July 8, 1998 2:45 PM PDT
Teen hacks Fox TV affiliate site
Probably with nothing better to do on a summer evening, a 14-year-old hacker who calls himself "Digphreak" socially engineered his way into the account of a local Fox Television affiliate's Web site in Chicago last night and posted a message in support of infamous mass-hacker Kevin Mitnick.
Digphreak, who contacted CNET NEWS.COM today, said he had called the Fox affiliate's ISP and asked to reset the password--a process known as "social engineering." Digphreak claimed that the service representative only asked for the billing address before resetting the password.
"I just said I forgot my password," Digphreak said today. "They didn't ask for a name or anything. I just looked up the administrative contact and said I was the tech person."
"Fox 32 Chicago Has Been Hacked," the blackened Web site read. "This Web site has been hacked, by digphreak and errortype11. My motives are other than destructive. I actually am here to bring an issue to your attention. Kevin Mitnick, a notorious hacker, has been held in jail, for over three years, without trial."
The adolescent hacker claimed he had no real motive in targeting the station in particular, and added that he simply wanted to get his message across about Mitnick.
"These are the same kids where if computers didn't exist, they'd be out on the streets tagging buildings with spray paint cans," said John Vranesevich, who runs hacker news site Antionline.
"I just knew the Web site better than others and the phone number was in my area code," Digphreak said regarding his choice of targets. "I don't think it's going to prove much, I just wanted to say something. I think it's so criminal that Mitnick hasn't had a trial for three years."
Mitnick, who is considered one of the world's most notorious computer systems hackers, has been held without bail since 1995. Mitnick is facing multiple charges stemming from a series of computer break-ins that occurred between June 1992 and February 1995. He is accused of attacking systems belonging to software makers, ISPs, and educational institutions.
Account takeovers have been a common means for computer "crackers" to deface a company or organization's Web site. These takeovers often occur when the cracker is persistent enough to find a customer service representative who does not follow standard identification procedure. Such was the case last month when the American Civil Liberties Union's AOL site was compromised.
Fox affiliate WFLD's Web site, which was down for about 15 hours, has since been restored. The site's Webmaster said the station had received phone threats earlier in the week, and added that an investigation has been launched with "serious legal action pending."
"We haven't been hacked before," said Gavin Maliska, WFLD's managing editor. "I think all it makes us do is to talk to our service provider to talk about security and how to improve it."
But using the station's Web site to get the protest message across may have been even less effective than Digphreak had hoped.
"Our site is unlike other news sites that provide news bulletins," Maliska noted. "Our site is promotional, so it doesn't require daily input."
NEWS.COM's Janet Kornblum contributed to this report.