Return-Path: <sentto-279987-4369-1011797235-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 23 Jan 2002 06:49:08 -0800 (PST) Received: (qmail 19460 invoked by uid 510); 23 Jan 2002 14:47:12 -0000 Received: from n23.groups.yahoo.com (216.115.96.73) by all.net with SMTP; 23 Jan 2002 14:47:12 -0000 X-eGroups-Return: sentto-279987-4369-1011797235-fc=all.net@returns.groups.yahoo.com Received: from [216.115.97.164] by n23.groups.yahoo.com with NNFMP; 23 Jan 2002 14:47:15 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_1_3); 23 Jan 2002 14:47:15 -0000 Received: (qmail 44313 invoked from network); 23 Jan 2002 14:47:14 -0000 Received: from unknown (216.115.97.171) by m10.grp.snv.yahoo.com with QMQP; 23 Jan 2002 14:47:14 -0000 Received: from unknown (HELO red.all.net) (12.232.72.98) by mta3.grp.snv.yahoo.com with SMTP; 23 Jan 2002 14:47:14 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g0NEljj29896 for iwar@onelist.com; Wed, 23 Jan 2002 06:47:45 -0800 Message-Id: <200201231447.g0NEljj29896@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 23 Jan 2002 06:47:45 -0800 (PST) Subject: [iwar] [fc:17-year-old.hacker.penetrated.DND.network] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit 17-year-old hacker penetrated DND network Gary Dimmock, Ottawa Citizen, 1/22/02 <a href="http://www.nationalpost.com/news/national/story.html?f=/stories/20020119/1180544.html">http://www.nationalpost.com/news/national/story.html?f=/stories/20020119/1180544.html> The leader of an international hacker group that penetrated over a Department of National Defence computer system in 1999 was a 17-year-old high school student who gained access to the security network in 10 minutes from his mother's kitchen table. Russell Sanford, now 19 and serving two years in a Texas prison, designed complex software that exploited one of Canada's military networks via its Website intermittently for three days. "I wanted to show everyone how easy it was. I was thrilled to find such a high-profile site with such a common security weakness," said Sanford, whose story has gone untold until now. "We wanted people to know how weak they actually were. Government security is like a poker bluff. You think they are pretty secure, but when you come down to it, they're not," he said. A military computer-intrusion unit could not immediately identify how the teenager breached its system. It took days to repair the system's vulnerabilities. Sanford, known as " egodeath" on the Internet, did not access or intercept any classified data. Instead, he left instructions on how DND could better protect its network. " I didn't do anything malicious although I could have," he said. "Once I broke in, it was as if I was sitting at their keyboard." He was not doing it for money, but for the thrill. "Once you find a vulnerability and squeeze through the hole, it gives you personal satisfaction that is hard to describe. For me, it's better than sex and the feeling certainly lasts longer." It took U.S. investigators a year to build their case against the him. He always hacked into a dozen or more shell computers before launching his attacks, making him nearly impossible to track. And he used different aliases, or digital alter-egos to claim responsibility. "The DND site was an easy target. It was pretty weak. At the time, there were all kinds of patches they could have downloaded for free to fix the problem, but they never did." In a three-month period ending in January, 2000, "egodeath" hacked into about 80 computer networks, including the United States Postal Service. "We were going for a record and we were on a rampage." Most of his " accomplishments" were recorded at attrition.org, a non-profit Website that tracks hacker activity, and his late-night game sparked an intense investigation by U.S. authorities. It was his partner, a less experienced, easy-to-track hacker, who got caught. The 15-year-old boy was spared prosecution for turning evidence against Sanford. Months later, U.S. law enforcement agents raided Sanford's home in Irving, Tex., a Dallas suburb, seizing his computers and rousing him from sleep for questioning. On Dec. 6, 2000, Judge Karen Greene spared him jail time, sentencing him to five years' probation on condition that he keep the peace, stay offline, submit to random polygraph tests for proof and pay US$45,000 in restitution -- the value prosecutors said he caused in damage, although none of the hacked sites denied service to the public. In January, 2001, Sanford violated his probation by selling LSD. The judge revoked his probation and sentenced him to two years in Hutchins State Jail. Though he believes he has lost two years of his life to state prison, he says his time behind bars has turned his life around. "If I can stay off drugs in here, I'll be able to do it once I'm out," he said. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Sponsored by VeriSign - The Value of Trust Do you need to encrypt all your online transactions? Find the perfect solution in this FREE Guide from VeriSign. http://us.click.yahoo.com/jWSNbC/UdiDAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST