving a wet rat's ass (hereafter referred to
> as WRA), for lack of knowledge.

Definitely....we know for a fact that people from the FBI, DoDIG, FedCirc, 
JTF-CNO, DSIC etc all looked at and used our mirror on a regular basis. 
There is no way they're "just finding out" about our mirror because our 
mirror-taking program auto-notified the NIPC with every defacement, FedCIRC 
with every .gov/.mil defacement and individual admins based on Internic 
domain info for each defacement. I think it was impossible for them NOT to 
know with the notification we were doing, mostly to cover our ass so we 
didn't get accused of having prior knowledge of said incident.

> > I think it's quite likely that someone, some top level person, may
> > have suddenly become alerted to the existence of defacement mirrors
> > when all the media ran stories on Attrition last week, checked it out,
> > discovered that plenty of military sites had been defaced and hung in
> > the hall of shame, and decided to call a total cease fire on
> > archiving."

Morons. Michelle Delio quotes morons!

> > Said Marquis Grove at Security News Portal, a security news site: The
> > problem with this slight-of-hand trick is that someone in the military
> > is probably going to try to take credit for having greatly reduced the
> > number of hacked websites and point to the statistics generated over
> > at Alldas as proof."

Doubtful. There's enough checks and balances in the government to keep that 
from happening. Even if there were no defacement mirrors, the GAO will 
still run around bitch-slapping various agencies with reports of just how 
insecure their network is.

All Alldas has to do is stop doing a full nMap of .mil and .gov servers, 
stop posting ALL of the resulting info from those scans on the mirror and 
once they bring the attention of that cease-fire, (so to speak), to the 
military's attention, I'm sure they will be unblocked.

Christ....people are so dense.


ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.