[2741] in WWW Security List Archive
Re: Justice Department Security
daemon@ATHENA.MIT.EDU (Will Day)
Wed Aug 21 18:54:02 1996
From: Will Day <willday@rom.oit.gatech.edu>
To: merranw@minyos.its.rmit.edu.au (Merran Elizabeth Williams)
Date: Wed, 21 Aug 1996 16:53:15 -0400 (EDT)
Cc: www-security@ns2.rutgers.edu
Reply-To: willday@rom.oit.gatech.edu (Will Day)
In-Reply-To: <199608201414.IAA16045@cyclone.scd.ucar.EDU> from Merran Elizabeth Williams at "Aug 20, 96 04:47:27 pm"
Errors-To: owner-www-security@ns2.rutgers.edu
-----BEGIN PGP SIGNED MESSAGE-----
A short time ago, at a computer terminal far, far away, Merran Elizabeth Williams wrote:
>I'm a journalism student at RMIT University in Melbourne and I would like
>to know more about the implications of the break-in to the Justice
>Department Web site on the weekend (17/8/96). (obscene pictures and
>anti-censorship messages were allegedly scrawled over it and links to
>unofficial sites put in)
>
>Have any other sites ever been affected in this way,
The Nation of Islam's homepage was replaced, last November.
There's an article about it at:
http://webreview.com/nov10/features/hate/noi2.html
The web page for last year's movie "Hackers" was also replaced with a
rogue page at one point. I looked through all my saved files, though,
but couldn't find anything about it.
>and what is stopping hackers from causing mayhem on any similar sites?
Presumably, a conscientious system administrator that actively maintains
good site security.
>I'd be very interested to hear from anyone who knows but please keep it
>simple as I am not familiar with technical computing jargon!
In case you didn't see the "Injustice" page, here are some sites that
made a copy:
http://www.doobie.com/~baby-x/usdoj/
http://www.otol.fi/~jukkao/usdoj/
http://spam.ppp0.dorsai.org/dojhack/
http://www.primenet.com/~voidmstr/usdojhack.sit.bin
There was also a CNN story on the incident:
http://cnn.com/US/9608/17/website.sabotage.wir/
What are the implications? Here are some quotes from current discussions
on other mailing lists.
Declan McCullagh:
>After all, would you trust your data to the same executive branch that
>can't even keep some hackers out of their own government computers?
Glenn Hauman
>The highest law-enforcement office in the land has just been shown to have
>major vulnerability in defending itself from outside attack. That the
>attack appears to be not from a concerted terrorist group but whimsical
>pranksters is even more embarrasing.
>
>It is the same action that news crews across the country demonstrated by
>smuggling explosives onto planes in the wake of the downing of TWA 800,
>namely that the emporer has a nonexistent wardrobe. If anything, this event
>should be used to illustrate the DOJ has a complete lack of understanding
>when it comes to the issues of the Internet. It also illustrates the need
>for stronger crypto, particularly one without key escrow in the hands of
>the government, which can't even protect its own computers from outside
>action.
Frank Stuart:
>The fact that even the U.S. Justice Department is unable to adequately
>protect it's own site from intruders underscores the need for widely-
>available strong encryption.
>
>While this is certainly a major embarrassment for the Justice Department,
>at least the mandatory "key escrow" program the Clinton administration is
>insisting upon has not yet been implemented; no private citizens' data
>appears to have been compromised this time.
>
>It's doubtful that a new law or government bureaucracy would have prevented
>this from happening but it's entirely possible that tools such as strong
>encryption could have. It's ironic that the U.S. Government is focusing on
>the former while fighting use of the latter.
===
Will Day <PGP mail preferred> * * * * * * * * * * *
willday@rom.oit.gatech.edu HARRY BROWNE FOR PRESIDENT
http://rom.oit.gatech.edu/~willday/ http://www.HarryBrowne96.org/
OIT, Georgia Tech, Atlanta 30332-0715 * * * * * * * * * * *
=-> Opinions expressed are mine alone and do not reflect OIT policy <-=
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
iQCVAwUBMht3NxDHlOdPw2ZdAQGIqgQAwdkHuUKBAGrI6YM4J5eBiYmqVSGw7JbF
SnNEqnZBA5rKqV2Xh8pYDRdiFBJ9VaJHn2wYELywOBaSNAugx5fx3upjY1Q080bf
fUXqYZ9uz65JTzlVmRPdjhqEf4vMdD7u9de8tf5yIb9HIYLb3YlJtqY7/npDBz0m
iDbS1BN7o6I=
=Iah+
-----END PGP SIGNATURE-----
