Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Bloor broadcast hacked with profanities

From: InfoSec News <isn () C4I ORG>
Date: Thu, 8 Mar 2001 22:48:00 -0600
http://www.vnunet.com/News/1118776

[Curious if anyone can forward a copy of this?  - WK]

By Liesbeth Evers
Network News
March 8, 2001

IT consultancy Bloor Research admitted that it was hacked last week
after its weekly newsletter to IT directors was laced with
profanities.

A Network News reader who received a copy of the hacked newsletter
counted 47 insertions of the "rudest word in the English language". He
commented that: "Bloor's clients are going to be a bit shocked when
they open this mail."

Bloor Research confirmed that it received many calls from IT
directors, who complained about the language. They were also concerned
the newsletter contained a virus, but this fear turned out to be
unfounded.

After defacing the newsletter, the mail server was crashed to cover
the hacker's tracks, destroying any clues. Bloor contacted security
companies, who said this was the first time that they had seen an
attack on an email broadcasting operation.

Robin Bloor, CEO of Bloor Research, said he was annoyed the server was
crashed, covering what the virus was or how it got in. "It was
probably a Trojan backdoor virus, but we are not sure how it got in.
We checked the firewall and its configuration was correct. Although a
firewall is theoretically impregnable, it does not mean it is in
reality."

The virus was contained at the isolated mail server because Bloor uses
a decentralised infrastructure. This prevented the virus spreading
across the network. "In a world without hackers, you would centralise
to save cost, but it's safer to keep a network decentralised," Bloor
said.

The mail server was set up with an unknown IP address, so anyone
approaching the firewall could only detect its presence if the server
was contacting the outside world. "The attack must have happened
during a broadcast. Otherwise they couldn't have known the IP address
to go through the firewall," Bloor said.

"I didn't think much of this type of attack several years ago, but it
shows how network managers must stay aware," Bloor said.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: