FC: More on "anti-terrorist" hackers targeting innocent sites

[Declan McCullagh <declan () well com>]

Previous message:

"'Anti-terrorist' hackers reportedly target attrition.org mirror"
http://www.politechbot.com/p-02700.html

*********

From: "Essenberg, Ivo" <ivo.essenberg () itu int>
To: "'declan () well com'" <declan () well com>
Subject: RE: "Anti-terrorist" hackers reportedly target attrition.org mirr
        or
Date: Wed, 24 Oct 2001 10:25:58 +0200

Declan,

You might be interested in the attack on Security News Portal at:

        http://www.securitynewsportal.com/

also supposedly committed by Kimble's group.

Cheerio,

Ivo

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ivo Essenberg <mailto:ivo.essenberg () itu int>
Strategy and Policy Unit
International Telecommunication Union <http://www.itu.int>
Place des Nations, 1211 Geneva, Switzerland
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

*********

Date: Wed, 24 Oct 2001 10:46:58 -0400
Content-Type: text/plain; charset=us-ascii
From: " Scully () cipherwar com" <Scully () cipherwar com>
To: security curmudgeon  <jericho () attrition org>
CC: <declan () well com>
Subject: YIHAT and Kimble

Jericho and Declan,

In reference to:

http://www.attrition.org/news/content/01-10-22.001.html
Kimble & YIHAT Morons Threaten Attrition

I recall a few weeks back a defacer had done some defacing in the name of 
YIHAT and Kimble came out with this big statement about how they weren't 
about defacing.  Their mission was on the index of http://www.kill.net/, 
which now appears to be voluntarily taken down.  But I remember very 
clearly it stated that Kimble and YIHAT did not encourage defacing.

Yesterday, I posted an item on Cipherwar about a SecurityNewsPortal article 
that fabricated a quote and presented it in a light that suggested I, or a 
colleague, said it.  Today, I received an email directing me to 
http://www.securitynewsportal.com where I find a statement by its editor 
explaining why they are shutting down the site.  The catalyst for the shut 
down appears to be their defacement done by Kimble.

"I have attached a copy of the defacement that replaced our web pages 
below.  Although it claims to have been done by Kimble, I would ask that 
you take that with a grain of salt... "
     -Marq of securitynewsportal.com

I just thought it was rather entertaining.  If Kimble did indeed do the 
defacement, it "suggests" that he is a hypocrite and a liar.

Below is the entire statement on Kimble's YIHAT website at 
http://www.kill.net/:

------------------
First Phase of Mission Completed - YIHAT Terminates All Public Activities

Munich, October 20, 2001

YIHAT, founded to acquire and coordinate a team of hackers with the goal of 
eliminating the electronic foundations of terroristic activities worldwide, 
has successfully completed the first phase of its mission: The team has 
reached the projected strength and has gathered a sufficient amount of 
information to launch the second phase of the YIHAT operation, which is to 
monitor, infiltrate and take control of the information infrastructure used 
by or supporting terrorists. Therefore, the public web site, www.kill.net, 
is no longer needed and has been closed down effective immediately in order 
to prevent the dissemination of confidential information to those who are 
not part of the core YIHAT team, and to take away motivation from those who 
- for good reason! - did not become part of the core YIHAT team from 
continuing to play around, e.g. defacing completely unrelated web sites.

The decision to take kill.net offline completely is also based on the fact 
that the additional administrative effort (mainly caused by DDoS attacks) 
has led to an inacceptable situation. YIHAT moves to the underground.

All communication between the core team members has been switched over to a 
new, confidential forum.

Kim "Kimble" Schmitz
Founder - Young Intelligent Hackers Against Terror
------------------


And the "mirror" of the Kimble defacement at http://www.securitynewsportal.com:


------------------
hacked by Kimble of YIHAT

Hello, world!

SECURITYNEWSPORTAL is temporarily down. We'd like to take this time to talk 
to you about some things.

There exists a cancer in the security community right now, and that cancer 
exists in individuals and groups who could be classified as scenewhores. 
These parties attempt to profit off the security community, without 
actually being a part of it.

For instance, SECURITYNEWSPORTAL.COM. This site was 
hacked/cracked/rooted/whatever with the ssh1/crc32 exploit. Sure, SNP 
staff, call us scriptkids. We won't argue that. But, what does it make you? 
Your server has been vulnerable to a bug that has been known of since 
February. You've built a popular "security" site (although, the truth is 
its complete garbage, but the masses don't realize that, hopefully they 
will start to now). Maybe if this weren't a "security" site, they would 
have an excuse for this compromise, but lets be realistic -- there is no 
reason for anything "security" related to be compromised by an eight-month 
old bug. And, especially after all the current discussion about the bug in 
"security" forums.

SECURITYNEWSPORTAL.COM makes money off their website. They encourage the 
actions of scriptkids. They encourage defacements. Why shouldn't they? They 
make money off their actions. SECURITYNEWSPORTAL.COM is more about 
insecurity than security; their business prospers. We are looking forward 
to hearing them bitch about this incident. Hypocrites.

Why do companies choose to advertise with an organization like 
SECURITYNEWSPORTAL.COM? Advertising with them supports them, why do you 
support them? Are you aware of what you're supporting? The people who run 
SNP are _NOT_ hackers, they do _NOT_ possess any knowledge pertinant to 
computer security; why is your money with them? Why don't you donate to 
organizations that do _REAL_ security research? Why not invest your money 
somewhere better?

The era of security scenewhores is about to end. Well, not all scenewhores, 
just the ones who attempt to exploit the security scene for their own 
personal profit. SNP staff -- instead of trying to refute the claims 
against you, why don't you spend some time learning computer security? 
That'd be the intelligent thing to do. You probably want to get your 
capitalist machine up and running again though, don't you?

Everyone, please think of what we have said here. To the public, please 
take the time and ponder how "security minded" the staff of 
SECURITYNEWSPORTAL.COM are. Remember, this site was comprimised by an 
eight-month old bug. Sure, they'll bitch and moan about being the victim of 
some scriptkid, but what are they really saying? "We're too lame to 
understand the security advisories we mirror", or "We don't have the time 
to maintain security on this machine; all our time is invested in running 
this magnificent website", or even try to claim that it was a different 
vulnerability? To all who are advertising here, can you _PLEASE_ at least 
consider what you are supporting? You aren't supporting the security 
industry, the traffic you recieve back is from a "kiddie" population 
(anyone who frequents this site and thinks its worthwhile is either 
entirely ignorant of security matters, or a kiddie of some sort). It 
shouldn't be too hard to find more profitable and worthwhile ventures.

Incidently, if you're a real hacker, and looking to do some good for the 
world, please come to irc.booze.de/#yihat and speak with us. We're always 
looking to recruit new talent for our organization.

Sincerely,

Kim Schmitz (aka Kimble)
YIHAT Founder / Chief Hacking Officer
www.kill.net + www.kimble.org
+49 89 523520

<Kimble> to all the flamers, yihat will have thousands of members in a few 
month, be carefull! critics are ok, insults NOT!
--------------------




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------