Hacker group splatters site with antiwar rhetoric.
Remember those Internet Security Systems Inc. television ads that featured hackers targeting unsuspecting corporate networks? On Monday, ISS became the target of attack from a group of hackers calling themselves "Unix Security Guards."
The hackers attacked the site where ISS runs its X-Force Internet Watch program, in which ISS provides free BlackIce personal firewall software to college students and hosts a medium for students to discuss information about BlackIce and how they can protect themselves from hacker attacks. ISS also offers free analysis of trends to the students about attacks against their systems.
The site, which is not ISS's homepage, is located at http://xfiw.iss.net/.
Apparently, the site wasn't secure. According to Zone-h.org, a site that tracks Internet attacks, the Unix Security Guards took advantage of the now well-known Microsoft WebDAV vulnerability to splatter anti-war rhetoric on the site. On March 17, ISS posted an alert about the WebDAV vulnerability, labeled the vulnerability "very serious," and said because the company had spotted a tool available on the Internet that made it easier for hackers to attack this vulnerability, "fixes or temporary workarounds should be applied immediately."
As of Tuesday morning the site was not available.
"ISS has confirmed that one Web page that was a part of a research project was modified on a noncritical server on an isolated network that provides free copies of BlackIce PC Protection to university students. No further attacks have occurred," ISS said in a statement Tuesday.
However, in a new twist, the security company later said the Web site, while being a legitimate site to exchange security information and download free copies of security software was also an ongoing experiment. "It was a honeypot," an ISS spokeswoman said. "We, as most security companies, have many honeypots for research purposes. It was bait to be hacked," she says.
Honeypots are common security tools in very large organizations and universities. They are placed on the Internet to attract and study hackers in a controlled environment where no critical information is in jeopardy.
ISS's X-Force security research group is well known and highly regarded in security circles. Its researchers have discovered flaws in many common applications. Most recently the group discovered a vulnerability in the popular Sendmail software which is estimated to handle more than 70% of the world's E-mail.
Not surprisingly, security companies and related organizations are popular targets for hackers. Late last month, one member of the hacker group known as Fluffi Bunni dug himself his own hole when he showed-up at the InfoSecurity 2003 conference in London, where British authorities arrested him for his potential involvement in a string of Web-site attacks, including some big names in security.
Fluffi Bunni kicked dirt on a few prominent names in information security when the group defaced the Web sites of security vendor SecurityFocus (now owned by Symantec Corp.), as well as the security training and education organization The SANS Institute and the security-awareness group Attrition.org
Fluffi Bunni, which uses a pink rabbit as its logo, caught the attention of law enforcement shortly after the Sept. 11 terrorist attacks when the group defaced thousands of Web sites with the ominous message: "Fluffi Bunni Goes Jihad."
The group also demanded $5 million in a brown paper bag and "Mr. Bin Laden" to be handed over "If you want to see the Internet again."
Also, last year, the federally funded CERT Coordination Center's Web site was knocked offline by a massive distributed denial of service attack.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.