WTC Survivor List Sites Battle Bogus Entries

[InfoSec News <isn () c4i org>]

http://www.newsbytes.com/news/01/170084.html

By Brian McWilliams, Newsbytes
NEW YORK, NEW YORK, U.S.A.,
13 Sep 2001, 8:40 PM CST
 
Operators of a Web site which maintains an authoritative but
unofficial list of World Trade Center attack survivors confirmed that
the service is occasionally prone to error. But the site's owner
denied rumors that NY.com had been hacked.

"We haven't experienced any violations of our security. Our biggest
problem in maintaining the survivor database is keeping the data
clean," said Charles Thayer, president of Mediabridge Infosystems,
which maintains the list at http://wtc.ny.com.

With over 17,800 entries from site users, the NY.com list is one of
the largest of a dozen or so online survivor databases that have
sprung up since the twin towers crumbled from a terrorist attack
Tuesday.

But the site's data, which is mirrored by a handful of other sites
around the world, has frequently been corrupted with obviously bogus
entries such as "Bart Simpson" and "Elvis Presley," according to
Thayer.

While the site's operators edit out false entries as quickly as
possible, NY.com, like other operators of survivor lists, cautions
users that it cannot guarantee the accuracy or authenticity of the
information.

The phony listings have led some to speculate on Internet e-mail lists
and message boards today that hackers have infiltrated the site. There
have even been reports of people accessing information that turned out
to be incorrect.

But with cell phones and other telecommunications in the city still
disrupted by Tuesday's devastation, many friends and family of
individuals in the vicinity of the attack depend on the Web for
information about survivors.

The official site of New York City, at nyc.gov, maintains no survivor
list, although it has published several hotline numbers for reporting
missing persons.

To prevent fraud and to speed identification, some alternative
survivor lists, such as the "I'm Okay Message Center" maintained by
Prodigy Communications, allow but do not require those who report a
survivor to include data such as birth year, home zip code, and other
identifying information.

Still, Prodigy spokesperson Denise Clarke Fraser said editors of the
site, which is hosted at the company's data center in Yorktown
Heights, just outside New York City, have numerous times had to pluck
phony listings from the tally, which currently includes 5,400 names.

"Our feeling is, if we can help even one family connect with a loved
one, then we've done what we wanted to do," said Thayer, who reported
that the site has handled 1.3 million searches since it went online
six hours after the attacks.

While some security experts are cautioning site operators everywhere
in the country to be vigilant about potential terrorist cyber-attacks,
Thayer said he is not concerned about the possibility of attempted
breaches of the site.

"A great many companies are helping distribute the load by mirroring
our data. If our site went down right now, the list would still be
available. An attack against us would be futile," he said.

To beef up the site's ability to handle search requests -- and harden
its security at the same time -- NY.com's survivor site is being
transferred this evening to facilities operated by Loudcloud, a
California-based managed services provider which is donating several
servers and routers to handle the task, according to vice president
Jason Rosenthal.

NY.com's WTC survivor list is at: http://wtc.ny.com .

Prodigy's "I'm Okay Message Center" is at http://okay.prodigy.net .

A list of other WTC survivor lists can be found at
http://www.shunn.net/okay/ .

Loudcloud is online at http://www.loudcloud.com .



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.