January 21, 2000
LOS ANGELES (CNN) -- Once one of the FBI's most wanted criminals, cyberspace cult hero Kevin David Mitnick was released from prison Friday.
Mitnick had been behind bars since February 1995 on a 25-count indictment that included charges of wire fraud and illegal possession of computer files stolen from such companies as Nokia, Motorola and Sun Microsystems.
The notorious computer hacker was released from the Federal Correctional Institute at Lompoc after completing a five-year prison term. He was sentenced last March after he pleaded guilty to five felony counts. Under a negotiated plea agreement, he was given credit for about four years served while awaiting trial.
Mitnick will have to pay more than $4,000 in restitution to his victims -- a small fraction of the millions of dollars in damages he is believed to have caused.
Coast-to-coast hacking spree
In 1992, Mitnick violated the terms of his probation for a hacking charge and went into hiding for 2 1/2 years. During that time on the run, he hacked into computers, stole corporate secrets, scrambled phone networks and broke into the national defense warning system -- until he finally broke into the wrong guy's computer.
Computer scientist Tsutomu Shimomura helped the FBI track down Mitnick at a Raleigh, North Carolina, apartment in February 1995 after Mitnick had hacked into Shimomura's home computer and stolen information from him.
Not a thief or terrorist, just 'curious'
Mitnick has no shortage of supporters, most of whom say that hacking is 'recreational' or simply an intellectual challenge to Mitnick. He became a 'cyber martyr' and hero for many who believe the government tried to make an example of him with the 68-month sentence.
"For all that he's done, there are despots and murderers out there who have suffered less than Kevin," said Steve Gold, news editor of Secure Computing Magazine and a former hacker himself. "Kevin was just really curious. That was his biggest crime, actually ... the crime of curiosity. He really has the old hacker ethic of just being curious about things and wanted to know how things worked," said Dale Coddington, a Mitnick defense team adviser.
Avenues may be limited for Mitnick
Mitnick said Thursday he intends to go to college to study computer technology, but the terms of his probation prevent him from using computers for three years, precluding him from studying or working just about anywhere.
"It's going to be very, very hard for him," said Kevin Poulsen, who faced the same restrictions when he got out of prison for computer-related crimes.
"Not only are all of his skills ... oriented toward computers, but even if he were to not want to work in the computer field, it's very hard to get a job of any kind that does not require you to work with computers."
Mitnick may have help, though. Backers of the long- running Free Kevin.com web site are raising money to, in their words, help him get back on his feet. At last report, they had raised just over $3,000.
February 14, 2000
A programmer familiar with attack software has disclosed three new attack programs of the type believed to have taken down major Internet sites last week, complicating the jobs of security experts trying to fight the malicious programs.
Three new versions, called Fapi, Shaft and Trank, are disclosed in a paper published today by the programmer known as "Mixter" at Packet Storm, a site that publishes malicious software so security professionals can scrutinize it. Mixter is the purported author of a similar attack tool, Tribe Flood Network, and its sequel, TFN2K.
The software, of a breed called "distributed denial of service" (DDoS), is used to harness the collective abilities of a host of computers to swamp a target computer by inundating it with packets of information sent over the Internet. Some varieties are known, but apparently there are other versions of the software in circulation.
The newly disclosed versions likely evade programs posted by the FBI and others to detect TFN and two other publicly known versions, Stacheldraht and Trinoo.
Another DDoS package, called Blitznet, also has been publicly available for at least two months at the Packet Storm site. Mixter said it was written by someone called "phreeon." Trinoo was written by "phifli," he said. As previously reported, Mixter said Stacheldraht was written by "randomizer."
The newly disclosed DDoS software might sneak under the radar, but security companies are turning up some instances of the known versions.
Network Associates and its subsidiary MyCIO.com has discovered seven cases of computers infected with DDoS attack software, MyCIO chief executive Zach Nelson said.
His company provides an online detection tool that has been in high demand since the 100-person company unveiled it Feb. 10. Of more than 10,000 who have used it to scan their systems, the MyCIO software has found five cases of Stacheldraht, one of TFN and one of Trinoo, Nelson said.
Six of the seven instances were at educational institutions. The affiliation of the seventh couldn't be determined, Nelson said. In addition, six of the seven were in the United States, with the seventh in Germany. All seven systems have been taken offline, he added.
Nelson said MyCIO leaves it to the sites themselves to contact the FBI, which has launched an investigation into last week's attacks.
Gerhard Eschelbeck, vice president for MyCIO's security software, said his company's software detects the DDoS attack software by attempting to communicate with it. In addition, the software looks for blocks of text characteristic of the software.
Eschelbeck acknowledged that changes to the software or other versions won't necessarily be detected by MyCIO, but he said some fingerprints likely will remain.
January 3, 2002, 5:55 PM PT
Graphics chip designer Nvidia has settled a case with two people who it said broke through its security systems and published confidential company documents on the Web.
In 2001, Nvidia brought an enforcement action against two alleged hackers in the Netherlands, ages 19 and 21. They had posted confidential product information, intellectual property and information about unannounced products on computer fan site M3DZone, according to an Nvidia representative.
The lawsuit was brought in September, and the case was recently settled, the representative said. Terms remain confidential.
The Dutch youths could not be reached for comment.
Nvidia is a leader in the graphics chip market and supplies chips to Dell Computer as well as to Microsoft's Xbox.
