Crime Boys go on hack spree BY Dan Verton 03/20/2000 Related Stories

DOD's security logjam (FCW.COM, March 20 )

Army on hacker alert (FCW.COM, March 15 )

A hacker group known as "Crime Boys" launched cyberattacks over the past two weeks against World Wide Web pages maintained by the Interior Department and the Army, and several times tried to hack into a NASA system.

The hackers, believed to work from Brazil, last week defaced the main Web pages maintained by the Bureau of Land Managements National Training Center and the Armys Reserve Officer Training Corps Command. The group also attempted a third series of attacks against NASAs Jet Propulsion Laboratory, forcing the agency to block all Internet traffic from Brazil.

Reports also surfaced last week that the National Postal Mail Handlers Union site, which is accessible through the U.S. Postal Services intranet, had been attacked, but it was unclear who tried to carry out the attack.

The Crime Boys broke into the National Training Center site, which is part of the BLM, at 8 p.m. March 12, and replaced the agencys Web page with a page protesting what the group called a "corrupt" Brazilian government.

The message they left was jumbled: "Hello, Crime Boys [sic] entered in your server for two reasons, for him to be badly configured, or better, very badly configured, and to protest against the Brazilian government, a corrupt government, that nothing does for Brazil to improve."

The hackers launched a second attack March 16, replacing the page a second time. "We went in to make some corrections, and they came in right on our heels," a BLM spokesman said.

Although the spokesman said the damage was limited to two Web pages, BLM officials said they are working with federal authorities on patches to "inherent vulnerabilities" in Microsoft Corp.s Internet Information Server Version 4.0.

Security officials at NASAs JPL detected a "fairly substantial number of attacks" that originated in Brazil, said Frank ODonnell, spokesman at the Pasadena, Calif.-based laboratory. The agency restricted almost the entire country of Brazil from viewing the agencys Web sites and also installed security patches, ODonnell said. JPL removed the block at noon EST on March 17.

Philip Loranger, chief of the Command and Control Protect Division at the Armys Information Assurance Office, announced March 14 that the Crime Boys had threatened to take down the main Army home page. However, sources say that page was too difficult to crack because it is based on the Apple Computer Inc.s Macintosh WebStar platform.

"The main [Army] site was switched to a server that was practically un- hackable," said Alex McCombie, co-founder of New World Media Inc. and one of more than 30 witnesses to the attack on the ROTC site.

A hacker known as "-artech" and who claims to have hacked into the Armys deputy chief of staff for training Web page, said the Crime Boys are a new group that use unsophisticated attack methods, including exploiting vulnerabilities in Microsoft Corp.s FrontPage and Active Perl. "If they do hack a site, it will just be a small FrontPage hack, which isnt a problem to stop," the hacker said. Steven Aftergood, an intelligence specialist with the Federation of American Scientists, said although the attacks do not mean federal systems are helplessly vulnerable, "this suggests that even the most elementary of security protections were not in place."

As of late Friday, agencies had yet to file a report on the incidents, said Dave Jarrell, program manger for the Federal Computer Incident Response Capability. "I have noticed some unusual traffic patterns and have been wondering if something is going on, but I have not heard from any federal agencies," Jarrell said.

Contributing: Paula Shaki Trimble, Natasha Haubold and Diane Frank.

http://www.fcw.com/fcw/articles/2000/0320/web-1crimeb-03-20-00.asp

-- Martin Thompson (mthom1927@aol.com), March 20, 2000