HNN: The Year in Review
Page 3
Defcon VII and BO2K
Defcon probably had the most mainstream media coverage of any hacker
convention to date. With over 3000 attendees and over 200 press
representatives present it was definitely one of the biggest
conventions ever. With the release of Back Orifice 2000 from the Cult
of Dead Cow the press was working at a fever pitch trying to cover the
story even before the software was released.
HNN spent quite a few days inebriated in Las Vegas while we tried to
cover the happenings at Defcon. Some of the highlights included the
BO2K launch presentation, complete with thumping techno and strobe
lights, the ejection of Carolyn Mienel from the conference floor, and
the defacement of the Defcon.org web page.
When we returned we had over 1200 emails to answer and one pounding
hang over. The media went nuts over the BO2K release, sparking debates
on just what a virus is and what should be scanned. Network Associates
claimed to be the first out of the gate with a patch for the program.
Microsoft was even prompted to release a security bulletin.
Also at Defcon, Zero Knowledge released 1000 beta copies of Freedom,
L0pht Heavy Industries introduced the revolutionary new security tool
AntiSniff, Bruce Schneier announced that PPTPv2 'sucks less', and
Security Wizards released their Capture the Flag Logs.
HNN Archive for July 9, 1999 - Press
frenzy prior to con
Defcon.org Defacement
Mirror
HNN Archive for July 13, 1999 - the
Aftermath
Defcon VII Review -
Buffer Overflow Article
The Back Orifice 2000
Controversy - Buffer Overflow Article
How the Anti Virus
Industry Works - Buffer Overflow Article
AntiVirus scanning for
potentially misused tools is a doomed security strategy. - Buffer
Overflow Article
Kevin Mitnick
Kevin Mitnick's road has been a long and bumpy one that has stretched
for several years, 1999 was no different. One small bright thing is
that Kevin is scheduled to be released, finally, sometime early in
2000.
In March the federal government succeeded in wearing Kevin down. He
decided to plead guilty in the hopes to get his four year ordeal over
with. Unfortunately he still had charges from the State of California
to deal with.
HNN Archive for March 29, 1999
On April 26th it was revealed that the companies supposedly hurt by
theft of software by Kevin Mitnick never reported those millions of
dollars in losses to the SEC as required by law.
HNN Archive for April 25, 1999
Letters from companies
estimating the amount of damages.
June 4th was supposed to be the day in which Kevin was officially
sentenced and so demonstrations to support Kevin were planned at
federal courthouses across the country. Unfortunately the hearing was
postponed at the last minute but the demonstrations continued. Folks in
other countries joined in by protesting outside embassies, the New York
demonstration hired a skywriter to write FREE KEVIN over Central Park,
the Philadelphia demonstration made onto the local news and many online
news agencies covered the San Francisco Demonstration, numerous other
cities attempted to live web cast their demonstrations.
HNN Archive for June 5, 1999
Press Release -Demonstration
Announcement
Picture of the Russian Demonstration
On Kevin's fifth birthday behind bars the LA District Attorney
graciously decided to drop the state charges against him. The DA
claimed that the case had been mischarged.
Finally on August 9th, after numerous delays, Kevin received his
sentence of 46 months in prison with credit for time served. He will
also be forced to pay $4125 restitution to the supposed victims in the
case. Instead of halfway house as expected he was remanded to Lompac
Federal Prison.
HNN Archive for August 9, 1999
Much more in depth information regarding Kevin Mitnick, his current
status and the historical significance of this case can be found
here.
FREE KEVIN
Virus Scares
1999 was a banner year for viruses. Melissa, CIH, and numerous other
viruses had the press working over time. The virus writers keep
churning them out, the antivirus companies keep detecting them and the
press was not far behind.
Melissa seemed to be extremely virulent. By emailing 50 copies of
itself after every infection it made it around the globe very quickly.
It managed to jump the air-gap onto US governments SIPRNet and even
made it on board ships in the Seventh Fleet. Numerous variants of
Melissa surfaced with distributed DoS attack capability. Melissa was
somehow traced through usenet to AOL and finally to David L. Smith who
pleaded guilty to creating and releasing the virus.
HNN Archive for March 31, 1999 -
Melissa makes it to 7th Fleet, Kills Marines Email, DoS Variant
Appears
HNN Archive for April 2, 1999 - David
Smith arrested and released on $100,000 bail
HNN Archive for April 5, 1999 - Melissa
jumps air-gap onto classified SIPRNet
HNN Archive for December 12, 1999 -
David Smith pleads guilty.
CIH while not as prolific as Melissa was definitely more destructive.
CIH or Chernobyl is triggered to release its payload on April 26th
every year and it has been around for a while. It hit exceeding hard
this year especially in the Far East. Its creator was traced back to
Taiwan where he said he was sorry.
HNN Archive for April 27, 1999 - CIH
strikes worldwide
HNN Archive for April 29, 1999 - CIH
Author Identified.
HNN Archive for May 12, 1999 - China
Estimates 360,000 systems Damaged by CIH
The Virus Community Speaks
How the Anti Virus
Industry Works - Buffer Overflow Article
AntiVirus scanning for
potentially misused tools is a doomed security strategy. - Buffer
Overflow Article
Ireland, Indonesia, China, Sweden, and Yugoslavia
Government sanctioned cyber attacks seem to be all the rage these days.
Some countries are openly announcing their plans to create offensive
cyber warriors while others are claiming to have already suffered
government sanctioned cyber attacks.
In January a small ISP in Ireland, Connect Ireland, that hosts the top
level domain for East Timor claimed that it had suffered a massive
attack by Indonesian government forces. Indonesia of course denied the
charges.
HNN Archive for January 26, 1999
Newsweek claimed that President Clinton authorized a "top-secret" plan
against Slobodan Milosevic. One part of this plan would use "computer
hackers" to attack his foreign bank accounts. Newsweek went on to say
that the report instructed the CIA to wage "cyberwar" against
Milosevic.
HNN Archive for May 24, 1999
HNN Archive for July 6, 1999
Yugoslavia Cut Off from the
Net? - Buffer Overflow Article
Sweden announced the formation of a cyber defense force.
HNN Archive for July 14, 1999
Nobel Peace Prize laureate Jose Ramos-Horta claimed that hundreds of
people around the world were poised to launch a cyber attack against
Indonesia should there be any tampering in the election process for
East Timor's freedom. No evidence was given for this cyber arsenal
build up and no attack ever came. Connect Ireland, the ISP supposedly
targeted by Indonesian forces earlier in the year asked that no
internet attacks be launched.
HNN Archive for August 20, 1999
Connect Ireland - response to
Indonesian threats
A Chinese military newspaper covering the activities of China's Peoples
Liberation Army has called for the recruitment of 'civilian hackers'
and for the training of 'cyber warriors' at Army schools.
HNN Archive for August 4, 1999
We hope that this disturbing trend does not continue into the next
year. It will be an extremely bad day when the internet is legislated
as a weapon of war.