The alleged hackers obtained the material by breaking through Nvidia's firewall, the representative said. In addition, they reportedly got information by posing as Nvidia employees, or as employees at strategic partners such as Microsoft, through e-mail.
The Nvidia representative said that intruders sent e-mails asking for drivers or other information, using legitimate names and e-mail addresses of Nvidia employees or employees at trusted partners. The e-mails were redirected to M3DZone, however.
The motive behind the hack was unclear. The Nvidia representative, however, indicated that the two wanted to drive hits to the M3DZone site.
"The online sites want to one-up each other, and you do that by having information other people don't," he said.
Nvidia first became aware of the invasion after viewing the site and noticing that it had obtained an inordinate amount of confidential information. The original suit was not disclosed until the settlement.
Hackers launch attacks to 'teach' RP a
A GROUP of so-called "white hat" Filipino hackers called Asian Pride launched a series of attacks last Saturday (Nov. 16 in the US) on several local websites. The hackers, who apparently are based outside the Philippines, claim they are out to teach Filipino local Internet service providers (ISPs) a lesson in Internet security.
Calling it "the 4 o Clock project," Asian Pride, which claims to be composed of Filipino freelance security enthusiasts, was allegedly able to intrude into the servers of local ISP Mosaic Communications Inc (MosCom), uploading executable programs that would eventually modify a websiteís main page.
White hat hackers claim that they are not out to cause any damage, but only hack into systems to test vulnerabilities.
Jerry Liao, operations manager of local portal Brainshare Online at www.brainshare.com.ph, claimed that they were among the first to report the incident to MosCom administrators on Saturday morning. A mirror of the defaced website is at http://www.expressions.com.ph/img/10101/asianpride/www.brainshare.com.ph.htm.
Apart from Brainshare Online, dcoder claimed that the group also defaced the website of broadcast giant ABS-CBN.
For his part, Liao said that they detected problems around 7:30 a.m. on Saturday.
According to Liao, Brainshare Online was restored around 7:45 a.m. that day, but at around 9 a.m. he received error messages, as the server could not be accessed.
In a separate interview, Robertson Chiang, vice president for technology of MosCom, said that the ISP decided to direct surfers to another server after getting reports of the hacking incident on Saturday.
"It was only an attack on one machine. It was an old one where we host a few dozen clients," Chiang said.
Asked how the hackers were able to get into the server, he said that considering it was an "old Unix machine," they were not able to patch security holes.
"It was partly our fault," he added.
Liao said that MosCom was able to restore "normal" operations between 6 to 7 p.m. on Saturday.
"The server was completely reformatted using a new system that already includes the security patches," Chiang said.
MosCom is now conducting an inventory of all its servers, to check if similar security problems exist in the "new" systems.
"Itís been a long time, I hope you can wake those arrogant administrators, specially those with PH-CERT (Philippine Computer Emergency Response Team). We tried to warn and help them on securing (local) websites, but they just laughed at us and ignored us," the hacker codenamed dcoder told INQ7.net via e-mail.
"So my fellow haxor keech of FDN [Filipino developers network] organized a Project called 4'Oclock, where we will be defacing all ph sites, to give this administrators a wake up call.
"Well I can't explain much right now, but if you read all the messages on the selected defacements, it might give you an idea on what we are fighting for," dcoder added.
In the mirror of the defaced Brainshare Online website, Asian Pride explained:
"The 4 o Clock project is a system composed of Filipino freelance security enthusiasts that aims to disseminate the importance of Information security here in the Philippines. This team has conducted a survey, scanning random (website) hosts and informing the people (Internet service provider administrators) about (problems). (We then) encourage them to fix their servers. We have no intention, however, of destroying, and/or hijacking information, ... We are not paid to do this."
Liao somehow agreed. He observed that while the hackers were able to "penetrate" MosComís servers, they did not delete or destroy any files.
The hackers uploaded programs (executable files) that will only run when a website administrator begins uploading the new main page (index) into the server. The program blocks anyone from uploading into the server, but prompts the user to download a new file, which includes a message explaining the purpose of the defacement.
Liao, however, said that the hackers also offered the option not to accept the new file. "It sort of gives you permission to delete the files," he added.
Asian Pride claimed that "more than 90 percent of (MosComís) servers can be exploited through common vulnerabilities, therefore jeopardizing the security of their clients as well as their office."
The group said that they have warned administrators of MosCom of vulnerabilities, "but were just subjected to insult, despite their professional approach."
"They scorned us with their witty remarks, bragging about their degrees, and that we knew less. So what did they accomplish? Absolutely nothing productive," the group added.
Local websites hit by hackers were hosted at the virtual server with the address at kenshin.mozcom.com.
The list of websites that the group claimed to have attacked on Saturday may be seen at http://www.expressions.com.ph/img/10101/asianpride/kenshin.mozcom.com.txt and http://www.expressions.com.ph/img/10101/asianpride/.
"This ainít no kiddy games, and were ainít your average script kiddies. We broke into these sites not randomly, but we targeted specific sites, specially those sites that are 100% secure..." Asian Pride said.
The hackers are out to target other Philippine ISPs, and dcoder claimed that the next victim might be PhilOnline.
MosComís Chiang, however, insisted that these hackers are only script kiddies.
Other alleged members of the group include "sch1z0phr3n1c," "jollogs," "jayv[ee," "marcster," "batusai_slasher," and "keech."
Know some hackers? Post them here by clicking this Crack'en Link.