lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E83E983C3EC9DD45A40B24C4BA3A607505A4B6AD@col1smx01.USE.AD.DLA.MIL>
From: Brian.Ashcraft at dla.mil (Ashcraft, Brian S (Contractor) (DSCC))
Subject: ComputerWorld yanks Slammer worm terrorist 
	story

[Here's an excerpt from Computerworld's now-deleted article that appeared 
yesterday: 'A radical Islamic group that is on the U.S. State Department's 
list of designated terrorist organizations has claimed responsibility for 
the release of the Slammer worm late last month... In an exclusive exchange 
of e-mails with Computerworld spanning two weeks, Abu Mujahid, a spokesman 
for Harkat-ul-Mujahideen (HUM), a self-proclaimed radical Islamic jihadist 
organization, said the group released the Slammer worm as part of a "cyber 
jihad" aimed at creating fear and uncertainty on the Internet... According 
to Mujahid, one of the worm's first instructions, a so-called "push" 
command, includes the number 42, which is the sum of the letters H, U and M 
if you add up the numbers that correspond to the point at which each one 
falls in the Roman alphabet. H is the eighth letter; U is the 21st; M is 
the 13th...' --Declan]

-Declan


http://www.computerworld.com/securitytopics/security/cybercrime/story/0,1080
1,78238,00.html

    Journalist perpetrates online terror hoax
    By DAN VERTON
    FEBRUARY 06, 2003

    Editor's note: An online story yesterday by Computerworld
    reporting on terrorist claims of responsibility for having authored
    the Slammer worm was based on a hoax. The security reporter who wrote
    the story, Dan Verton, explains in this first-person account how he
    and others were misled by a U.S. journalist who pretended to be
    someone named "Abu Mujahid." The original story has been removed from
    Computerworld's Web site.

    ---

    There's an old Italian proverb that says, "Those who sleep with dogs
    will rise with fleas." That's the situation in which I now find
    myself.

    While catching a few fleas isn't unusual in the murky, dog-eat-dog
    world of reporting on hackers and terrorists, this hoax is different.
    Had it been a simple scam, I might be embarrassed. But in this case,
    the scammer is Brian McWilliams, a former reporter for Newsbytes.com,
    which is now owned by The Washington Post Co.

    For the past 11 months, McWilliams has operated a Web site,
    www.harkatulmujahideen.org, which once belonged to a real terrorist
    organization based in Pakistan. It was during legitimate research into
    pro-terrorist Web sites that I first came across the
    Harkat-ul-Mujahideen site and McWilliams.

    In an elaborate scheme to dupe security companies and journalists,
    McWilliams acknowledged last night that he purchased the domain name
    last March and registered it under the name of "Abu-Mujahid of
    Karachi." He also left a legitimate mirror site in place on a server
    in Pakistan and by his own admission has been receiving e-mails from
    people looking to join the actual terrorist group. He then posed as
    Abu Mujahid in his communications with people and the news media.

    [...remainder snipped...]




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------
Like Politech? Make a donation here: http://www.politechbot.com/donate/
Recent CNET News.com articles: http://news.search.com/search?q=declan
-------------------------------------------------------------------------

-----Original Message-----
From: Ken Pfeil [mailto:Ken@...osec101.org]
Sent: Thursday, February 06, 2003 1:05 PM
To: Richard M. Smith; full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] ComputerWorld yanks Slammer worm
terrorist story


For those of you interested in what was posted....




http://www.nwfusion.com/news/2003/0205terrogroup.html

By Dan Verton Computerworld 02/05/03

A radical Islamic group that is on the State Department's list of
designated terrorist organizations has claimed responsibility for the
release of the Slammer worm late last month.

In an exclusive exchange of e-mails with Computerworld spanning two
weeks, Abu Mujahid, a spokesman for Harkat-ul-Mujahideen (HUM), a
self-proclaimed radical Islamic jihadist organization, said the group
released the Slammer worm as part of a "cyber jihad" aimed at creating
fear and uncertainty on the Internet.

U.S. intelligence officials allege that HUM, formerly known as
Harkat-ul-Ansar, has ties to al-Qaeda and Ahmad Omar Sheikh, who was
arrested for the January 2002 kidnapping and murder of Wall Street
Journal reporter Daniel Pearl. The group operates primarily in Pakistan
and the Kashmir region, but it has also run terrorist training camps in
eastern Afghanistan, according to a U.S. Navy profile.

According to Mujahid, one of the worm's first instructions, a so-called
"push" command, includes the number 42, which is the sum of the letters
H, U and M if you add up the numbers that correspond to the point at
which each one falls in the Roman alphabet. H is the eighth letter; U is
the 21st; M is the 13th. When eight, 13 and 21 are added up, the total
is 42

However, Internet security experts were quick to dismiss HUM's claims of
purposely injecting a fingerprint into the code of Slammer as a way to
claim credit.

Pedram Amini, an analyst at iDefense, a security firm based in
Chantilly, Va., said the size of the worm is such that there is very
little room for any arbitrary fingerprints to have been included in the
code. In addition, the push command referenced by Mujahid and the
numbers that followed it are not something a coder could inject, but are
instead something generated by the execution of the code, said Amini.

"It is and has always been my opinion that the author of the worm cannot
be identified [by studying the code]," said Amini. HUM's claim of
injecting a fingerprint into the code "does not hold water," he said,
noting that the code that went into the worm could have been downloaded
from multiple locations on the Internet by anybody.

For example, according to iDefense analysts, a Chinese hacker group
called the Honker Union of China is known to have posted code similar to
that of the Slammer worm on its Web site prior to the attack. In
addition, proof-of-concept code released last August at the Black Hat
hacker conference by researcher David Litchfield is also believed to
have been used as a basis for the worm.

Bill Murray, a spokesman for the U.S. Federal Bureau of Investigation's
National Infrastructure Protection Center (NIPC), would not call members
of HUM suspects, but he did say that an NIPC analyst has looked into the
group in connection with the Slammer investigation.

"Do not underestimate our abilities to create fear and chaos on the
Internet, using programs we find and modify to our purposes," said
Mujahid. "We do not need to attack the infrastructure to terrorize the
Kufars," he said, referring to non-Muslims. "We use the Internet to
spread misinformation and confusion."


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