[3042] in WWW Security List Archive
About "CIA Web Page Hacked"
daemon@ATHENA.MIT.EDU (David Kennedy)
Mon Sep 23 18:03:30 1996
Date: 23 Sep 96 16:28:09 EDT
From: David Kennedy <76702.3557@compuserve.com>
To: "\"T.Kodera\"" <BZH01572@niftyserve.or.jp>,
WWW Security List <WWW-SECURITY@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
>>1. Security Level of CIA server (including webserver)
Sorry, I don't know.
>>2. Why did this accident happen (in the view of technical expert)
Speculation:
1. Weak service homed on the web server, other than web. For example, sendmail
(FWIW, I'm not sure the DoJ attack and the CERT/Allman Sendmail announcement was
coincidental.)
2. Weak service homed on another host with a trust relationship with the web
server
3. Attack on the operating system e.g. Several recent LINUX holes or the
Solaris holes revealed two or three weeks ago.
Possible but for this attack less likely:
CGI or PERL script hole--less likely only because I saw the CIA site before the
attack and don't recall any obvious cgi features.
Remote administration of the web server combined with a sniffed password--less
likely because I doubt the CIA is this foolhardy.
PHF hole--Surely, after all the traffic on this hole recently, you'd have to be
living in a cave not to have closed this hole.
Insider/former insider/social engineer attack--less likely because of the
results of the attack, publicity of the Swedish hackers prosecution.
Dave Kennedy [CISSP] Research Team Chief, National Computer Security Assoc.
