[defaced-commentary] Washington Post's Tech site hacked

[InfoSec News <isn () c4i org>]

---------- Forwarded message ----------
Date: Tue, 29 Jan 2002 21:47:04 -0500 (EST)
From: security curmudgeon <jericho () attrition org>
To: defaced-commentary () attrition org
Subject: [defaced-commentary] Washington Post's Tech site hacked 


http://www.washingtonpost.com/wp-dyn/articles/A51403-2002Jan28.html

By Nicholas Johnston
Washington Post Staff Writer
Tuesday, January 29, 2002; Page E05 

Computer hackers attacked the Web site Washtech.com yesterday evening,
replacing content on the news site's home page with taunts to the site's
administrators and greetings to fellow hackers. The attack occurred around
6 p.m., and the bogus content on the home page was visible for about 20
minutes before administrators could shut the site down.

As of last night, officials at Washtech, a Web site for technology news
that operates alongside washingtonpost.com, did not know how the attack
was conducted or when the Web site would be back online. At about 8:20
p.m., the main page of Washtech was rudimentarily rebuilt with a few
headlines and links.

"As soon as we learned about it, we took the site down," said Valerie
Voci, Washtech's publisher. "We're still assessing what the security
breach was." 

The Washington Post's main news site, washingtonpost.com, runs on separate
computers from the Washtech site and was not affected by the attack, Voci
said. Both Web sites are run by Washingtonpost.Newsweek Interactive, the
Internet arm of The Washington Post Co. 

"It's a dangerous neighborhood out there," said Alan Paller, director of
research at the SANS Institute, an Internet security research and
education organization in Bethesda. "There are certain attacks that nobody
can block. . . . If your people aren't absolutely, all the time on the
latest patches, you're going to get hit." 

The message on the Web site included names tied to a group known as aCid
fAlz Group. The group's Web site said the group defaces Web pages only as
a means of exposing security holes in server software. It does this by
changing a site's index file, the first page displayed on a site. That was
the file altered on the Washtech Web site. 

E-mails sent to members of the group were not returned; a phone number
listed for the administrator of the aCid fAlz Web site was not in service. 

Under the National Information Infrastructure Protection Act of 1996,
unauthorized access of a computer that results in damages in excess of
$5,000 can result in a fine or imprisonment of up to five years. A recent
study found there were 52,658 network security breaches last year. Another
study found that 41 percent of companies surveyed by a local Internet
security firm reported a security breach that compromised their computer
system. 

"This happens on the Internet," Voci said. "Unfortunately it's happened to
us." 



-
The information and commentary is Copyright 2001, by the individual author.
Permission is granted to quote, reprint or redistribute provided the text is not
altered, and the author and attrition.org is credited. The opinions expressed
in this mail are not necessarily the opinion of all Attrition staff members.

Commentary Archive: http://www.attrition.org/security/commentary/
The Attrition Mirror: http://www.attrition.org/mirror/attrition/
Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html
Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html
Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html

Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html
Contacting Attrition Staff: staff () attrition org

To subscribe to Defaced Commentary, send mail to majordomo () attrition org
with "subscribe defaced-commentary" in the BODY of the mail (without
quotes). To unsubscribe, include "unsubscribe defaced-commentary" in
the BODY of the mail.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.