Hackers wipe out an ISP during hacking contest By Alex Wellen, CyberCrime, ZDTV April 9, 1998 8:16 AM PDT A small ISP and its 5,000 customers were innocent casualties of a hacker wargame last Thursday and part of Friday. For almost 36 hours Rt66 Internet and its customers were off-line, courtesy of a hack attack that erased the ISP's operating system. According to one rt66.com admin, the system was NOT deleted. It all began when Carolyn Meinel, creator of a hacker wargame, challenged the Net community to "Hack this Site" two weeks ago. Since then, it's been under almost constant attack, receiving an average of 1,000 hack attempts a day. A nice arbitrary figure. When asked for logs or proof of this figure, nothing was provided. The ISP, Rt66 Internet, fought off almost all the attacks, which were primarily IP-spoofing attacks that hide the identity of the attackers. But last week, one hacker was able to gain root access at the server level and erase a substantial amount of information, including the operating system itself. The barrage of attacks is in response to the mid-March launch of Meinel's "King of the Hill" Web site, which encourages participants to hack into a "designated" system, then defend it from future intruders. Attacks not unexpected Rt66 expected hackers to go after it -- and not just Meinel's Web site -- and has devoted two people full time to maintaining its service. It actually thought hosting the contest would help identify any weaknesses in its own system. "We went into this project with our eyes open," said Mark Schmitz, vice president of Engineering International and co-founder of Rt66, based in Albuquerque, N.M. "Since we didn't have anywhere near as many attacks before the game, I have to assume (the uptick's cause) is the hosting of Carolyn's site." Schmitz said that Rt66 backs up an entire year's worth of information, and as such, downtime was the only damage. "Nothing replaces good backup," he advised. "That's your number one safeguard against attacks." How the attacks worked Meinel said the attacks on her site were initially "denial of service" or "teardrop" attacks which, if successful, could have the effect of simply shutting down the system. Meinel characterized those attacks as "amateurish," "pitiful" and "laughable." The same kind of attack Carolyn Meinel admits to making at least once on sekurity.org ... But after a few days, the "big boys came in," Meinel said. "Instead of attacking the Web site, they went upstream and tried to take out the ISP." Meinel taunted the successful hacker, saying, "Someone is up for a felony now. If I were responsible for causing the loss, I would be wanting to get an identity transplant." Why the hack attacks? Such strong opinions, and Meinel's self-promotion, have probably increased the frenzy of the attackers. They also make her the target of considerable criticism -- much of which predates the King of the Hill contest. "People don't like her because she ... tries to appeal to the media as some all-knowing hacker," claimed one hacker using the handle "fh" in an e-mail sent to ZDTV's CyberCrime. A number of other hackers have sent highly anti-Meinel e-mails to CyberCrime. An anti-Meinel Web site There's also at least one anti-Meinel Web site, which includes archives of many of her publications along with point-by-point criticisms. The site claims, among other criticisms, that Meinel "does not have the required skill set to adequately teach hacking." http://www.dim.com/~jericho/shame is the site. Judge for yourself. "I'm not just inventing this stuff -- this stuff is all common knowledge," Meinel said. "I am a research engineer. The majority of books are not filled with 100 percent original stuff." As for her contest, she said "to my knowledge, this is the first actual hacker wargame open to the public that includes instructions, and allows the contestants to practice defensive skills as well as break-in skills." This idea was taken directly from the contest setup by Jeff Moss at Defcon 2, or other systems before that. A vote for Meinel Rt66's Schmitz doesn't consider Meinel's wargame, her e-zines, or book illegitimate. "I've never seen anyone take the time and organize this information and frame it like this book," he said. He added that he considers her credible. He also hasn't searched the web for this information. In the meantime, Rt66 continues to monitor activity 24 hours a day. "continues", implying they were monitoring when they got hacked in the first place.