Hackers Devastate Texas Newspaper's Servers p.45

By: HOAG LEVINS THE SAN ANTONIO Express-News' Web site server systems were severely damaged by a hack-attack in mid-April, according to a company official who addressed an opening day Nexpo New Media workshop in New Orleans.
Although scheduled to give a relatively dry technical speech about how to set up and operate equipment for an Internet Service Provider (ISP) business, Express-News online managing editor Jon Donley revealed that his newspaper's ISP, as well as eight other regional ISPs, suffered major hack-attacks seven weeks ago.
He said none of the other eight ISP companies have publicly acknowledged being hacked and that the newspaper had learned the details of those incidents "from the FBI" with whom it's cooperating. He declined to provide further details about the other companies or the FBI activities.
Donley indicated that investigations underway by the San Antonio police, as well as the FBI, have identified suspects and that "arrests are expected soon."
He declined to provide further details about the investigations or identities of the suspects except to say they included a high school student and an unspecified group of adults who were part of what he described as an "elite" group of Unix-knowledgeable programmers.
Donley said a "Unix security conference" was held in San Antonio the same week the first hack-attack occurred and that investigators are pursuing the possibility that some conference participants may have engineered the attack on local ISP servers as "an object lesson" in server security flaws.
He said that shortly after the newspaper was certain it had been hacked, it offered a reward of $25,000 for information leading to the arrest of the culprits.
He said "we expect to pay it," indicating that the reward offer had already produced information useful to local police and the FBI.
Donley said that seven weeks after the Express-News' service suffered the attack that closed down both its ISP business and its Web site, its systems were still not fully repaired."We have 300,000 pages on our Web site and as far as we can determine, every one of them was screwed up so that we've had to go through it level by level," he explained. He said a complete financial assessment of the total financial damages and losses caused by the disaster was underway.
The newspaper has taken emergency measures to install new, high-level fire wall systems to insulate its online operations from other internal computer networks, including the one that connects to the headquarters of its parent, Hearst Newspapers.
He said investigations determined that hackers inserted the first destructive programs into the ISP's Unix server on April 13. The corrupting code soon spread throughout the Unix Web site files as well.
But the event he characterized as "explosion day" didn't happen for another week. Then, suddenly, none of the assigned system's passwords worked for either inside operators or the ISP's customers. Attempts to use ISP accounts resulted in a notice that the user had entered an invalid password. Then other functions began to go haywire.
"At first, we thought MIS had screwed up again ? that it was an internal problem," said Donley. However, technicians soon discovered havoc throughout the system's code structures and responses. Crucial functions had been diabolically reprogrammed by the invaders. For instance, whenever the command to call up an individual Unix file was entered, that file was actually deleted. Both the lSP and Web site soon crashed, their structures destroyed.
?E&P Web Site: http://www.mediainfo.com
?copyright: Editor & Publisher June 28, 1997


No comments on this item Please log in to comment by clicking here