'Crime Boy's' go on hack spree
- By Dan Verton
- Mar 19, 2000
A hacker group known as "Crime Boy's" launched cyberattacks over the past
two weeks against World Wide Web pages maintained by the Interior Department
and the Army, and several times tried to hack into a NASA system.
The hackers, believed to work from Brazil, last week defaced the main
Web pages maintained by the Bureau of Land Management's National Training
Center and the Army's Reserve Officer Training Corps Command. The group
also attempted a third series of attacks against NASA's Jet Propulsion Laboratory,
forcing the agency to block all Internet traffic from Brazil.
Reports also surfaced last week that the National Postal Mail Handlers
Union site, which is accessible through the U.S. Postal Service's intranet,
had been attacked, but it was unclear who tried to carry out the attack.
The Crime Boy's broke into the National Training Center site, which
is part of the BLM, at 8 p.m. March 12, and replaced the agency's Web page
with a page protesting what the group called a "corrupt" Brazilian government.
The message they left was jumbled: "Hello, Crime Boys [sic] entered
in your server for two reasons, for him to be badly configured, or better,
very badly configured, and to protest against the Brazilian government,
a corrupt government, that nothing does for Brazil to improve."
The hackers launched a second attack March 16, replacing the page a
second time. "We went in to make some corrections, and they came in right
on our heels," a BLM spokesman said.
Although the spokesman said the damage was limited to two Web pages,
BLM officials said they are working with federal authorities on patches
to "inherent vulnerabilities" in Microsoft Corp.'s Internet Information
Server Version 4.0.
Security officials at NASA's JPL detected a "fairly substantial number
of attacks" that originated in Brazil, said Frank O'Donnell, spokesman at
the Pasadena, Calif.-based laboratory. The agency restricted almost the
entire country of Brazil from viewing the agency's Web sites and also installed
security patches, O'Donnell said. JPL removed the block at noon EST on March
Philip Loranger, chief of the Command and Control Protect Division at
the Army's Information Assurance Office, announced March 14 that the Crime
Boy's had threatened to take down the main Army home page. However, sources
say that page was too difficult to crack because it is based on StarNine Technologies, Inc.'s WebStar server software running on an Apple
Computer Inc. Macintosh.
"The main [Army] site was switched to a server that was practically
un- hackable," said Alex McCombie, co-founder of New World Media Inc. and
one of more than 30 witnesses to the attack on the ROTC site.
A hacker known as "-artech" and who claims to have hacked into the Army's
deputy chief of staff for training Web page, said the Crime Boy's are a
new group that use unsophisticated attack methods, including exploiting
vulnerabilities in Microsoft Corp.'s FrontPage and Active Perl. "If they
do hack a site, it will just be a small FrontPage hack, which isn't a problem
to stop," the hacker said.
Steven Aftergood, an intelligence specialist with the Federation of American
Scientists, said although the attacks do not mean federal systems are helplessly
vulnerable, "this suggests that even the most elementary of security protections
were not in place."
As of late Friday, agencies had yet to file a report on the incidents,
said Dave Jarrell, program manger for the Federal Computer Incident Response
Capability. "I have noticed some unusual traffic patterns and have been
wondering if something is going on, but I have not heard from any federal
agencies," Jarrell said.
Contributing: Paula Shaki Trimble, Natasha Haubold and Diane Frank.