WASHINGTON (03/20/2000) - A hacker group known as "Crime Boy's" launched cyberattacks over the past two weeks against World Wide Web pages maintained by the U.S. Interior Department and the U.S. Army, and several times tried to hack into a NASA system.
The hackers, believed to work from Brazil, last week defaced the main Web pages maintained by the Bureau of Land Management's National Training Center and the Army's Reserve Officer Training Corps Command. The group also attempted a third series of attacks against NASA's Jet Propulsion Laboratory, forcing the agency to block all Internet traffic from Brazil.
Reports also surfaced last week that the National Postal Mail Handlers Union site, which is accessible through the U.S. Postal Service's intranet, had been attacked, but it was unclear who tried to carry out the attack.
The Crime Boy's broke into the National Training Center site, which is part of the BLM, at 8 p.m. March 12, and replaced the agency's Web page with a page protesting what the group called a "corrupt" Brazilian government.
The message they left was jumbled: "Hello, Crime Boys [sic] entered in your server for two reasons, for him to be badly configured, or better, very badly configured, and to protest against the Brazilian government, a corrupt government, that nothing does for Brazil to improve."
The hackers launched a second attack March 16, replacing the page a second time. "We went in to make some corrections, and they came in right on our heels," a BLM spokesman said.
Although the spokesman said the damage was limited to two Web pages, BLM officials said they are working with federal authorities on patches to "inherent vulnerabilities" in Microsoft Corp.'s Internet Information Server Version 4.0.
Security officials at NASA's JPL detected a "fairly substantial number of attacks" that originated in Brazil, said Frank O'Donnell, spokesman at the Pasadena, Calif.-based laboratory. The agency restricted almost the entire country of Brazil from viewing the agency's Web sites and also installed security patches, O'Donnell said. JPL removed the block at noon EST on March 17.
Philip Loranger, chief of the Command and Control Protect Division at the Army's Information Assurance Office, announced March 14 that the Crime Boy's had threatened to take down the main Army home page. However, sources say that page was too difficult to crack because it is based on the Apple Computer Inc.'s Macintosh WebStar platform.
"The main [Army] site was switched to a server that was practically un-hackable," said Alex McCombie, co-founder of New World Media Inc. and one of more than 30 witnesses to the attack on the ROTC site.
A hacker known as "-artech" and who claims to have hacked into the Army's deputy chief of staff for training Web page, said the Crime Boy's are a new group that use unsophisticated attack methods, including exploiting vulnerabilities in Microsoft Corp.'s FrontPage and Active Perl. "If they do hack a site, it will just be a small FrontPage hack, which isn't a problem to stop," the hacker said. Steven Aftergood, an intelligence specialist with the Federation of American Scientists, said although the attacks do not mean federal systems are helplessly vulnerable, "this suggests that even the most elementary of security protections were not in place."
As of late Friday, agencies had yet to file a report on the incidents, said Dave Jarrell, program manger for the Federal Computer Incident Response Capability. "I have noticed some unusual traffic patterns and have been wondering if something is going on, but I have not heard from any federal agencies," Jarrell said.
Contributing: Paula Shaki Trimble, Natasha Haubold and Diane Frank.