Hackers spoof security newsletter
A bogus version of a security newsletter is sent out after hackers break into an ISP that kept the mailing list.
"The ISP was hit and SANS was targeted specifically," said Michele Crabb, a computer security analyst at Cisco Systems who is a coeditor for the newsletter, which appears every six weeks. SANS stands for "Systems Administration, Networking and Security."
ClarkNet, the ISP that hosts the SANS Web site, was not affected by the break-in. Crabb said hackers had previously broken into the ISP to look at the SANS mailing list, which includes about 12,000 names. She did not know how many copies of the bogus newsletter were sent.
"You're counting on the security of that ISP," added Crabb. "When you're dealing with an ISP, you don't have dynamic passwords, so sniffer attacks are widespread."
In an email today, SANS said it had taken "appropriate security measures" but hackers had broken in "to send inappropriate material to our subscribers." The hacked version of the newsletter was based on an old format for the SANS digest, and it did not include the customary PGP signature used by legitimate versions of the newsletter.
"Someone has violated our site and possibly combined various mailing lists [SANS and non-SANS] to send inappropriate material to our subscribers," a SANS email said late today. "We apologize for the nature of the content you may have been sent and assure you that we are pursuing, in earnest, the hacking that impacted a percentage of our subscribers.
"Every byte in that file is refuse," the legitimate email added, urging that those who received the bogus newsletter not to use its sample codes.
The bogus digest included tipoffs that proved it wasn't authentic: "The digest comes out eight times per year so slap mah fro. You'll also get a couple more messages this week and, if you're lucky, uuencoded porn of my wife," the phony newsletter stated.
The incident may prove embarrassing because contributors to the SANS Security Digest include some of the biggest name in computer security, including Marcus J. Ranum, CEO of Network Flight Recorder; Peter Neumann of SRI International; Matt Bishop of the University of California at Davis; Dan Geer of financial security firm CertCo and author of a book on Web security; and Peter Galvin of Corporate Technologies.
In addition, SANS recently released a report on a 1996 break-in at the Justice Department, called "The 12 Mistakes to Avoid In Managing Security for the Web."