Fox News – FBI Narrows Hunt in Website Attacks – February 14, 2000

NEW YORK — U.S. investigators are focusing on a handful of potential suspects in last week’s attacks on major Web sites, Internet security experts and hacker sources familiar with the investigation said on Monday.

As experts traced the Web site blitzkrieg to a virulent new software program, Tribal Flood Network, used to break into computer networks, Internet security firms raced to offer updated programs to fend off new attacks.

U.S. law enforcement sources said the FBI was making progress in tracing the source of the attacks, but the officials did not expect any imminent breakthroughs or arrests.

A FBI spokeswoman declined to comment on the status of the investigation. Asked whether the FBI was looking at a handful of hackers or if the probe had narrowed to specific software, agency spokeswoman Debbie Weierman said, “We have no comment.”

The FBI sought over the weekend to interview “Mixter,” a 20-year-old programmer from Hanover, Germany and creator of ”Stacheldraht” (Barbed Wire), a variant of the Tribal Flood software, security experts said. However, he is not a suspect himself, they added.

“The FBI is looking at certain people, we know that much,” said John Vranesevich, founder and head of AntiOnline, a Beaver, Pa.-based Web security site that tracks hacker behavior and turns over information to authorities.

A federal law enforcement official said the FBI was conducting interviews with hackers, computer security experts and anyone else who might have knowledge about the attacks.

“We want to talk to everyone we can,” the official said. ”We want to listen to the chatter through the Internet hacker community and see where that ends up.”

The official said investigators have yet to zero in on any potential suspects. “I don’t get the idea that we got the guy,” he said.

The hunt for the perpetrators is proceeding as government officials and Internet industry figures prepare to meet at the White House on Tuesday for a summit on how to respond to the threat posed by the intruders.

In keeping with the fractious nature of the hacker subculture, scores of anonymous participants in Internet chat rooms have come forward to finger rivals in recent days.

Several self-described hackers named online acquaintances as possible suspects in order to disassociate themselves from what they see as criminal vandalism. The attacks, they said, have given a bad name to their work advancing Web security.

“The people who did it are idiots. What they were doing is totally stupid. That’s just lame,” said one 17-year-old Florida hacker who boasted of his own exploits in defacing U.S. government Web sites. He declined to identify himself, but security experts have verified his activities.

The Wall Street Journal reported Monday that authorities were also seeking a hacker with the screen name “mafiaboy.” AntiOnline’s Vranesevich discounted the report and said that much of the evidence was contradictory.

“Sixty people or more are saying ‘It’s me,’ or “I know who did it and this is who it is.’ People are publishing manifestos, stating their causes, and others are turning over logs of chat rooms where individuals claim responsibility,” Vranesevich said.

The AntiOnline site (http://www.antionline.org) included a statement on Saturday signed by Mixter, acknowledging his software may have been used to mount the attacks. But he said his own motivation was a desire to foster Web security.

“Of course, the recent malicious attacks against e-commerce sites are something different, something completely wrong and criminal,” Mixter wrote, in seeking to distinguish his ”non-malicious” efforts from those of the attackers.

Vranesevich, a 21-year-old former student at the University of Pittsburgh, said he believes the attacks are the work of a small group of three to six hackers in their late teens to early 20s. His conclusion was drawn from a database assembled his group from 7,200 individual hacker profiles over the past five years.

“All we know is that the FBI wants to talk to him,” Vranesevich said of Mixter. “I can tell you flat out that Mixter has nothing to do with these attacks.

“Mixter has been cooperating with us in tracking these people down. He has been working with us to catch the people who are doing this and has provided key details,” Vranesevich added.

Earlier Monday, German authorities said they had received no request from U.S. officials related to Mixter. Der Spiegel magazine had reported over the weekend that he was being sought by German police, the FBI and Russian police.

Several computers have been identified as having “zombie” programs that were potentially used in attacks on Yahoo Inc. (YHOO.O), eBay Inc. (EBAY.O), E-Trade Group Inc. (EGRP.O) and other sites last week, said Tony Welz, a spokesman for Network Associates Inc. (NETA.O), a top computer security provider.

Zombies refer to computers taken over by hackers to launch coordinated attacks on major Web sites.

Welz said computers on networks at two California universities, a midwestern U.S. college and a Berlin university, and a non-academic site in southern California could have been ”virtually” hijacked to mount the attacks.

But the search has been complicated by the absence of much hard electronic evidence to provide a trail back to the vandals, law enforcement officials and security experts said.

In a telephone interview, “ytcracker,” a 17-year-old hacker from Colorado Springs, Colo., spoke of the thrill of breaking into computer networks, while criticizing last week’s attacks on ecommerce sites. His work is cataloged on the Hacker News Network site at http://www.hackernews.com.

“Kids like us go out every day and have fun, and then we come home and rule the world,” he said.

Source

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply