Hackers wipe out an ISP during hacking contest
By Alex Wellen, CyberCrime, ZDTV
April 9, 1998 8:16 AM PDT

A small ISP and its 5,000 customers were innocent casualties of a hacker
wargame last Thursday and part of Friday. For almost 36 hours Rt66
Internet and its customers were off-line, courtesy of a hack attack that
erased the ISP's operating system. 

According to one rt66.com admin, the system was NOT deleted.

It all began when Carolyn Meinel, creator of a hacker wargame, challenged
the Net community to "Hack this Site" two weeks ago. Since then, it's been
under almost constant attack, receiving an average of 1,000 hack attempts
a day. 

A nice arbitrary figure. When asked for logs or proof of this figure,
nothing was provided.

The ISP, Rt66 Internet, fought off almost all the attacks, which were
primarily IP-spoofing attacks that hide the identity of the attackers. But
last week, one hacker was able to gain root access at the server level and
erase a substantial amount of information, including the operating system
itself. 

The barrage of attacks is in response to the mid-March launch of Meinel's
"King of the Hill" Web site, which encourages participants to hack into a
"designated" system, then defend it from future intruders. 

Attacks not unexpected 

Rt66 expected hackers to go after it -- and not just Meinel's Web site --
and has devoted two people full time to maintaining its service. It
actually thought hosting the contest would help identify any weaknesses in
its own system.

"We went into this project with our eyes open," said Mark Schmitz, vice
president of Engineering International and co-founder of Rt66, based in
Albuquerque, N.M. "Since we didn't have anywhere near as many attacks
before the game, I have to assume (the uptick's cause) is the hosting of
Carolyn's site." 

Schmitz said that Rt66 backs up an entire year's worth of information, and
as such, downtime was the only damage. 

"Nothing replaces good backup," he advised. "That's your number one
safeguard against attacks." 

How the attacks worked

Meinel said the attacks on her site were initially "denial of service" or
"teardrop" attacks which, if successful, could have the effect of simply
shutting down the system. Meinel characterized those attacks as
"amateurish," "pitiful" and "laughable." 

The same kind of attack Carolyn Meinel admits to making at least
once on sekurity.org ...

But after a few days, the "big boys came in," Meinel said. "Instead of
attacking the Web site, they went upstream and tried to take out the ISP." 

Meinel taunted the successful hacker, saying, "Someone is up for a felony
now. If I were responsible for causing the loss, I would be wanting to get
an identity transplant." 

Why the hack attacks?

Such strong opinions, and Meinel's self-promotion, have probably increased
the frenzy of the attackers. They also make her the target of considerable
criticism -- much of which predates the King of the Hill contest. 

"People don't like her because she ... tries to appeal to the media as
some all-knowing hacker,"  claimed one hacker using the handle "fh" in an
e-mail sent to ZDTV's CyberCrime. 

A number of other hackers have sent highly anti-Meinel e-mails to
CyberCrime. 

An anti-Meinel Web site

There's also at least one anti-Meinel Web site, which includes archives of
many of her publications along with point-by-point criticisms. 

The site claims, among other criticisms, that Meinel "does not have the
required skill set to adequately teach hacking." 

http://www.dim.com/~jericho/shame is the site. Judge for yourself.

"I'm not just inventing this stuff -- this stuff is all common knowledge,"
Meinel said. "I am a research engineer. The majority of books are not
filled with 100 percent original stuff." 

As for her contest, she said "to my knowledge, this is the first actual
hacker wargame open to the public that includes instructions, and allows
the contestants to practice defensive skills as well as break-in skills." 

This idea was taken directly from the contest setup by Jeff Moss at
Defcon 2, or other systems before that.

A vote for Meinel

Rt66's Schmitz doesn't consider Meinel's wargame, her e-zines, or book
illegitimate. 

"I've never seen anyone take the time and organize this information and
frame it like this book," he said. He added that he considers her
credible. 

He also hasn't searched the web for this information.

In the meantime, Rt66 continues to monitor activity 24 hours a day.

"continues", implying they were monitoring when they got 
hacked in the first place.