Re: BK on MSNBC re: MS 'defacement'

Sally Khudairi (
Tue, 26 Oct 1999 20:14:26 -0400


Way to that's what you were doing today in the office instead of
working ;-?

Just kidding.

- DaBoss

----- Original Message -----
From: Rohit Khare <>
To: <>
Sent: Tuesday, October 26, 1999 7:43 PM
Subject: BK on MSNBC re: MS 'defacement'

> Kudos to another FoRK in the news... no, not 'flipz' :-). However,
> let's be a little kind to MS here. The mysterious-sounding "direct
> tap network" is indeed a separate playground for developers needing
> full public IP access. I hear it's a major production to move the
> paperwork required to request one. Beyond that, it's not "one step
> removed" from the corporate network, I understand; it's completely
> physically separate. To the point that you'd need "direct tap
> wiring" dropped into your office... so the public sites remain rather
> less vulnerable.
> Personally, I'd target their international mirroring infrastructure.
> Take down some of their 'national ISP download partners' and secretly
> replace their online sw with freeze-dried Back Orifice :-) In the
> future, caching networks a la Akamai will become juicier targets,
> however hardened.
> Rohit
> PS. I'd also suspect it's not all on "just one server"; they probably
> pulled the plug on the whole DTAP net.
> PPS. What does it say that 'flipz' would rather hack UC Riverside,
> than even UCI? :-)
> ===============================================================
> Lovesick hacker hits Microsoft site
> Vandalism is first known defacement of company Web page
> By Mike Brunker
> Oct. 26 - Earning a footnote in the annals of computer vandalism, a
> lovesick hacker known as "flipz" on Tuesday became the first person
> known to have defaced one of Microsoft Corp.'s Web sites. The hacker,
> who also altered a handful of government Web sites in recent days,
> says he expects to be arrested soon. "Its (sic) all about fun till
> the feds bust down the door," a message left on one of the defaced
> Web sites said.
> 'This is the first time that we've been publicly notified (about a
> hacking claim against Microsoft).'
> Curator of's archive of defaced Web sites
> THE DEFACEMENT of Microsoft's Conference Management Server site was
> documented by, a reliable computer security site that
> maintains an archive of hacked Web sites.
> Microsoft did not respond to calls seeking comment on the
> attack. But a company source who spoke on condition of anonymity,
> confirmed that the hacker had commandeered a company-owned computer.
> However, the source said, the hacked machines were not part of
> Microsoft's corporate network, but rather part of a "direct tap
> network" used by developers and partners for testing purposes. These
> computers are connected directly to the Internet, and are one step
> removed from Microsoft's corporate network, the source said. (MSNBC
> is a joint-partnership between Microsoft and NBC News.)
> Representatives of two government Web sites hacked by "flipz"
> - the Department of Veterans Affairs and the White Sands Missile
> Range in New Mexico - confirmed that's account of the
> vandalism of their sites was accurate.
> On Monday, the hacker replaced Microsoft's Conference
> Management Server home page, which was not accessible Tuesday
> morning, with a message that was part love letter and part threat,
> reported.
> "flipz was here and f0bic, your seksi (sic) voice helped me
> through the night," it read in part before concluding with a threat
> against Microsoft CEO Bill Gates.
> B.K. DeLong, curator of the Web defacement
> archive, said research of other hacking mirror sites - which use a
> computer's "screen grab" function to document vandalized Web sites -
> indicates that this is the first time Microsoft has been victimized.
> "This is the first time that we've been publicly notified
> (about a hacking claim against Microsoft) ... and to build our mirror
> we borrowed mirrors from other sites," he said.
> All of the recent hacked pages were accessed through Microsoft
> NT servers, said.
> The hack appeared to impact a series of Internet domains
> Microsoft maintains outside its standard corporate presence on the
> Net. As of Tuesday morning, at least six sites registered to
> Microsoft weren't functioning, though some may have been removed
> prior to the hack.
> While most Microsoft corporate site IP addresses start with
> 207, the hacked page started with 131. On Tuesday, all Microsoft
> sites between and weren't functioning.
> These likely were all hosted on the same server, which apparently was
> offline.
> The impacted Web pages appear to be conference information
> sites, including "," "," and
> "" Another non-functioning site was
> "" The purpose of that site was not known.
> Microsoft has long been a prominent target of hackers. The
> 2600 Web site, the online home of a hackers' magazine, has the
> Redmond, Wash., company prominently listed on a page of "Hacked Sites
> of the Future."
> But DeLong said he wasn't aware of any competition to break
> into Microsoft's computers.
> "I haven't really heard people saying, 'Ooh, I'm going to hack
> Microsoft!' Part of it may be that they think they can't get in or
> ... that they fear retribution from Microsoft," he said.
> DeLong said "flipz" first came to his attention in March, when
> he reported he had hacked a Web page operated by NASA's Jet
> Propulsion Laboratory. The hacker added attacks on Duracell Corp. in
> June and People's Bank of Connecticut in September to his resume
> before the recent spate of attacks, which began Wednesday.
> According to, "flipz" altered the University of
> California at Riverside Police Department's Web site that day before
> turning to government targets, knocking off, in rapid succession, the
> homepages of the U.S. Army Reserve Command, the White Sands Missile
> Range, the U.S. Army Dental Care System, the Navy Management System
> Support Office, the Substance Abuse and Mental Health Services
> Administration and the Department of Veterans Affairs.
> The love notes that "flipz" left on three of the defaced sites
> suggest that the hacker has a crush on a fellow computer intruder.
> A person using the hacking handle "f0bic" is a member of "Team
> Spl0it," a hacking group that retaliated for the FBI's arrest in
> September of alleged hacker Chad Davis by vandalizing several Web
> sites.
> Davis, a 19-year-old Green Bay, Wis., resident, is accused of
> breaking into a U.S. Army computer at the Pentagon. According to a
> federal complaint filed at the time of his arrest, Davis is a founder
> and leader of the "Global Hell" hacking group, which vandalized White
> House, FBI and U.S. Senate Web sites earlier this year.
> The FBI did not respond to a query about whether "flipz"
> hacking attacks were under investigation, but DeLong said the hacker
> expects to be arrested before long.
> "flipz said he doesn't care if the feds come and get him,"
> DeLong said. "He's expecting to get picked up, but he's going to have
> fun while he's waiting."
> MSNBC technology writer Bob Sullivan contributed to this report.