[My comments are in brackets. No portion of this article has 
 been left out.]

Hackers wipe out an ISP during hacking contest
By Alex Wellen, CyberCrime, ZDTV
April 9, 1998 8:16 AM PDT

A small ISP and its 5,000 customers were innocent casualties of 
a hacker wargame last Thursday and part of Friday. For almost 36 
hours Rt66 Internet and its customers were off-line, courtesy of 
a hack attack that erased the ISP's operating system.

[According to wizard@rt66.com (owner or primary admin) on a 
 phone call April 12 @ 1:15pm, "the machine was not taken down at 
 all. The telnet daemon was  disabled for ~36 hours."]

It all began when Carolyn Meinel, creator of a hacker wargame, 
challenged the Net community to "Hack this Site" two weeks ago. Since 
then, it's been under almost constant attack, receiving an average of
1,000 hack attempts a day.

[Ms Meinel is not the creator of this type of game. She is merely an
 organizer of THIS iteration of the game. As for 1000 atttempts a
 day, does anyone have logs to verify this number?]

The ISP, Rt66 Internet, fought off almost all the attacks, which were 
primarily IP-spoofing attacks that hide the identity of the attackers. 
But last week, one hacker was able to gain root access at the server 
level and erase a substantial amount of information, including the 
operating system itself.

[rt66.com has been hacked three seperate times as a result of this
 contest according to Mark Schmitz (wizard@rt66.com).]

The barrage of attacks is in response to the mid-March launch of 
Meinel's "King of the Hill" Web site, which encourages participants 
to hack into a "designated" system, then defend it from future intruders.

Attacks not unexpected
Rt66 expected hackers to go after it -- and not just Meinel's Web 
site -- and has devoted two people full time to maintaining its service. 
It actually thought hosting the contest would help identify any weaknesses 
in its own system.

"We went into this project with our eyes open," said Mark Schmitz, vice 
president of Engineering International and co-founder of Rt66, based in 
Albuquerque, N.M. "Since we didn't have anywhere near as many attacks 
before the game, I have to assume (the uptick's cause) is the hosting of 
Carolyn's site."

Schmitz said that Rt66 backs up an entire year's worth of information, and 
as such, downtime was the only damage.

"Nothing replaces good backup," he advised. "That's your number one 
safeguard against attacks."

[So we must question, were the three compromises from different holes 
 in the system, or were admins backing up from archives and restoring the 
 same hole over and over again?]

How the attacks worked
Meinel said the attacks on her site were initially "denial of service" or 
"teardrop" attacks which, if successful, could have the effect of simply 
shutting down the system. Meinel characterized those attacks as 
"amateurish," "pitiful" and "laughable."

But after a few days, the "big boys came in," Meinel said. "Instead of 
attacking the Web site, they went upstream and tried to take out the ISP."

Meinel taunted the successful hacker, saying, "Someone is up for a felony 
now. If I were responsible for causing the loss, I would be wanting to get 
an identity transplant."

[Ms Meinel has made this same threat/claim for the past two years. Each time
 her host is succesfully hacked, she taunts the hacker(s) responsible and
 claims they better hide or they will "spend time with a cell mate named Spike".
 How many of these hackers has she or her admins caught?]

Why the hack attacks?
Such strong opinions, and Meinel's self-promotion, have probably increased 
the frenzy of the attackers. They also make her the target of considerable 
criticism -- much of which predates the King of the Hill contest.

"People don't like her because she ... tries to appeal to the media as some 
all-knowing hacker," claimed one hacker using the handle "fh" in an e-mail 
sent to ZDTV's CyberCrime.

A number of other hackers have sent highly anti-Meinel e-mails to CyberCrime.

An anti-Meinel Web site
There's also at least one anti-Meinel Web site, which includes archives of 
many of her publications along with point-by-point criticisms.

The site claims, among other criticisms, that Meinel "does not have the 
required skill set to adequately teach hacking."

"I'm not just inventing this stuff -- this stuff is all common knowledge," Meinel 
said. "I am a research engineer. The majority of books are not filled with 100 
percent original stuff."

As for her contest, she said "to my knowledge, this is the first actual hacker 
wargame open to the public that includes instructions, and allows the contestants 
to practice defensive skills as well as break-in skills."

[Key words: "to my knowledge".]

A vote for Meinel
Rt66's Schmitz doesn't consider Meinel's wargame, her e-zines, or book 
illegitimate.

"I've never seen anyone take the time and organize this information and frame 
it like this book," he said. He added that he considers her credible.

[And who is he to "Certify" her so to speak?]

In the meantime, Rt66 continues to monitor activity 24 hours a day.

[Have they notified their 5000 customers of this game and the potential
 affect it could have on them? Did they make their customers aware of 
 the probably compromise of their credit card information or the other
 two hacks?]