From: Rohit Khare (Rohit@KnowNow.com)
Date: Mon Oct 09 2000 - 12:29:06 PDT
[What's a rumor without a little mongering? -- good work archiving it, BK :-)]
October 9, 2000, 11:40 AM PDT
Cybervandal 'Edits' Orange County Register's Web Site
A hacker tweaks 3 stories and muddies Bill Gates' name in the first
known 'subversion of information attack' at a media site.
By Adam L. Penenberg - Inside.com
Visitors to the Orange County Register's Web site were rewarded with
an incredible scoop Sept. 29. Bill Gates, the geek who coded
Microsoft (MSFT) from the ground up and became a multibillionaire in
the process, had been arrested for hacking into "hundreds, maybe
thousands" of computers, including those of NASA's Jet Propulsion Lab
in Pasadena, Calif., and Stanford University.
The story, one of three that day about the arrest of a hacker known
in cybercircles as "Shadow Knight" and "Dark Lord," went on to detail
Gates' legal plight. Gates, it was reported, was facing two federal
counts of breaking into NASA computers, one count of illegally
obtaining credit card numbers and one count of making more than
$1,000 in purchases through credit card fraud. The article concluded
with the bizarre plea, "FREE THE SHADOW KNIGHT SAVE MY ANAL VIRGINITY
OR ILL HAVE TO IZZOWN YOU ALL."
Before this results in a flurry of rumor-mongering e-mail forwards,
let us point out that none of the above revelations are true. The
Register's Web site, it turns out, had been attacked by a
cybervandal, and three of its news stories were "edited." While other
news organizations such as ABC.com, the Associated Press, George
magazine, the Drudge Report and the New York Times (NYT) have
suffered Web defacements, the Register breach is the first known
instance of a "subversion of information attack" at a media Web site.
In most attacks, hackers replace the front page of a site with one of
their own design, which usually trumpets their brazenness and
technical skills. But because a subversion of information attack
doesn't necessarily call attention to itself, the result is much more
sinister, said Brian Martin, a staff member for Attrition.org, a site
that tracks computer crime and archives mirrors of hacked pages.
"What if intruders were to make subtle changes to various stories
without them being noticed?" Martin asks. "Unfortunately, no one has
the ability to say it hasn't happened yet because the nature of this
threat prevents us from knowing."
The three stories, originally published Sept. 22, stayed up on the
Web site in their altered form for 90 minutes before the hack was
noticed. The main article, "O.C. Man Charged in NASA Hacking,"
focused on the arrest of 20-year-old Jason Diekman of Mission Viejo,
Calif., and was originally written by veteran courthouse reporter
John McDonald. In the story, the hacker used "find/replace" and
changed Diekman's name to Bill Gates. In "Hacking Suspect Known As A
'Nice Kid,' " written by McDonald, Tony Saavedra and Valerie Godines,
the unauthorized edits poked fun at some of Diekman's neighbors who
agreed to be interviewed, adding various sexual commentary and the
usual puerile insults. The intruder's most subtle work came in a
third story, "Break-In Called No Brilliant Feat," to which he simply
added the tagline, "If you leave something on your front lawn, and
someone steals it, are they a master criminal?"
"With the Orange County Register attack, the idea that you can never
trust what you read in the paper takes on an entirely new meaning,"
says B.K. DeLong, another Attrition.org staff member. Most disturbing
about the Register defacement was the apparent outing of a
confidential source who had assisted law enforcement in building a
case against Diekman. In the story "Hacking Suspect Known As 'Nice
Kid,' " the digital intruder, who goes by the handle "Exiled Dave,"
amended the copy to read, "A confidential informant,
*cough*CHRISTOPHER DUMAS*cough*, tipped investigators in October 1998
that Diekman was the hax0r they sought." Arif Alikhan, the assistant
U.S. Attorney who built the case against Diekman, says Exiled Dave
got his facts wrong: "Christopher Dumas is not the name of the
The Register's Web site, owned by Freedom Communications, isn't the
first of the libertarian-leaning company's outlets to get hit. Nine
days before the Register attack, Freedom's corporate Web site was
vandalized, as were those of the Appeal-Democrat of Marysville,
Calif.; the Times-News of Burlington, N.C.; the Monitor in McAllen,
Texas; and a number of other small newspapers in Florida, North
Carolina and Texas. In these attacks, the various home pages were
replaced by ones created by the hackers.
The intruders apparently gained access to the various sites via a
single point of connection, Freedom's Domain Name Service server,
which assigns a host name to the IP address. "If you get into one
machine, you potentially have access to all the machines," says
Nancy Souza, a spokeswoman for the Register, says techies at the
Register Web site were well aware that some of Freedom
Communications' other sites had been compromised and were on alert.
But the Register intruder "came in a different way, through the [File
Transfer Protocol] port," she says. "We believe it was a different
hacker. [Silicon Graphics (SGI) , the maker of the server] didn't
know it could be exploited this way, and there is no known patch for
The Department of Justice is understandably miffed, as the arrest of
Diekman was one of its few recent successes in the fight against
digital graffiti. Many high-profile hacks remain unsolved, from the
defacement of the New York Times' Web site two years ago by a group
calling itself "Hacking for Girlies," to last February's spate of
denial-of-service attacks against e-commerce goliaths such as Yahoo
(YHOO) and E-Trade, to daily assaults against Pentagon servers.
Although Diekman's arrest received ample press coverage, McDonald
believes that his stories were hit because the Register was the only
paper to go to Diekman's neighborhood and interview his neighbors. "I
received warnings that friends of his were going to retaliate," he
Adam L. Penenberg writes for Inside.com.
Copyright ©2000 Powerful Media Inc.
This archive was generated by hypermail 2b29 : Tue Oct 10 2000 - 20:20:11 PDT