[This whole topic/thread has become somewhat interesting in the past few days. A few things to consider: One of the widely spread articles was a press release from Ian Murphy and his company. In it he called his company the "number one leading company for information security" or something of the sort. William Knowles pointed that out in a post to dc-stuff, where he quoted the URL to this article. James Glave jumped on William's case about misquoting and various other 'wrongs'. Should be interesting to see the outcome of all this. I still question why Ian Murphy would get involved for any other reason than media attention.]

Hacking Posse (Mostly) Leaves Web in Peace

by James Glave

7:00pm 27.Mar.98.PST

http://www.wired.com/science/discoveries/news/1998/03/11301

A group of hackers and crackers who counted among their members two of the three teens implicated in recent attacks on US military Web servers have stated that their days of defacing Web sites are over - sort of.

"We, the Enforcers, have decided that it would be in the best interests of the hacking community and the security community at large to cease and desist all Web site hacking of external businesses," an Enforcers statement read. But an Enforcers member who goes by the name "paralyse" told Wired News that the declaration came with a catch.

The truce applies only to "external" sites, which paralyse defined as "sites external to the goals of the group." Their self-professed mission has been the elimination of online child pornography and racism, but critics have suggested that claim is a false front.

Many groups claim to act based on ridding the net of child porn or racism or any other socially frowned upon activity. If that is the case, then where is the proof of them hacking pages of people practicing these bad things? Like many groups, hacking innocent third parties in the name of ridding child porn does nothing to stop it.

Enforcers also stopped short of calling an end to denial of service attacks. Those attacks, which clog up servers, denying network access to legitimate users, are far more destructive than what otherwise has amounted to graffiti scrawled on random Web sites.

I have never seen a web page hacked by the Enforcers. Hard to believe that a hacking group of this size has never had a page verified to be hacked.

When asked if the declaration also extended to denial-of-service attacks, paralyse said, "I can't comment on that."

Why not? A member of the group can't comment on the group's activity or plans? Seems a bit odd.

The Enforcers are a close-knit hacking group of about 25 to 30 people, of varying ages, from around the world. Group members have claimed that some of their ranks have defaced numerous Web sites, and also have allegedly launched denial-of-service attacks against Internet Service Providers (ISPs) and Internet Relay Chat (IRC) channels.

Allegedly. First off, this is unverified yet Glave reports it anyway. Second, DoS attacks against ISPs and IRC are immature script kiddy tactics. So what if they did? What does it prove, or how does it further their supposed goal?

"Most warez people [software pirates] tend to say they are against child porn also, but warez doesn't help or justify anything, nor does it prevent child porn," said an IRC operator who goes by the name "play."

"Same goes for hacking, what relevance does it have?" asked play. IRC operators are the overlords of the global text-based chat network called the Undernet, the meeting place for Enforcers and many other hacking groups.

Another IRC operator named "danie," agreed that the Enforcers declaration was meaningless.

"I don't think they'll stop harassing the small powerless individuals," danie said. "Perhaps commercial sites will have some reprieve ... but it's their [enforcers'] drug. They have to do something, their threats are a dead end and they perhaps realize it but I don't think they will hold to it ... no," he said.

Another IRC operator said that Analyzer, the youth arrested in Israel for allegedly breaking into more than 400 US government Web servers, had attacked ISPs with denial-of-service attacks.

"The ISP I work for has been attacked by Analyzer at least once," said the operator, who goes by the name "OmniDynmc."

On Friday, Infowar, an online resource dedicated to fighting threats to network infrastructure, put out a news release stating that Ian A. Murphy, CEO of IAM/Secure Data Systems, had been negotiating with the Enforcers and come to an agreement.

But Enforcers recently had a falling out with Murphy, and paralyse said Murphy's press release, which went out over PR Newswire, is not an entirely accurate account of their position.

Doesn't matter if it is accurate. Murphy has no authorization to speak for anyone other than himself. His claim to call truce between the Enforcers and anyone else is shameless media hype for himself, nothing else.

"I want two things from [the Enforcers declaration]," paralyse told Wired News. "1) less government and corporation scrutiny and 2) less press hype - so that should hopefully have an effect," he said.

"I want less press hype.." he says in a press article.

Neither representatives for Infowar, nor Ian A. Murphy, could be reached for comment.


main page ATTRITION feedback