Internet Security Systems' Web Site Defaced - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Internet Security Systems' Web Site Defaced

Hacker group splatters site with antiwar rhetoric.

Remember those Internet Security Systems Inc. television ads that featured hackers targeting unsuspecting corporate networks? On Monday, ISS became the target of attack from a group of hackers calling themselves "Unix Security Guards."

The hackers attacked the site where ISS runs its X-Force Internet Watch program, in which ISS provides free BlackIce personal firewall software to college students and hosts a medium for students to discuss information about BlackIce and how they can protect themselves from hacker attacks. ISS also offers free analysis of trends to the students about attacks against their systems.

The site, which is not ISS's homepage, is located at http://xfiw.iss.net/.

Apparently, the site wasn't secure. According to Zone-h.org, a site that tracks Internet attacks, the Unix Security Guards took advantage of the now well-known Microsoft WebDAV vulnerability to splatter anti-war rhetoric on the site. On March 17, ISS posted an alert about the WebDAV vulnerability, labeled the vulnerability "very serious," and said because the company had spotted a tool available on the Internet that made it easier for hackers to attack this vulnerability, "fixes or temporary workarounds should be applied immediately."

As of Tuesday morning the site was not available.

"ISS has confirmed that one Web page that was a part of a research project was modified on a noncritical server on an isolated network that provides free copies of BlackIce PC Protection to university students. No further attacks have occurred," ISS said in a statement Tuesday.

However, in a new twist, the security company later said the Web site, while being a legitimate site to exchange security information and download free copies of security software was also an ongoing experiment. "It was a honeypot," an ISS spokeswoman said. "We, as most security companies, have many honeypots for research purposes. It was bait to be hacked," she says.

Honeypots are common security tools in very large organizations and universities. They are placed on the Internet to attract and study hackers in a controlled environment where no critical information is in jeopardy.

ISS's X-Force security research group is well known and highly regarded in security circles. Its researchers have discovered flaws in many common applications. Most recently the group discovered a vulnerability in the popular Sendmail software which is estimated to handle more than 70% of the world's E-mail.

Not surprisingly, security companies and related organizations are popular targets for hackers. Late last month, one member of the hacker group known as Fluffi Bunni dug himself his own hole when he showed-up at the InfoSecurity 2003 conference in London, where British authorities arrested him for his potential involvement in a string of Web-site attacks, including some big names in security.

Fluffi Bunni kicked dirt on a few prominent names in information security when the group defaced the Web sites of security vendor SecurityFocus (now owned by Symantec Corp.), as well as the security training and education organization The SANS Institute and the security-awareness group Attrition.org

Fluffi Bunni, which uses a pink rabbit as its logo, caught the attention of law enforcement shortly after the Sept. 11 terrorist attacks when the group defaced thousands of Web sites with the ominous message: "Fluffi Bunni Goes Jihad."

The group also demanded $5 million in a brown paper bag and "Mr. Bin Laden" to be handed over "If you want to see the Internet again."

Also, last year, the federally funded CERT Coordination Center's Web site was knocked offline by a massive distributed denial of service attack.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Slideshows
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Commentary
Preparing for the Upcoming Quantum Computing Revolution
John Edwards, Technology Journalist & Author,  6/3/2021
News
How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll