[defaced-commentary] Guilty plea in Al-Jazeera site hack

[InfoSec News <isn () c4i org>]

---------- Forwarded message ----------
Date: Thu, 12 Jun 2003 20:52:22 -0400 (EDT)
From: security curmudgeon <jericho () attrition org>
To: defaced-commentary () attrition org
Subject: [defaced-commentary] Guilty plea in Al-Jazeera site hack 


Guilty plea in Al-Jazeera site hack
By Robert Lemos
Staff Writer, CNET News.com
June 12, 2003, 12:30 PM PT
http://news.com.com/2100-1002-1016447.html

A central California man plead guilty Thursday to two charges stemming
from an attack on the Web site of the Arab news service Al-Jazeera
during the early days of the Iraq conflict.

In a plea agreement with the U.S. Attorney's office for the Central
District of California, John William Racine II, a 24-year-old Web
designer, admitted to tricking VeriSign subsidiary Network Solutions
into giving him ownership of the aljazeera.net domain. Racine said he
then redirected visitors to that Internet address to another site,
where they were greeted by an American flag and the phrase "Let
freedom ring." The Norco, Calif., resident turned himself in to FBI
agents on March 26, according to the plea agreement.

"Racine gained control of the aljazeera.net domain name by defrauding
Network Solutions, where Al-Jazeera maintained an account for its
domain name and e-mail services," the U.S. Attorney's office said in a
statement.

Racine, also known as "John Boffo," used a false photo identification
card and forged signature to impersonate an Al-Jazeera systems
administrator and get control of Al-Jazeera's account, according to
the plea agreement. In doing so, he gained control of where any data
sent to aljazeera.net--including Web page requests and
e-mail--ultimately ended up.

The actual defacement appeared on a free Web site service provided by
NetWorld Connections. Technically known as a "redirect," the hack
caused Web browsers that attempted to go to www.aljazeera.net--as well
as the English-language site, english.aljazeera.net--to be
surreptitiously redirected to the content hosted on NetWorld's servers
and see the American flag instead.

For an entire week in late March, Al-Jazeera had to contend with
technical problems and hackers that caused the site to be unavailable
as often as not.

The Arabic and English news service, based in Doha, Qatar, found
itself the focus of controversy during the war in Iraq for its
coverage of the conflict. Opponents charged the Arab news group with
bias, but many others have tuned into the young network's TV
broadcasts and Web site for an alternative view of the issues
surrounding the war and America's occupation of the Middle Eastern
country.

Al-Jazeera also had to face its reporters being barred from the New
York Stock Exchange and the Nasdaq after the Pentagon criticized the
news agency coverage of the war. Some U.S. officials commented that
pictures and video that showed prisoners of war and dead American
soldiers violated the Geneva Conventions on the treatment of captured
soldiers and casualties.

The plea agreement states that on March 24, after the initial verbal
salvos between U.S government officials and Al-Jazeera, Racine
searched the Internet and found that Muhammed Jasim AlAli was listed
as the administrative contact for the Arab news service's Internet
domain, aljazeera.net. He then created an account on Microsoft's
Hotmail and impersonated AlAli in telephone messages and e-mail to
VeriSign, claiming that he needed to have the account password
changed. Unable to answer a challenge question by a VeriSign employee,
he said he would call back later.

Racine then created a false photo identification card with the name
"Mohammed Jasim AlAli" and forged an authorization form that requested
VeriSign change the password. He sent the documents to VeriSign
subsidiary Network Solutions and followed up with a telephone call.
Based on that documentation and the phone call, VeriSign changed the
password on March 25, the plea agreement stated.

On March 27, after the defacement gained media attention, VeriSign
suspended the Al-Jazeera account. By then, Racine had already
contacted the FBI and provided the agency with evidence of what he had
done, the plea agreement stated.

Racine "admitted that he knew his conduct was unlawful and voluntarily
provided the documents and information to the FBI to assist in its
criminal investigation," the agreement said.

Racine could have faced up to 25 years in prison and a fine of
$500,000. However, the U.S. Attorney's office has agreed to request a
much lighter sentence: three years of probation and 1,000 hours of
community service. The ultimate decision on the sentence, however,
resides with the judge.

Racine signed the plea agreement on Thursday, said the U.S. Attorney's
office. He will be arraigned in court Monday.

VeriSign couldn't immediately comment on the case.


-
The information and commentary is Copyright 2003, by the individual author.
Permission is granted to quote, reprint or redistribute provided the text is not
altered, and the author and attrition.org is credited. The opinions expressed
in this mail are not necessarily the opinion of all Attrition staff members.

Commentary Archive: http://www.attrition.org/security/commentary/
The Attrition Mirror: http://www.attrition.org/mirror/attrition/
Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html
Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html
Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html

Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html
Contacting Attrition Staff: staff () attrition org

To subscribe to Defaced Commentary, send mail to majordomo () attrition org
with "subscribe defaced-commentary" in the BODY of the mail (without
quotes). To unsubscribe, include "unsubscribe defaced-commentary" in
the BODY of the mail.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.