"It is good beating proud folks, for they will not complain"
Tue, 16 May 2000 11:55:08 -0500
Brian Martin (jericho@attrition.org)


William Knowles pointed me to www.realspy.com today, as they had apparently changed their web page after a recent defacement.

Below is the message currently up on their server:

   Due to hackers rewriting my pages from others websites, we will be
   down for 1 to 2 weeks to reconfigure a hardware firewall and newly
   designed web page.

   We are sorry for this inconvenience

   On another note, to all you harmfull hscker and crakers---YOU CAN KISS
   MY ASS!

   I am a member of the FBI's ANSIR program and I will be turning IP
   address from my server logs over to them to (5-15-2000) today.

   Just remember, don't pick up the soap!
This pathetic and unprofessional message demands several points be made.
   Due to hackers rewriting my pages from others websites, we will be
   down for 1 to 2 weeks to reconfigure a hardware firewall and newly
   designed web page.
Perhaps this is how some companies reach exceptionally large damage figures. Rather than hiring a security consultant for one day of work, patching the hole and getting back to business, they use it as an excuse to redesign the site. The charges associated with web design no doubt get lumped into the 'hacker damage' figure. If the down time is 2 weeks to "reconfigure" a hardware firewall, this shows a complete lack of technical proficiency in applying basic security to a web site.
   On another note, to all you harmfull hscker and crakers---YOU CAN KISS
   MY ASS!
Great encouragement here. I am sure a 'real spy' would say exactly this. You've already proven you are vulnerable and the computer criminals have one upped you. Challenging them to do it again can only serve to hurt you further and subject you to more attacks. Even if it is a trap with FBI agents lying in wait, it is still taking away from your business. When the next computer criminal breaches this site, do you think they will stop with a simple web page defacement?

I won't even go into the whole 'hscker vs craker' debate.

   I am a member of the FBI's ANSIR program and I will be turning IP
   address from my server logs over to them to (5-15-2000) today.
This is an exceptional advertisement for the FBI ANSIR team, really. What is ANSIR exactly, and what do they do?
   http://www.fbi.gov/programs/ansir/ansir.htm

   The program is designed to provide unclassified national security
   threat and warning information to U.S. corporate security directors
   and executives, law enforcement, and other government agencies.
Looking at a few of their advisories:
   99-002  Upcoming Significant Anniversary Dates
   99-007  China Cyber Activity Advisory
   99-010  Well-publicized Hacker Activity Against U.S. Government Sites
Wow, what a truly relevant program to tout to hackers. Why not proclaim your membership with a tennis club and threaten hackers with that too? In case you aren't aware, ANYONE can report computer crime to the FBI. They make it quite simple really. Here is a list of all their field offices in case you'd like to report some crime yourself:

     http://www.fbi.gov/fo/fo.htm

This of course begs the questions, why didn't ANSIR warn him about the vulnerability used to exploit and deface the web site. Oh wait...

And the last comment from www.realspy.com:
   Just remember, don't pick up the soap!
This sounds like something straight off the 'Happy Hacker' web site. The vague threat that the computer criminal will not only be caught, but prosecuted and sentenced to time in prison where they will have less than pleasant relations with other prisoners. Given the rash of web defacers who have taunted the FBI and proclaimed they would never be caught, this hardly seems a deterent. More so that few of them ever see the inside of a jail or prison.

So what does this kind of message really accomplish? Absolutely nothing productive. It only serves to encourage more attacks, waste time and resources that should be spent on business, and generally make the owner look like a fool.

Why am I writing and picking on this site? Because in the course of mirroring over a thousand defaced web pages, I have seen this reaction before. What I haven't seen is a productive result following this kind of obnoxious note being posted. I have only seen it cause further hassle, further embarassment, and further work for the FBI.

Please, swallow your pride and respond to these incidents in a better fashion. Starting pissing wars with people that know computer security better than you doesn't seem too bright.