OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: InfoSec News (isn_at_c4i.org)
Date: Thu Dec 19 2002 - 02:59:18 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Forwarded from: William Knowles <wkc4i.org>

    http://www.wired.com/news/conflict/0,2100,56896,00.html

    By Brian McWilliams
    Dec. 18, 2002

    In a case that shows both the risks and rewards of vigilante tactics,
    an American man has hijacked two Web addresses apparently used by
    al-Qaida to laud terrorist attacks.

    The domains, jehad.net and jehadonline.org, are now in the control of
    a manager for a large Minnesota financial services firm. The man said
    he wrested control of the domains from their owners after reading on
    Dec. 8 that al-Qaida used jehad.net to claim responsibility for recent
    attacks on an Israeli airliner and a hotel in Kenya.

    "I believe in free speech, but it upsets me to see people using this
    great medium for such evil purposes," said the man, who asked not to
    be identified but said he was willing to cooperate with U.S.
    investigators.

    But some said the Minnesota man's actions, like those of other
    patriotic hackers, could hinder rather than help the U.S. government's
    war on terrorism.

    "This guy might think he's being a hero, but in fact he's an idiot,"
    said an official with DV2, the Atlanta ISP that hosts the sites. "The
    FBI has been closely watching these sites, and by taking the law into
    his own hands he may have screwed that up."

    A spokesman for the FBI's terrorism task force in Atlanta said he
    could not comment on the incident.

    The owners of both jehad.net and jehadonline.org configured the
    domains to point to the same site at DV2. In an October message on the
    site, al-Qaida praised an attack in Yemen on a French oil tanker. Last
    July, the site posted an audio message attributed to an al-Qaida
    leader who threatened new attacks on the United States.

    The Minnesota man said he was able to gain control of the two domains
    last week after breaking into the MSN Hotmail account of someone using
    the name Julliou Armani, a resident of Saudi Arabia listed as the
    contact for jehadonline.org.

    The handful of saved messages in Armani's account included some with
    user names and passwords for managing the domains, the Minnesota man
    said. Armed with that information, the hacker vigilante could have
    modified the domains' records so that they no longer pointed to the
    al-Qaida messages. But he has so far resisted the urge to sabotage the
    sites.

    "If I see a crime taking place, I'm the sort of person who would jump
    in to try to stop it," he said. "I don't like that kind of thing
    happening in my world."

    Eugene Schultz, a security expert with the Lawrence Berkeley National
    Laboratory, said law enforcement has "been burned" in the past by
    trying to collaborate with online vigilantes.

    While Schultz said the government is unlikely to "deal effectively"
    with al-Qaida sites, he added that patriotic hackers might
    unintentionally tip off terrorists or even goad them into retaliatory
    action.

    "When faced with the opportunity to drive the bad guys off the Net,
    the only ethical and legal solution is to contact law enforcement and
    hope for the best," Schultz said.

    To gain access to Armani's e-mail account, the Minnesota man said he
    used a Hotmail feature that provides hints for users who forget their
    passwords. He said he correctly guessed the answer to Armani's
    self-chosen Hotmail "secret question," then he reset Armani's
    password.

    Microsoft representatives were not immediately able to comment on
    whether MSN would officially report the Hotmail account hijacking to
    law enforcement.

    The hacker said he is willing to provide officials with the
    information he got from the account, which included credit card data
    used by the original owners to register one of the domains with
    VeriSign, as well as aliases and addresses used by the site operators.

    But even the organizer of an online effort to shut down terrorist
    sites frowned on hacking al-Qaida.

    "I think information warfare is best left to governments and should
    not be waged by civilians," said Aaron Weisburd of the Internet
    Haganah, which relies exclusively on notifying ISPs and law
    enforcement.

     
    *==============================================================*
    "Communications without intelligence is noise; Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ================================================================
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    *==============================================================*

    -
    ISN is currently hosted by Attrition.org

    To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
    in the BODY of the mail.