Digg this story   Add to del.icio.us  
When news is hacked
Kevin Poulsen, SecurityFocus 2000-10-15

With the Orange County Register hack, fake news finally comes to the web.

If you're not familiar with the dark, sardonic, and frankly weird online community Attrition.org, now's a good time to check it out. Bookmark it. Make it a part of your daily web browsing routine.

Attrition.org is a hobby site that offers an unofficial scoreboard of web site hacks worldwide. When, seemingly, any web site gets hacked, Attrition's defacement mirror takes a snapshot of it for posterity. E-business operators have nightmares about appearing on Attrition's wall of shame. Cyber hooligans actually send email to Attrition staff as a way of officially filing each instance of electronic graffiti, so that wisdom like "CraCk3d by: MoshaCK teAm.....DarCAngeL & zir0-" can be preserved for the ages.

The site covers so many infantile and pointless hacks every week that it's something of a mystery as to who visits the defacement mirror, aside from hoards of juvenile delinquents checking in on their competitors, and, of course, journalists. The folks at Attrition run a mailing list to notify interested parties of every new, documented web hack, and it boasted over a thousand subscribers when the volume of mail finally drove me off a few months ago.

Now, I'll have to resubscribe, because Attrition's defacement mirror just became indispensable to navigating the web.

It happened September 29th. A hacker named Exiled Dave cracked the official web site of the Orange County Register, a Southern California daily newspaper, tinkered with the front page and changed three articles dealing with the arrest of accused NASA hacker Jason "Shadow Lord" Diekman.

News sites including the New York Times, Wired.com, the Drudge Report and Slashdot, among others, have all been hit with hacks over the years. But these have all been overt and blatant defacements. In the 1998 New York Times hack, intruders replaced the site with a barely-coherent rant complaining about the paper's coverage of then-imprisoned hacker Kevin Mitnick. There was little risk of anyone thinking that "TH3R3 AR3 S0 MANY L0S3RS H3R3, 1TZ HARD T0 P1CK WH1CH T0 1NSULT THE M0ST" was content sanctioned by the gray lady.

By contrast, Exiled Dave's editing of the Orange Country Register's site could have been taken for real news by a casual reader scanning the computer screen while sipping morning coffee and bracing for another joyless day in Anaheim. Exiled Dave inserted fake quotes from neighbors complaining about Shadow Lord's bathroom habits, put a name to a confidential informant, and revealed that the NASA hacks had actually been pulled off by Bill Gates.

Exiled Dave even wrote a quote about the ease of cracking Internet systems, "If you leave something on your front lawn, and someone steals it, are they a master criminal?," and attributed it to omnipresent security pundit Ira Winkler.

Some of it is funny stuff. By "funny" I mean "shocking and criminal," of course, and we can only hope that the evildoer is swiftly brought to justice and forced to do hard time before taking a job at The Onion.

Reagan Calls Women "America's Little Dumplings"
The defacement is the first known case of a so-called "subversion of information" attack, and it might not be funny next time.

Attrition's Brian Martin, curator of the defacement mirror, security consultant and one-time suspect in the unsolved New York Times hack, has been something of a Cassandra on the subject. He wrote in a 1999 article that subtle, believable modification of news sites is the greatest threat posed by Internet outlaws. "Staff at ABC could be forced to print numerous retractions calling their integrity into question," wrote Martin. "The New York Times might find themselves supporting ultra radical militia groups that they denounced a day before."

Martin was right. On ZDNN today I saw what seemed an unusually playful "Related Stories" link in a piece about another hacker: "FREE KEVIN MITNICK! (oh, he is?)". A month ago, I'd have assumed that the title was a drop of whimsy from a ZD editor. Today, in a post OC Register-hack world, I found myself jumping over to Attrition to see if ZDNet had been added to the defacement mirror.

It hadn't; false alarm. But how much guerrilla editing will Exiled Dave and his ilk perform before we no longer trust web reporting to meet the standards of print.

Once serious subversion of information attacks begin--the kind bent on influencing stock values or damaging reputations--Attrition.org might not be much help. But for now, I'll be compulsively checking every unlikely headline or dubious quote with the defacement mirror. Did George W. really say that the Internet turns kids evil, or is that NinjaHax0R's uncredited prose beneath the byline?

    Digg this story   Add to del.icio.us  
Comments Mode:
Subtle defacement more dangerous 2000-10-19
<dmorone (at) hostpro (dot) net [email concealed]> (1 replies)
You shoudn't believe everything you read anyway 2000-10-23
AReader (at) secure (dot) com [email concealed]


Privacy Statement
Copyright 2010, SecurityFocus