Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[ISN] Call Them Kiddies? Watch Out
From: InfoSec News (isnC4I.ORG)
Date: Fri Feb 16 2001 - 14:57:42 CST
by Michelle Delio
8:10 a.m. Feb. 16, 2001 PST
Call them hackers, crackers, attackers or vandals - but whatever you
do, please don't call them script kiddies.
A group of self-proclaimed not-script-kiddies known as Sm0ked Crew has
defaced websites belonging to Intel, Compaq Computer, Hewlett-Packard,
Gateway, Disney, and The New York Times, in a series of attacks that
began late Wednesday.
And then, after seeing an article on vnunet, European technology news
service, claiming that the attacks were the work of "script kiddies,"
Sm0ked Crew -- evidently thinking they were being dissed by Intel
officials -- went back and hacked Intel's site again.
This time they left a pointed message: "Intel, you called us script
kiddies in www.evnunet.com(sic). Well, these script kiddies just owned
"We suggest you be a bit nicer to us proper hackers."
But they got it wrong. No one from Intel called the company's
tormentors script kiddies. The comment that tweaked Sm0ked Crew's
sensibilities was actually made by Chris McNab, a network security
analyst from MIS Corporate Defense Solutions.
In an e-mail sent to vnunet, the group also said that it would "visit"
Intel again if any more comments were made about their cracking
"Next time he talks shit we are just gonna own them again, he needs to
learn to keep his mouth shut," the email said.
Script kiddies is a derogatory term in the hacker world for attackers
who use downloadable pre-configured scripts to do their dirty work.
Sm0ked Crew is using a known security exploit that takes advantage of
holes found in Microsoft's Internet Information Server (IIS 4.0).
Patches are available for this hole, but evidently many companies have
not bothered to patched their server software across their networks.
Officials from HP, Compaq, Alta Vista and Intel confirmed that their
networks had been attacked.
They also claimed that Sm0ked Crew had hit only isolated parts of
their networks: HP's e-learning site, a Compaq server serving the
Middle East and Africa, an Alta Vista shopping site and an Intel
server that provides Web access to product support documents.
No sensitive company information was stolen. Then again, Sm0ked Crew
didn't appear to be trying to accomplish anything more than
"defacement attacks," said MonKeeBiz, a self-described "mercenary
"The attacks are pretty comprehensive. They are using some sort of a
scanner to look at networks, and are finding any and every hole that
will let them in," MonKeeBiz said.
Once they gain access to a site, Sm0ked Crew does a defacement attack,
leaving cyber graffiti to let the attacked companies and their users
know that they have had visitors.
The hacked sites on HP and Compaq contained the following message:
"Admin, You just got Sm0ked. This site was hacked by Sm0ked crew.
Hacked by splurge and The-Rev. Greetz dislexik, nouse, system33r,
italguy, B_Real and anyone I forgot, sm0kedcrewhushmail.com."
E-mail to the hushmail address has so far gone unanswered, perhaps due
to Sm0ked Crew's busy work schedule.
According to credits given on Attrition, an independent hack-tracking
site, Sm0ked Crew also defaced the following sites in February:
CompUSA, Louisiana State University Medical Center, Taipei City
Government, Terra Lycos (which owns Wired News), Board of Foreign
Trade (Taiwan) and University of South Florida.
McNab still insists that Sm0ked Crew are script kiddies, and told
vnunet that if Sm0ked Crew was really "focused," they would try to
attack main home pages, instead of defacing the first unprotected bit
of the network they happened to come across.
Security experts should know better than to taunt people, said
"He's either trying to lure them in so he can snag them in the act, or
he's got a major attitude problem."
McNab was unavailable for comment.
ISN is hosted by SecurityFocus.com
To unsubscribe email LISTSERVSecurityFocus.com with a message body of